Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Windows</strong> <strong>Server</strong> <strong>2003</strong><br />
<strong>Recommended</strong> <strong>Baseline</strong> <strong>Security</strong> (ITSG-20)<br />
5.5.2 [Registry Values]<br />
machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel=4,4<br />
machine\system\currentcontrolset\control\print\providers\lanman print<br />
services\servers\addprinterdrivers=4,0<br />
machine\system\currentcontrolset\control\securepipeservers\winreg\allowedpaths\machine=7,Sof<br />
tware\Microsoft\<strong>Windows</strong><br />
NT\CurrentVersion\Print,System\CurrentControlSet\Control\Print\Printers<br />
5.5.3 [Service General Setting]<br />
"lanmanworkstation", 2,<br />
"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCR<br />
SDRCWDWO;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"<br />
"lanmanserver", 2,<br />
"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCR<br />
SDRCWDWO;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"<br />
"browser", 2,<br />
"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCR<br />
SDRCWDWO;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"<br />
"spooler", 2,<br />
"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCR<br />
SDRCWDWO;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"<br />
5.5.4 Workgroup Print <strong>Server</strong> IPSec Policy<br />
The following file has been modified from the Microsoft <strong>Windows</strong> <strong>Server</strong> <strong>2003</strong> <strong>Security</strong><br />
Guideline. The CSE IPSec policy does not reference Domain Controllers. Run the file as a<br />
command to load the policy. The procedure outlined in 5.1 Role Based IPSec Policies is used to<br />
apply the policy.<br />
REM (c) Microsoft Corporation 1997-<strong>2003</strong><br />
REM Packet Filters for <strong>Server</strong> Hardening<br />
REM<br />
REM Name: PacketFilter-Print.CMD<br />
REM Version: 1.0<br />
REM This CMD file provides the proper NETSH syntax for creating an IPSec Policy<br />
REM that blocks all network traffic to a Print <strong>Server</strong> except for what is<br />
REM explicitly allowed as described in the <strong>Windows</strong> <strong>2003</strong> <strong>Server</strong> Solution Guide.<br />
REM Please read the entire guide before using this CMD file.<br />
Role Based <strong>Server</strong> Policies March 2004 127