Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Windows</strong> <strong>Server</strong> <strong>2003</strong><br />
<strong>Recommended</strong> <strong>Baseline</strong> <strong>Security</strong> (ITSG-20)<br />
6 <strong>Server</strong> Policy Compliance: Inspection and Enforcement<br />
The manual approach for policy compliance is a feature of the Microsoft Operating System. This<br />
approach uses Microsoft Management Console (MMC) with the ‘<strong>Security</strong> Configuration and<br />
Analysis’ snap-in. This process applies to both the Domain and Workgroup environments.<br />
Appropriate configurations for the target server are required. Policies are loaded in MMC, the<br />
system is analyzed, and the results are presented on screen. If permissions do not match policy<br />
settings, items are identified with a red ‘x’ or the term ‘Investigate’.<br />
6.1 Configuration of Microsoft Management Console (MMC)<br />
The following steps perform compliance inspection with MMC.<br />
a. Open a ‘Command Prompt’ window.<br />
b. At the command prompt, type ‘mmc’.<br />
i. The ‘Console1’ GUI opens.<br />
c. Select File =>Add/Remove Snap-in.<br />
i. ‘Add/Remove Snap-in’ window appears.<br />
d. Click on ‘Add’ button.<br />
i. ‘Add Stand-alone Snap-in’ window opens.<br />
e. Scroll down to, and select ‘<strong>Security</strong> Configuration and Analysis’.<br />
f. Click ‘Add’ button.<br />
g. Click ‘Close’ button.<br />
i. Control is returned to the ‘Add/Remove Snap-in’ window.<br />
h. Click ‘OK’ button.<br />
6.2 Load Policy File and Computer Configuration<br />
Effective policy files for a system under inspection must be available. They consist of a <strong>Baseline</strong><br />
configuration file and a role specific policy file. For a domain-based print server, “CSE High<br />
<strong>Security</strong> – Member <strong>Server</strong> <strong>Baseline</strong>.inf” and “CSE High <strong>Security</strong> – Member File <strong>Server</strong>.inf “ are<br />
used. Based on your Active Directory and policy files within your structure, additional files may<br />
be required.<br />
To load a policy file:<br />
a. Ensure the ‘Console1’ window is active.<br />
b. Right click on ‘<strong>Security</strong> Configuration and Analysis’.<br />
c. Select ‘Open Database’.<br />
i. The ‘Open Database’ window opens.<br />
d. Enter a name for the database (e.g. systemname-date).<br />
Compliance Inspection and Enforcement March 2004 131