Windows Server 2003 Recommended Baseline Security

More documents

Recommendations

Info

Unclassified ITSG for Windows Server 2003 # Parameter CSE Value Microsoft Value 27 Retention method for Application log Do not overwrite As needed 28 Retention method for Security log Do not overwrite As needed 29 Retention method for System log Do not overwrite As needed 30 DNS Client Disable Enable 31 Plug and Play Service Disabled Automatic 32 TCPMaxHalfOpen 100 No recommendation 33 TCPMaxHalfOpenRetired 80 No recommendation 34 NoNameReleaseOnDemand (TCP/IP) 35 Remove POSIX Subsystem Registry Key Enabled Recommended No recommendation No recommendation 36 Set BIOS Password Recommended No recommendation 37 Disable Memory Dump Recommended No recommendation 38 Boot Immediately to Windows Recommended No Recommendation 39 Disassociate .reg files from registry editor Recommended No Recommendation 116 March 2004 Server Policy Files
Windows Server 2003 Recommended Baseline Security (ITSG-20) 5 Role Based Server Policies The following policy files apply settings specific to the role they serve. They do not contain every setting required for a server; therefore apply these settings after the Baseline configuration. 5.1 Role Based IPSec Policies Role based IP Security Policy is applied in a two-step process. The first step is to load the policy into the policy editor. The second step is to activate the policy. This is achieved with the Group Policy Editor. 5.1.1 Load IPSec policy • Activate “Windows Explorer”. • Browse to location of desired IPSec policy file (must have .CMD extension). • Right click on policy command files and select “Open”. o Command window will open, execute the policy command file, and close. 5.1.2 Activate IPSec Policy • Open a command window. • Enter “MMC” and press “Enter”. o “Console 1” dialog opens. • Click “File”. • Select “Add/Remove Snap-in”. o “Add/Remove Snap-in” dialog displayed. • Click “Add”. o “Add Standalone Snap-in” dialog displayed. • Browse to and select “IP Security Policy Management”. • Click “Add”. o “Select Computer or Domain” dialog displayed. • Accept defaults and click “”Finish”. • Click “Close”. • Click “OK”. • In the “Root Console Window”, click on “IP Security Policies on Local Computer”. • In right frame right click the desired IP Security policy and select “Assign”. • Right click the active policy and select “Properties”. Role Based Server Policies March 2004 117
Page 1 and 2:
IT Security Guidance Windows Server
Page 3 and 4:
Windows Server 2003 Recommended Bas
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Unclassified ITSG for Windows Serve
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87: Unclassified ITSG for Windows Serve
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
show all

Windows Server 2003 Recommended Baseline Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?