using security templates to harden servers

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

duc_arioch@hotmail.com - 24 Jul 2007 10:25 GMT

Hi all,

I want to increase the security of my windows 2003 servers.
I read some documents from Microsoft.
I'm still confuse about the difference between the original templates
(securews, hisecurews...) and the one supplied
with the Windows Server 2003 Security Guide (EC-Member Server
Baseline, LC-Member Server Baseline...).
Which set do you recommend me to use ?

Thanks for your lights.

Arioch

Reply to this Message

Roger Abell [MVP] - 25 Jul 2007 05:26 GMT

The guides are far, far more appropriate - however . . .

I would recommend that you use none of those you
have mentioned. The first mentioned (securews, ...)
are very old and outdated. The templates provided
as part of the Security Guide are intended to be used
as examples, as starting points, from which you are to
derive what is appropriate for the specifics of your
machines.

None of these, the first or second mentioned were ever
intended to be used, as is, by just pointing at them and
applying !!

Read the Windows 2003 Security Guide and the companion
Hardening Guide. Decide what settings address risks that
you face. You likely would end up with a self-defined
template (and sceregvl.inf) that combines settings from
multiple of the templates. Use the Security Configuration
and Analysis MMC snap-in to analyze systems first to see
what differs, what use of your template will change.
Possible make copies of your template (copy/paste) which
you edit (notepad or Security Templates MMC snapin) so
that each only applies a part of the settings, which would
allow you to try your selected settings part by part (this
makes it more simple to find which setting is at issue if
you encounter an unexpected complication).

Roger

> Hi all,
>
[quoted text clipped - 9 lines]
>
> Arioch

Reply to this Message