Windows security features

T

TEK

I am planning to enhance the security on my servers but first would like to
confirm with you, MVPs which are the security aspects of Windows I should
take care of. I am aware that Windows features the following security
aspects:

Firewall
IPsec
PKI - Certification Authority
User access auditing
Group Policies
NFTS Permissions

Is there something else I might be missing please?
 
F

Florian Frommherz [MVP]

Howdie!
I am planning to enhance the security on my servers but first would like to
confirm with you, MVPs which are the security aspects of Windows I should
take care of. I am aware that Windows features the following security
aspects:

Firewall
IPsec
PKI - Certification Authority
User access auditing
Group Policies
NFTS Permissions
Click to expand...

A topic I don't see on your list but might be cleared by the
technologies you have listed, would be "services". Make sure there's
nothing you run on the servers you don't really need. That mitigates
attack surface.

I most certainly wouldn't look into all of these aspects at the same
time but would concentrate on key technologies that make sense for the
particular server's role. You pretty much have the key technologies for
the servers - next step would be figuring out what servers and their
services need to be secured how.

cheers,

Florian
 
D

Dhruv raj

you might wanna import the SECUREDC templete
however this action is irreversible
you might wanna test it in your test lab before you bring it to production
---------
Dhruv


Florian Frommherz said:
Howdie!
I am planning to enhance the security on my servers but first would like to
confirm with you, MVPs which are the security aspects of Windows I should
take care of. I am aware that Windows features the following security
aspects:

Firewall
IPsec
PKI - Certification Authority
User access auditing
Group Policies
NFTS Permissions
Click to expand...

A topic I don't see on your list but might be cleared by the
technologies you have listed, would be "services". Make sure there's
nothing you run on the servers you don't really need. That mitigates
attack surface.

I most certainly wouldn't look into all of these aspects at the same
time but would concentrate on key technologies that make sense for the
particular server's role. You pretty much have the key technologies for
the servers - next step would be figuring out what servers and their
services need to be secured how.

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Click to expand...
 
D

Dhruv raj

FYi securedc templete is for DCs only
there are other templeted for member servers as well in the smae folder
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows 98 clients in windows 2000 domain 3
Domain Controller and Certificate Authority 3
EFS Auto enroll 0
application error 1202 and 1000 1
Security settings for access 2000 13
ActiveDirctory security questions 6
inheretance is broken - sdprop adminsdholder, builtin container an 0
Missing Features 1

Top