Windows Server 2003 Recommended Baseline Security

More documents

Recommendations

Info

Unclassified ITSG for Windows Server 2003 Hive/Key Name Audit Administrator & System Authenticated Users HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Svchost F Full Control Read HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Time Zones S&F Full Control Read HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows F Full Control Read HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon S&F Full Control Read HKLM\Software\Policies S&F Full Control Read HKLM\System S&F Full Control Read HKLM\System\CurrentControlSet\Services S&F Full Control Read HKLM\SYSTEM\CurrentControlSet\Services\Schedule S&F Full Control None HKLM\System\CurrentControlSet\Control\SecurePipeServiers\Winreg S&F N/A Everyone=none HKLM\System\CurrentControlSet\Control\Session Manager\Executive S&F Full Control Read HKLM\System\CurrentControlSet\Control\TimeZoneInformation S&F Full Control Read HKLM\System\CurrentControlSet\Control\WMI\Security S&F Full Control None HKLM\Hardware S&F Full Control Everyone:Read HKLM\SAM S&F Full Control Everyone:Read HKLM\Security S&F Full Control N/A Hkey_Users (HKU) S&F Full Control N/A HKU\.Default S&F Full Control Read HKU\.Default\Software\Microsoft\NetDDE S&F Full Control N/A 110 March 2004 Server Policy Files
Windows Server 2003 Recommended Baseline Security (ITSG-20) 4.7.6 Variance from Microsoft Guidance The following table provides a list of settings that differ between the CSE guidance and Microsoft guidance. The parameter is identified along with the CSE value and Microsoft value. Table 3 – Variance from Microsoft Member Server Baseline # Parameter CSE Value Microsoft Value 1 Minimum Password Length 8 12 2 Audit Policy Change Success/Fail Success 3 Audit System Events Success/Fail Success 4 Add Workstations to Domain None Administrators 5 Backup Files and Directories Backup Operators and Administrators 6 Bypass Traverse Checking Users, Backup Operators,Administrators and Authenticated Users Default Default 7 Create a Pagefile Administrators Default 8 Create a Token Object None Default 9 Create Global Objects Service and Administrators Default 10 Create Permanent Shared Objects None Default 11 Deny Logon as a Service Guests, Anonymous Logon, Administrators, Built-in Administrator, Support_388945a0 and Guest 12 Deny Logon Locally Guests, Anonymous Logon, Built-in Administrator, Support_388945a0 and Guest Default Default 13 Force shutdown from remote system None Administrators 14 Lock Pages in Memory None Administrators 15 Logon as a Service Network Service and Local Service Default 16 Administrator Account Status Disabled Enabled 17 Interactive logon: Message text for users attempting to logon 18 Interactive logon: Message title for users attempting to log on 19 Interactive Logon: Require Smart Card Departmental entry required Departmental entry required Do not require smart card “This system is restricted….” “IT IS AN OFFENSE….” Default Server Policy Files March 2004 111
Page 1 and 2:
IT Security Guidance Windows Server
Page 3 and 4:
Windows Server 2003 Recommended Bas
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Unclassified ITSG for Windows Serve
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81: Unclassified ITSG for Windows Serve
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
show all

Windows Server 2003 Recommended Baseline Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?