Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

what are the best things to do to secure win 2003

Status
Not open for further replies.
APOC9109

APOC9109

IS-IT--Management
Mar 7, 2006
48
US
If someone would give me an order of importance what would it be.

I mean i have heard i should change all default accounts like administrater etc to a different name
this way passord cracking programs do not have have the pie (the user name)? is this used by real administratos.

sp1 has the security config anaylisis tool, is this a useful tool that Real administrators use?

I am trying hard to implement 2k3 ca server, is this coomom practice to ise with ssl, efs, email or am I wasting my time?


closing unused ports or ports with high vulnerability


using run as

default domain security policy

the use of IPsec with L2tp


Can yiou use ssl without a CA, if so whcih method is preffered?
 
Sort by date Sort by votes
Actually, I would rename and then disable it. It's possible, as ScottCr mentioned, to find out the RID of the renamed account, but that's an extra step. There is not a single thing you can do to make your network absolutely totally secure. It's a bunch of things. Do them all.

CA is useful for things like OWA, Outlook over HTTPS, etc.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)
 
Upvote 0 Downvote
Good Idea, I agree that renaming and then disabling is better idea. But of course the RID won't change if you rename an account.

Along the same line, I wouldn't have a shared admin account. Anyone who needs admin access should have their own account, otherwise any auditing you implement will be worthless.

Windows and NT Admin.
 
Upvote 0 Downvote
I don't like granting admin rights to "standard" user accounts because of security (mostly spyware and virus) concerns. I would create something like a "BackupAdmin", "ExchangeAdmin", "SQLAdmin", and delegate appropriately. This, of course, is assuming that there is a single person for each of these roles. Have them use the respective admin accounts to perform admin functions, but have them use their "standard" account for everything else (e-mail, surfing, etc.). Just my opinion, of course.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)
 
Upvote 0 Downvote
If you plan on using https, you will need a certificate. You can use a CA to generate your own certificate or purchase one from a trusted internet CA. The difference... if you use your own CA, then only those computers that you give a computer certificate to will be able to do https with your server; if you use a trusted internet CA then everyone will be able to do https with your server. If you plan on having https web pages that are available to everyone on the internet, then you will need the purchased certificate.

Start, Help. You'll be surprised what's there. A+/MCP/MCSE/MCDBA
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
611
DTGMI
DTGMI
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
738
microsGuy16
microsGuy16
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
376
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top