Windows Server 2003 Security Cookbook
Windows Server 2003 Security Cookbook Security Solutions and Scripts for System Administrators By Mike Danseglio, Robbie Allen
December 2005
Pages: 520

| Table of Contents | Index | Sample Chapter

Table of Contents

  1. Chapter 1 Getting Started

    1. What Is Security?

    2. Approach to the Book

    3. Where to Find the Tools

    4. Group Policy Notes

    5. Programming Notes

    6. Replaceable Text

    7. Reporting Security Issues to Microsoft

    8. Where to Find More Information

  2. Chapter 2 System Preparation and Administration

    1. Introduction

    2. Creating a Reference Installation

    3. Renaming the Domain Administrator Account

    4. Renaming the Local Administrator Accounts

    5. Disabling the Local Administrator Accounts

    6. Renaming the Guest Account

    7. Logging in as a Non-Administrator

    8. Configuring Internet Explorer Enhanced Security Configuration

    9. Preventing Automatic Installation of New Hardware Drivers

    10. Protecting Against Modified Device Drivers

    11. Encrypting the SAM

    12. Locking the Console

    13. Enabling Screensaver Locking

  3. Chapter 3 TCP/IP

    1. Introduction

    2. Displaying the Status of TCP Ports

    3. Disabling NetBIOS over TCP/IP

    4. Disabling File and Printer Sharing for MicrosoftNetworks

    5. Enabling SYN Flood Protection

    6. Disabling Source Routing

    7. Disabling Router Discovery

    8. Configuring TCP/IP Filtering

    9. Enabling and Configuring Windows Firewall

  4. Chapter 4 Encrypting File System

    1. Introduction

    2. Enabling EFS Without a Recovery Agent

    3. Configuring a Recovery Agent

    4. Configuring Server-Based EFS

    5. Encrypting a File

    6. Encrypting a Folder

    7. Enabling EFS Context Menus

    8. Viewing Users and Recovery Agents

    9. Moving or Copying an Encrypted File or Folder

    10. Changing Encryption Algorithms

    11. Encrypting Offline Files

    12. Sharing Encrypted Files

    13. Backing Up EFS Keys

    14. Using a Recovery Agent

    15. Removing Unused Data

  5. Chapter 5 Active Directory

    1. Introduction

    2. Enabling SSL/TLS

    3. Encrypting LDAP Traffic with SSL or TLS; Digital Signing

    4. Using the Delegation of Control Wizard

    5. Customizing the Delegation of Control Wizard

    6. Using the Default ACL for an Objectclass

    7. Enabling List Object Access Mode

    8. Modifying the ACL on Administrator Accounts

    9. Viewing and Purging Your Kerberos Tickets

    10. Resetting the Directory Service Restore ModeAdministrator Password

    11. Implementing Role-Based Access Control

    12. Displaying Delegated Rights

    13. Removing Delegated Rights

  6. Chapter 6 Group Policy

    1. Introduction

    2. Creating a GPO

    3. Copying a GPO

    4. Deleting a GPO

    5. Modifying the Settings of a GPO

    6. Creating a GPO Link to an OU

    7. Blocking Inheritance of GPOs on an OU

    8. Forcing a GPO Application

    9. Applying a Security Filter to a GPO

    10. Refreshing GPO Settings on a Computer

    11. Configuring the Group Policy Refresh Interval

    12. Installing Applications with a GPO

    13. Assigning Logon/Logoff and Startup/ShutdownScripts in a GPO

    14. Configuring Password Policies

    15. Configuring Account Lockout Policies

    16. Configuring Kerberos Policies

    17. Configuring User Rights Assignment

    18. Configuring Security Options

    19. Configuring Time Synchronization Settings

    20. Using Restricted Groups

    21. Configuring Service Parameters

    22. Configuring Registry Permissions

    23. Configuring File Permissions

  7. Chapter 7 Security Templates

    1. Introduction

    2. Using Default Security Templates

    3. Creating a Security Template

    4. Changing Account Policies

    5. Changing Local Policies

    6. Changing Event Log Settings

    7. Making Group Membership Changes

    8. Disabling Unwanted System Services

    9. Modifying Registry Permissions

    10. Modifying Filesystem Permissions

    11. Exporting Security Templates

    12. Importing Security Templates

    13. Verifying Template Application

    14. Analyzing a Security Configuration

    15. Testing Template Compatibility

  8. Chapter 8 Domain Controllers

    1. Introduction

    2. Disabling LM Hash Storage

    3. Removing Stored LM Hashes

    4. Requiring NTLM Authentication

    5. Using Syskey to Thwart Offline Attacks

    6. Signing LDAP Communications

    7. Hardening Domain Controllers with SecurityTemplates

  9. Chapter 9 User and Computer Accounts

    1. Introduction

    2. Enabling and Disabling a User

    3. Finding Disabled Users

    4. Unlocking a User

    5. Troubleshooting Account Lockout Problems

    6. Viewing and Modifying the Account Lockout andPassword Policies

    7. Setting a User's Account to Expire

    8. Setting a User's Password

    9. Forcing a User Password Change at Next Logon

    10. Preventing a User's Password from Expiring

    11. Setting a User's Account Options

    12. Finding a User's Last Logon Time

    13. Restricting a User's Logon Hours and Workstations

    14. Resetting a Computer Account

    15. Finding Inactive or Unused Computer Accounts

    16. Trusting a Computer Account for Delegation

  10. Chapter 10 Rights and Permissions

    1. Introduction

    2. Using Standard File Permissions

    3. Using Special File Permissions

    4. Determining File Permission Inheritance

    5. Using Deny Permission

    6. Determining Effective Permissions

    7. Determining File Ownership

    8. Modifying File Ownership

    9. Restoring Default Permissions

    10. Hardening Registry Permissions

    11. Restricting Remote Access to the Registry

  11. Chapter 11 Dynamic Host Configuration Protocol

    1. Introduction

    2. Authorizing a DHCP Server

    3. Detecting Rogue DHCP Servers

    4. Restricting DHCP Administrators

    5. Disabling NetBIOS over TCP/IP Name Resolution

    6. Enabling Dynamic DNS Updates from the DHCP Server

    7. Running DHCP Server on a Domain Controller

  12. Chapter 12 Domain Name System

    1. Introduction

    2. Securing DNS Using the Separate NamespacesApproach

    3. Securing DNS Using the Split-Brain Approach

    4. Restricting DNS Administration Using theDNSAdmins Group

    5. Hiding Your Internal IP Addressing Scheme

    6. Blocking Unwanted DNS Traffic Through aFirewall

    7. Restricting DNS Traffic Through a Firewall UsingForwarders

    8. Preventing DoS Attacks by Disabling Recursion

    9. Hardening DNS by Converting Standard Zones to Active Directory Integrated

    10. Protecting DNS Zones by Requiring Only SecureDynamic Updates

    11. Hardening DNS Clients by Requiring Them to UseSecure Dynamic Updates

    12. Protecting DNS Zones by Disabling DynamicUpdates

    13. Hardening DNS Clients by Preventing Them fromAttempting Dynamic Updates

    14. Preventing Unauthorized Zone Transfers

    15. Restricting Zone Transfers to Legitimate DNS Servers

    16. Preventing Cache Pollution on DNS Servers

    17. Monitoring Suspicious DNS Requests UsingDebug Logging

    18. Securing Resource Records When Usingthe DnsUpdateProxy Group

    19. Preventing DNS Session Sniffing and Hijacking

  13. Chapter 13 File and Print Servers

    1. Introduction

    2. Creating a Hidden File Share

    3. Deleting a File Share

    4. Securing Shared Folders and Files

    5. Preventing Shared File Caching

    6. Determining Access Levels for a File Share

    7. Listing All File Shares

    8. Restricting Printing Permissions

    9. Hardening the Print Spooler

    10. Moving the Print Spool Folder

    11. Disabling Internet Printing

    12. Removing Internet Printing

  14. Chapter 14 IPsec

    1. Introduction

    2. Using a Default IPsec Policy

    3. Creating an IPsec Policy

    4. Creating a Blocking Rule

    5. Creating a Permit Rule

    6. Configuring IPsec Boot Mode

    7. Configuring Authentication Methods

    8. Configuring Connection Types

    9. Configuring Key Exchange

    10. Configuring Session Cryptography

    11. Configuring IP Filter Lists

    12. Configuring IP Filter Actions

    13. Configuring Security Methods

    14. Activating an IPsec Rule

    15. Deactivating an IPsec Rule

    16. Assigning and Unassigning IPsec Policies

    17. Viewing IPsec Statistics with System Monitor

    18. Verifying IPsec Traffic

    19. Using IPsec Monitor to Verify IPsec

    20. Troubleshooting IPsec Connections

  15. Chapter 15 Internet Information Services

    1. Introduction

    2. Configuring Listening Port

    3. Removing Unused Components

    4. Configuring HTTP Authentication

    5. Configuring FTP Authentication

    6. Changing the User Context for AnonymousAccess

    7. Disabling Anonymous Access

    8. Restricting Client Access by ACL

    9. Restricting Client Access by IP Address or DNSName

    10. Installing Server Certificates

    11. Enabling Secure Sockets Layer

    12. Enabling Client Certificate Authentication

    13. Requiring Client Certificate Authentication

    14. Configuring Trusted Certification Authorities

    15. Configuring One-to-One Client Certificate Mapping

    16. Configuring Many-to-One Client CertificateMapping

  16. Chapter 16 RRAS and IAS

    1. Introduction

    2. Configuring the Routing and Remote Access Server

    3. Allowing Authentication Protocols

    4. Requiring Smart Card Authentication

    5. Using Preshared Keys

    6. Configuring RRAS to Use IAS

    7. Installing Internet Authentication Service

    8. Configuring IAS Auditing

    9. Configuring Local IAS Logging

    10. Configuring SQL IAS Logging

    11. Creating a Remote Access Policy

    12. Configuring Connection Time

  17. Chapter 17 Terminal Services and Remote Desktop

    1. Introduction

    2. Choosing a Security Mode

    3. Configuring Session Encryption

    4. Limiting Client Sessions

    5. Requiring a Password for Connection

    6. Securing RPC Administration Traffic

    7. Allowing Silent Session Monitoring

    8. Monitoring Sessions

    9. Enabling Remote Desktop

    10. Configuring Access to Remote Desktop

  18. Chapter 18 Public Key Infrastructure and Certificates

    1. Introduction

    2. Installing an Offline Root CA

    3. Installing an Enterprise Subordinate CA

    4. Installing a Standalone Subordinate CA

    5. Publishing a CRL from an Online CA

    6. Publishing a CRL from an Offline CA

    7. Restricting Access to the CA

    8. Auditing CA Operations

    9. Configuring Certificate Templates

    10. Authorizing the CA to Issue Certificates

    11. Archiving Private Keys

    12. Sending Enrollment Notifications via Email

    13. Requesting Certificates Automatically

    14. Approving and Denying Certificate Requests

    15. Retrieving Issued Certificates

    16. Renewing Certificates

    17. Revoking Certificates

    18. Configuring a Trusted Certificate

    19. Identifying Local Certificates and Private Keys

    20. Backing Up Certificates and Private Keys

    21. Restoring Certificates and Private Keys

  19. Chapter 19 Auditing

    1. Introduction

    2. Auditing Account Logon Events

    3. Auditing Account Management Events

    4. Auditing Directory Service Events

    5. Auditing File Access

    6. Auditing File Share Configuration Events

    7. Auditing Web Server Access

    8. Auditing Policy Change Events

    9. Auditing Privilege Use Events

    10. Auditing Process Tracking Events

    11. Auditing System Events

    12. Shutting Down Windows When Unable to LogEvents

  20. Chapter 20 Event Logs

    1. Introduction

    2. Viewing Events

    3. Setting the Maximum Size of an Event Log

    4. Setting the Event Log Retention Policy

    5. Clearing the Events in an Event Log

    6. Restricting Access to an Event Log

    7. Searching the Event Logs on Multiple Servers

    8. Archiving an Event Log

    9. Finding More Information About an Event

    10. Triggering an Action when an Event Occurs

    11. Consolidating Event Logs

  21. Chapter 21 Patch Management

    1. Introduction

    2. Installing a Root Update Server

    3. Installing a Subordinate Update Server

    4. Installing a Nonstoring Update Server

    5. Installing an Update Server on a NondedicatedServer

    6. Configuring Computers to Use the InternalUpdate Server

    7. Refreshing the Update Server

    8. Configuring the Computer Update Type andSchedule

    9. Creating a Test Group

    10. Approving and Declining Updates

    11. Automatically Approving Critical Updates

    12. Removing Updates

    13. Forcing an Update Scan

    14. Manually Applying Updates

    15. Disabling Windows Update

    16. Checking Status of Update Application

    17. Verifying Update Application with MBSA

  1. Colophon

Return to Windows Server 2003 Security Cookbook