DHCP, RIS and IAS all have to be Authenticated in Active Directory before
they work. Microsoft's point is that ordinary administrators may start
adding more services than are needed. I can see the point, there are often
too many DHCP servers in an organization so control is useful.
The old dictum of giving the job to the lowest level that has the skill to do
the job is relevant to Windows Server 2003 administration, it makes sense to
create lots of OU's then delegate responsibility for routing user tasks like
resetting passwords or modifying accounts for joiners and leavers.
Authorization Manager provides a integration of role–based access control
into applications. You can provide access through assigned user roles that
relate to job functions. The policy controls are stored in Active Directory or XML files and apply authorization policy at runtime.
To launch Authorization Manager Start run azman.msc
Is
Your Server Running Slowly? Check with SolarWinds ipMonitor
In previous versions of Windows IIS has seemed like a hacker's delight, well
in Server 2003 it is not installed by default. Another indication of
improved security is that IIS has been radically overhauled and reports to
version 6.0, almost all other services report to being version 5.1xx.
Finally there is a separate version of Server 2003 dedicated to IIS.
Stored User Names and Passwords is a feature of Microsoft Windows 2000/3 and
XP that allows a user to connect to servers using user names and passwords that
are different than those used to log on to the network.
Access is controlled through the Control Panel, Stored User Names and
Passwords.
Free Check for Cross Site Scripting Vulnerability
Acunetix has just launched Acunetix WVS Free Edition which allows companies to scan their own website and web applications for Cross Site Scripting vulnerabilities at
absolutely no cost.
Cross Site Scripting is one of the most dangerous of vulnerabilities and many a large
organization has fallen prey to XSS. This free version allows people to check for themselves if their website is vulnerable to XSS and also offers a solution to fix the problem.
The Anonymous user is no longer a member of the group Everyone.
Moreover the default NTFS permissions have been tightened up so users only have
read permission by default. Administrator's however, retain full control.
In a change from Windows 2000, EFS can now be configured even if there is no
assigned recovery agent. As a cosmetic change they Encrypted files are now
displayed green.
Network security is complex. As an MCT trainer, I can thoroughly recommend
TrainSignal because they
provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example
Network Security or go for
a combination of modules.
See more about Network Security training here
