Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Windows</strong> <strong>Server</strong> <strong>2003</strong><br />
<strong>Recommended</strong> <strong>Baseline</strong> <strong>Security</strong> (ITSG-20)<br />
4.2 <strong>Baseline</strong> <strong>Server</strong> Policy Files Details ........................................................ 45<br />
4.3 Account Policies ...................................................................................... 45<br />
4.3.1 Password Policy............................................................................ 45<br />
4.3.2 Account Lockout Policy ................................................................. 46<br />
4.3.3 Kerberos Policy ............................................................................. 47<br />
4.4 Local Policies........................................................................................... 48<br />
4.4.1 Audit Policy ................................................................................... 48<br />
4.4.2 User Rights Assignments.............................................................. 49<br />
4.4.3 <strong>Security</strong> Options............................................................................ 56<br />
4.5 Event Log................................................................................................. 69<br />
4.5.1 Log Size ........................................................................................ 69<br />
4.5.2 Guest Access................................................................................ 70<br />
4.5.3 Retention Method.......................................................................... 70<br />
4.6 System Services ...................................................................................... 70<br />
4.6.1 Services Explicitly Covered by Microsoft Guidance ...................... 71<br />
4.6.2 Services Not Explicitly Covered by Microsoft Guidance................ 97<br />
4.7 Additional <strong>Security</strong> Settings ..................................................................... 98<br />
4.7.1 <strong>Security</strong> Consideration for Network Attacks .................................. 98<br />
4.7.2 AFD.SYS Settings....................................................................... 100<br />
4.7.3 Other <strong>Security</strong> Related Settings.................................................. 101<br />
4.7.4 Manual Activities ......................................................................... 102<br />
4.7.5 Access Controls .......................................................................... 105<br />
4.7.6 Variance from Microsoft Guidance.............................................. 111<br />
5 Role Based <strong>Server</strong> Policies ........................................................................... 117<br />
5.1 Role Based IPSec Policies .................................................................... 117<br />
5.1.1 Load IPSec policy ....................................................................... 117<br />
5.1.2 Activate IPSec Policy .................................................................. 117<br />
5.2 Domain File <strong>Server</strong> <strong>Security</strong> Policy........................................................ 118<br />
5.2.1 Variance from Microsoft “Hardening File <strong>Server</strong>s” Guidance ...... 118<br />
5.2.2 [Service General Setting] ............................................................ 119<br />
5.2.3 Domain File <strong>Server</strong> IPSec Policy ................................................ 119<br />
5.3 Domain Print <strong>Server</strong> Policy .................................................................... 121<br />
5.3.1 Variance from Microsoft “Hardening Print <strong>Server</strong>s” Guidance .... 121<br />
5.3.2 [Registry Values] ......................................................................... 121<br />
5.3.3 [Service General Setting] ............................................................ 122<br />
5.3.4 Domain Print <strong>Server</strong> IPSec Policy............................................... 122<br />
5.4 Workgroup File <strong>Server</strong> Policy ................................................................ 124<br />
5.4.1 Variance from Microsoft Guidance.............................................. 124<br />
5.4.2 [Registry Values] ......................................................................... 124<br />
5.4.3 [Service General Setting] ............................................................ 124<br />
5.4.4 Workgroup File <strong>Server</strong> IPSec Policy ........................................... 125<br />
5.5 Workgroup Print <strong>Server</strong> Policy............................................................... 126<br />
5.5.1 Variance from Microsoft Guidance.............................................. 126<br />
5.5.2 [Registry Values] ......................................................................... 127<br />
5.5.3 [Service General Setting] ............................................................ 127<br />
5.5.4 Workgroup Print <strong>Server</strong> IPSec Policy.......................................... 127<br />
x March 2004 Table of Contents
Change language