Windows Server 2003 Recommended Baseline Security

More documents

Recommendations

Info

Unclassified ITSG for Windows Server 2003 Repeat this process until all OUs (Public Servers, Print Servers and Files Servers) have the required policy files applied to them. 4.1.2 Policy Application in a Workgroup The policies for a workgroup server must be applied in the appropriate order to ensure a correct policy. Apply the Baseline configuration first, than apply additional policies to enable the designated role of the server. To enter a policy file with the local Group Policy Editor, perform the following: 1. Open a command window. 2. Enter “MMC” and press “Return”. a. “Console 1” dialog opens. 3. Click “File”. 4. Select “Add/Remove Snap-in”. 5. “Add/Remove Snap-in” dialog displayed. 6. Click “Add”. 7. “Add Standalone Snap-in” dialog displayed. 8. Browse to and select “Group Policy Editor”. 9. Click “Add”. 10. “Select Group Policy Object” dialog displayed. 11. Accept defaults and click “”Finish”. 12. Click “Close”. 13. Click “OK”. a. The “Root Console Window” appears. 14. Click on “+” beside “Local Computer Policy” 15. Click on “+” beside “Windows Settings”. 16. Right click on “Security Settings”. 17. Select “Import Policy”. 18. Browse to desired policy file and select it. a. Import Baseline configuration policy first then Role based policies. 19. Click “Open”. 20. Click “File”. 21. Click “Exit”. 22. “Microsoft Management Console” dialog displayed. 44 March 2004 Server Policy Files
Windows Server 2003 Recommended Baseline Security (ITSG-20) 23. Select “Yes” if you wish to save the settings. a. Otherwise, select “No”. 4.2 Baseline Server Policy Files Details The following section provides additional services and settings that are managed by policy files. The Domain and Workgroup Baseline configuration files are largely identical. The following section provides details on the security settings. Items that are not the same will have both settings documented. 4.3 Account Policies Account policies determine the rules for user’s with respect to passwords and Kerberos. 4.3.1 Password Policy 4.3.1.1 Enforce password history PasswordHistorySize = 24 The ‘PasswordHistorySize’ defines the number of passwords retained by the system. This history is compared with user input during password changes. The setting ‘24’ requires the user to select twenty-four unique passwords before they can re-use their first one. With a ‘MinimumPasswordAge’ of two, the user would have to cycle their password every two days to get back to their original password. 4.3.1.2 Maximum password age MaximumPasswordAge = 42 The ‘MaximumPasswordAge’ defines the maximum number of days a user can keep the same password. A setting of forty-two requires the user to change their password every forty-two days. Combined with the ‘PasswordComplexity’ and ’PasswordLength’ settings, these settings ensure the password is strong and resilient to attack. 4.3.1.3 Minimum Password Age MinimumPasswordAge = 2 The ‘MinimumPasswordAge’ defines how many days a user must wait between password changes. The setting ‘2’ requires the user to wait two before they can change it again. 4.3.1.4 Minimum password length MinimumPasswordLength = 8 The ‘MinimumPasswordLength’ defines the minimum number of characters acceptable for a password. The setting ‘8’ requires the user to enter a password of eight characters or more. Server Policy Files March 2004 45
Page 1 and 2:
IT Security Guidance Windows Server
Page 3 and 4:
Windows Server 2003 Recommended Bas
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14: Windows Server 2003 Recommended Bas
Page 15: Windows Server 2003 Recommended Bas
Page 28 and 29: Unclassified ITSG for Windows Serve
Page 114 and 115:
Unclassified ITSG for Windows Serve
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
show all

Windows Server 2003 Recommended Baseline Security

Create successful ePaper yourself

Delete template?

Save as template?