This guide explained the most significant security countermeasures that are available in Microsoft® Windows Server™ 2003 with SP1 and Microsoft Windows® XP Professional with SP2. You can create a security template and import it into a Group Policy object (GPO) that is linked to the parent organizational unit (OU) for the member server to manage most of the recommended settings. Many other settings can be implemented through configuration of the Administrative Templates (ADM) sections of Group Policy. However, because some hardening procedures cannot be applied through Group Policy, the guide also discussed some manual configuration settings.
| • | For more information about security and privacy at Microsoft, see the Security page at www.microsoft.com/security. |
| • | For more information about authoritative security guidance from Microsoft, see Enterprise Security Best Practices at www.microsoft.com/technet/security/secnews/articles/enterprisesecbp.mspx. |
| • | For information about the "10 Immutable Laws of Security," see www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx. |
| • | For more information about security for Windows Server 2003, see www.microsoft.com/technet/security/prodtech/windowsserver2003.mspx. |
| • | For information about how to delegate administration of the Active Directory® directory service, see "Design Considerations for Delegation of Administration in Active Directory" at www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/addeladm.mspx. |
| • | For more information about common network attack types, see "Common Types of Network Attacks," extracted from the Windows 2000 Server Resource Kit, which is available online at www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cndb_ips_ddui.mspx. |
| • | For more information about how to harden the Windows Server 2003 TCP/IP stack, see the Microsoft Knowledge Base article "How to Harden the TCP/IP Stack Against Denial of Service Attacks in Windows Server 2003" at http://support.microsoft.com/?scid=324270. |
| • | For more information about how to harden the settings for Windows Sockets applications, see the Microsoft Knowledge Base article "Internet Server Unavailable Because of Malicious SYN Attacks" at http://support.microsoft.com/?scid=142641. |
| • | For more information about the location of .adm files, see the Microsoft Knowledge Base article "Location of ADM (Administrative Template) Files in Windows" at http://support.microsoft.com/?scid=228460. |
| • | For more information about Group Policies, including a listing of paths and values for all settings that are stored in the registry and which are available for each version of Windows, see “Group Policy Settings Reference for Windows Server 2003 with Service Pack 1” at www.microsoft.com/downloads/details.aspx?FamilyId=7821C32F-DA15-438D-8E48-45915CD2BC14. |
| • | For more information about the architecture that underlies the creation, editing, and processing of security templates, see “How Security Settings Extension Works” at http://technet2.microsoft.com/WindowsServer/en/library/f546e58e-8473-4985-a05d-0b038dea4a9f1033.mspx. This article includes detailed information about Group Policy storage, precedence, and how some settings persist even when a particular Group Policy is no longer applied to a computer (often referred to colloquially as ‘tattooing’). |
| • | For more information about how to customize the Security Configuration Editor user interface, see the Microsoft Knowledge Base article “How to Add Custom Registry Settings to Security Configuration Editor” at http://support.microsoft.com/?scid=214752. |
| • | For more information about how to create custom administrative template files in Windows, see the Microsoft Knowledge Base article “How to: Create Custom Administrative Templates in Windows 2000” at http://support.microsoft.com/?scid=323639. |
| • | For more information about how to ensure that more secure LAN Manager Authentication Level settings work in networks with a mix of Windows 2000 and Windows NT® 4.0 computers, see the Microsoft Knowledge Base article "Authentication Problems in Windows 2000 with NTLM 2 Levels Above 2 in a Windows NT 4.0 Domain" at http://support.microsoft.com/?scid=305379. |
| • | For more information about LAN Manager compatibility levels, see the Microsoft Knowledge Base article "Client, service, and program incompatibilities that may occur when you modify security settings and user rights assignments" at http://support.microsoft.com/?scid=823659. |
| • | For more information about NTLMv2 authentication, see the Microsoft Knowledge Base article "How to Enable NTLM 2 Authentication" at http://support.microsoft.com/?scid=239869. |
| • | For more information about the default service settings in Windows Server 2003, see the Default settings for services page at www.microsoft.com/resources/documentation/windowsserv/2003/standard/proddocs/en-us/sys_srv_default_settings.asp. |
| • | For more information about smart card deployment for Windows Server 2003, see the Windows Server 2003 Smart Card page on Microsoft TechNet at www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/smrtcard.mspx. |
| • | For more information about Auditing policy for Windows Server 2003, see the Auditing Policy page at http://technet2.microsoft.com/WindowsServer/en/library/6847e72b-9c47-42ab-b3e3-691addac9f331033.mspx. |
| • | For more information about user rights assignments for Windows Server 2003, see the User Rights Assignment page at www.microsoft.com/resources/documentation/windows/
xp/all/proddocs/en-us/uratopnode.mspx. |
| • | For more information about how to secure Terminal Services, see “Securing Windows 2000 Terminal Services.” The information in this article is also relevant to Windows Server 2003, and is available at www.microsoft.com/technet/prodtechnol/win2kts/maintain/optimize/secw2kts.asp. |
| • | For more information about how to restore default security settings locally, see Microsoft Knowledge Base article “How to Reset Security Settings Back to the Defaults” at http://support.microsoft.com/?scid=313222. |
| • | For more information about how to restore default security settings in the built-in domain Group Policy objects, see Microsoft Knowledge Base Article “How to Reset User Rights in the Default Domain Group Policy in Windows Server 2003” at http://support.microsoft.com/?scid=324800. |
| • | For more information about security in the various Windows operating systems, see the Microsoft Windows Security Resource Kit. Information about purchasing this book is available from Microsoft Press at www.microsoft.com/MSPress/books/6815.aspx. |
| • | For more information about the Office XP Resource Kit, or to download the Office Resource Kit Tools, visit www.microsoft.com/office/ork/xp/default.htm and www.microsoft.com/office/ork/xp/appndx/appc00.htm. |
