Sundry Security Topics in Windows Server 2003

Introduction to Sundry Security Topics in Windows Server 2003

Here are some examples of other security features that Windows Server 2003 provides.

Topics for Security in Windows Server 2003

• Authenticate in Active Directory
• Delegation of Administrative rights
• Authorization Manager
• IIS - no longer installed by default
• Stored User Names and Passwords
• Anonymous User - Everyone
• Syslog Analyzer - Free Utility
• EFS - No longer needs a recovery agent

  ‡

Authenticate in Active Directory

DHCP, RIS and IAS all have to be Authenticated in Active Directory before they work.  Microsoft's point is that ordinary administrators may start adding more services than are needed.  I can see the point, there are often too many DHCP servers in an organization so control is useful.

Delegation of Administrative Rights

The old dictum of giving the job to the lowest level that has the skill to do the job is relevant to Windows Server 2003 administration, it makes sense to create lots of OU's then delegate responsibility for routing user tasks like resetting passwords or modifying accounts for joiners and leavers.

Authorization Manager

Authorization Manager provides a integration of role–based access control into applications. You can provide access through assigned user roles that relate to job functions.  The policy controls are stored in Active Directory or XML files and apply authorization policy at runtime.

To launch Authorization Manager Start run azman.msc

Guy's Challenge - Download CatTools (Free device backup utility)

CatTools is a free program for backing up configuration settings on hardware devices.  Here is Guy's challenge.  If you download CatTools, then it will not only take care of back up, but also it will show you something new about the hardware on you network. I could give you a money back guarantee - but CatTools is already free!  Thus, I just make a techie to techie challenge, you will learn something new about your network if you:

Get a free Download of Kiwi CatTools

IIS - no longer installed by default

In previous versions of Windows IIS has seemed like a hacker's delight, well in Server 2003 it is not installed by default.  Another indication of improved security is that IIS has been radically overhauled and reports to version 6.0, almost all other services report to being version 5.1xx.  Finally there is a separate version of Server 2003 dedicated to IIS.

Stored User Names and Passwords

Stored User Names and Passwords is a feature of Microsoft Windows 2000/3 and XP that allows a user to connect to servers using user names and passwords that are different than those used to log on to the network.

Access is controlled through the Control Panel, Stored User Names and Passwords.

Anonymous User - Everyone

The Anonymous user is no longer a member of the group Everyone.  Moreover the default NTFS permissions have been tightened up so users only have read permission by default.  Administrator's however, retain full control.

EFS - No longer needs a recovery agent

In a change from Windows 2000, EFS can now be configured even if there is no assigned recovery agent.  As a cosmetic change they Encrypted files are now displayed green.

Network security is complex.  As an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training.  In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material.  You can either take one module, for example Network Security or go for a combination of modules.  See more about Network Security training here

Related Topics

• Ten Tips for Security in Server 2003

 *