Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Unclassified ITSG for <strong>Windows</strong> <strong>Server</strong> <strong>2003</strong><br />
• Select the “General” tab.<br />
• Click on the “Settings” button.<br />
o “Key Exchange Settings” dialog displayed.<br />
• Click the “Methods” button.<br />
o The “Key Exchange Methods” dialog displayed.<br />
• Remove all settings except the following (ensure they are in the order below):<br />
IKE 3DES SHA1 High (1024)<br />
IKE 3DES SHA1 Med (2)<br />
• Click “OK”.<br />
• Click “OK”.<br />
• Click “File”.<br />
• Click “Exit”.<br />
o “Microsoft Management Console” dialog displayed<br />
• Select “Yes” if you wish to save the settings (otherwise select “No”).<br />
5.2 Domain File <strong>Server</strong> <strong>Security</strong> Policy<br />
The domain-based file server allows authenticated users to access shared files in the domain.<br />
These shared files can use file protection to control access. Access attempts from outside a<br />
domain can authenticate with domain-based credentials. Once authenticated, access is granted<br />
based on domain policy.<br />
To fulfill file services, the <strong>Baseline</strong> configuration settings do not require further changes.<br />
5.2.1 Variance from Microsoft “Hardening File <strong>Server</strong>s” Guidance<br />
In the Microsoft hardening policy for Domain file servers, Distributed Files system and File<br />
Replication services are disabled. In the CSE <strong>Baseline</strong> configuration these same services are<br />
disabled; therefore they need not be disabled in the File <strong>Server</strong> policy.<br />
The remaining differences are a result of CSE and Microsoft <strong>Baseline</strong> configuration variance.<br />
It is important to note that the role-based policies cannot be viewed in isolation from the <strong>Baseline</strong><br />
configuration.<br />
118 March 2004 Role Based <strong>Server</strong> Policies