Threats and Countermeasures
Overview
On This Page
Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XPThe Threats and Countermeasures guide provides you with a reference to all security settings that provide countermeasures for specific threats against current versions of the Microsoft® Windows® operating systems. This guide is a companion to two other Microsoft publications: The Windows Server 2003 Security Guide, which is available at http://go.microsoft.com/fwlink/?LinkId=14845, and the Windows XP Security Guide, which is available at http://go.microsoft.com/fwlink/?LinkId=14839. Many of the countermeasures that are described in this guide are not intended for specific computer roles in the companion guides, or in some cases for any roles at all. The chapters of this guide are structured in a way that approximates how the major sections of settings are displayed in the user interface of the Group Policy Editor. Each chapter begins with a brief explanation of what is in the chapter, followed by a list of subsection headers, each of which corresponds to a setting or group of settings. (These settings are listed in the Microsoft Excel® workbook that is available in the downloadable version of this guide.) Each subsection provides a brief explanation of what the countermeasure does, and includes the following information:
Who Should Read This GuideThis guide is intended primarily for consultants, security specialists, systems architects, and IT professionals who are responsible for the planning stages of application or infrastructure development and the deployment of computers that run Windows XP with SP2 or Windows Server 2003 with SP1 in enterprise environments. This guide is not intended for home users. Guide OverviewChapter 1: Introduction to the Threats and Countermeasures GuideThis chapter provides a brief overview of the Threats and Countermeasures Guide and explains how the guide is structured. Chapter 2: Domain Level PoliciesThis chapter discusses the domain level Account policies, including password policies, account lockout policies, and Kerberos policies. Chapter 3: Audit PolicyThis chapter describes the different settings that apply to auditing and provides examples of audit events that are created by several common tasks. Chapter 4: User RightsThis chapter details the user logon rights and privileges that are assigned by settings in User Rights Assignment section of the Group Policy editor. Chapter 5: Security OptionsThis chapter discusses numerous computer security settings, including those that relate to digital data signatures, Administrator and Guest account names, access to floppy disk and CD-ROM drives, driver installation behavior, and logon prompts. Chapter 6: Event LogThis chapter discusses the Group Policy settings that can be used to define attributes that relate to the Application, Security, and System event logs. Chapter 7: System ServicesThis chapter describes all of the system services that are included with Windows Server 2003 and Windows XP. Chapter 8: Software Restriction PoliciesThis chapter provides a brief overview of software restriction policies, which are a new feature in Windows XP and Windows Server 2003. Software restriction policies provide a policy-driven system that allows you to specify which programs are allowed to execute and which are not. Chapter 9: Windows XP and Windows Server 2003 Administrative TemplatesThis chapter discusses the Administrative Template sections of Group Policy that include registry–based settings that govern the behavior and appearance of computers in a network environment. Chapter 10: Additional Registry EntriesThis chapter provides information about additional registry entries for the baseline security template file that are not defined within the Administrative Template (.adm) file. Chapter 11: Additional CountermeasuresThis chapter describes how to implement certain additional countermeasures—for example, how to secure accounts. Chapter 12: ConclusionThis chapter of the guide recaps the important points of the material in a brief overview of everything discussed in the previous chapters. Related ResourcesFor additional information about the security settings that are described in this guide, download the companion Windows Server 2003 Security Guide at http://go.microsoft.com/fwlink/?LinkId=14845. You can read other security solutions from the Microsoft Solutions for Security and Compliance (MSSC) team at www.microsoft.com/technet/community/columns/sectip/st0805.mspx. Give Us Your FeedbackThe Microsoft Solutions for Security and Compliance (MSSC) team would appreciate your thoughts about this and other security solutions. Have an opinion? Let us know on the Security Solutions Blog for the IT Professional. Or e-mail your feedback to the following address: SecWish@microsoft.com. We respond often to feedback that is sent to this mailbox. We look forward to hearing from you. Consulting and Support ServicesThere are many services available to assist organizations in their security efforts. Use the following links to help you find the services you need: For Microsoft Gold Certified Partners, Microsoft Certified Technical Education Centers, Microsoft Certified Partners, and products from independent software vendors (ISVs) using Microsoft technologies, search the Microsoft Resource Directory at http://go.microsoft.com/fwlink/?LinkId=43094. To find consulting and support services appropriate for the needs of your organization, visit Microsoft Services at http://support.microsoft.com/msservices.
|
In This Article
|
