« Patching ISA 2004 | Main | Maid or Domestic Helper »

Server Hardening

To reduce to surface vulnerable to malicious attack. This is accomplished by removing, disabling unused services and/or increasing the encryption level of communication protocol. Microsoft has provided three types of templates: Compatible, Secure and Highly Secure.

Compatible relax security for operations with legacy NT servers and 9X clients. Secure type will enable operations with Windows 2000 servers/NT SP4 servers and Windows XP clients. Highly Secure type will disable both LAN Manager and NTLM together with other restrictions.
It is highly advisable to read through the templates and understand the significance the registry entries and change of rights before applying. Some registry entries may not break your application, but it will affect overall system performance. For example disabling cached logons will require the domain controllers to be always available.

Listed below are all templates available in %SystemRoot%\Security\Templates

Setup security.inf
DC security.inf
Compatws.inf
Securews.inf
Securedc.inf
hisecws.inf
hisecdc.inf
Notssid.inf


How to apply security templates guide is here. If you want to do-it-your own, the guide is here, though it is much more eaiser to copy a template and modify.

Some third party templates contain SIDS, the guides here and here are useful.

About

This page contains a single entry from the blog posted on November 27, 2007 1:14 AM.

The previous post in this blog was Patching ISA 2004.

The next post in this blog is Maid or Domestic Helper.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type