Hardening Member Servers

G

Guest

Hello,

I want to prevent unauthorized access to the member servers on our domain. I
know windows 2k has some built in security templates but is there a good site
or something for this info or better templates? I want to make sure only
authorized users can logon locally etc. Any help is greatly appreciated.

Thanks
 
S

Steven L Umbach

You could put those servers into an OU with it's own GPO and then configure
the user right for logon locally to contain only the groups/users that you
want to be able to logon to locally. Be very careful with security templates
and test them out thoroughly first on a test network or at least test OU as
too extreme security settings can break access that you want to have. Also
ipsec can be used to control access to your servers requiring that the
computer trying to access needs to authenticate with it via kerberos and be
compatible with it's ipsec policy. Ipsec policies need to be thoroughly
tested before implementing and domain controllers must be exempt from ipsec
ESP/AH traffic with domain members. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VPN server without domain controller 0
Security Template question 10
How to open LSA API on Win2k in order to determine if a computer is member of domain 3
how to apply w2k security to w2k member servers under w2k3 domain? 6
AD Domain member server not showing SAM names 2
DHCP server Unauthorized, Need to Authorize (Not in an AD environm 1
Copying File / Folder permissions across servers 5
Event ID 538 Logon Type 3 NT AUTHORITY/ANONYMOUS LOGON 15

Top