Security in Windows Server 2003

Introduction to Security in Windows Server Server 2003

Good news, at last Microsoft are serious about security in Server 2003.  With NT 4.0 and even Windows 2000, ease of use has been the watchword, but now in Server 2003, security is top of the agenda.

My goal in this section is to give you an insight into the range of improvements to security in Server 2003.  The pages are full of tips and explanations of how to configure the settings.

Security Topics in Windows Server 2003


Indications that Microsoft are serious about security

The list below is not meant to be exhaustive, I selected the topics to show the variety of ways that Microsoft are implementing security in Server 2003.

CRL – (Common Runtime Language)

I have chosen CRL first not because its the best security feature, but because it encapsulates the spirit of security in Windows Server 2003.  CRL makes a dry run before the code actually executes.  It checks that a program can run without errors before actually executing.

Kerberos Security

Kerberos security deals with all aspects of authenticating users.  In practical terms I could break NT 4.0 passwords with a freely available program called  L0PHTCrack but Thanks to Kerberos, Windows 2000 and Server 2003 passwords are immune from such attacks.  I have a whole page on the concept and configuration of Kerberos Security.

Guy Recommends 3 Free Active Directory ToolsDownload Solarwinds Active Directory Administration Tool

SolarWinds have produced three Active Directory add-ons.  These free utilities have been approved by Microsoft, and will help to manage your domain by:

  1. Seeking and zapping unwanted user accounts.
  2. Finding inactive computers.
  3. Bulk-importing new users.  Give this AD utility a try, it’s free!

Download your FREE Active Directory administration tools.

Microsoft claim to have examined every line of code

Just in case you always think I take Microsoft’s side, my view is it would be better if Microsoft allowed open access to the code rather like the Linux model.  Nevertheless it is reassuring that they have re-checked the code to look for security flaws.

Internet Explorer

In IE 6.0 for Windows Server 2003, the Security Level is set to high by default.  This is an example of more security making it more difficult to use.  In fact I found I had to add a server on my network to the Trusted Zone before I could open an access database across the network.

Default Permissions

The default NTFS permissions ins Server 2003 are:  Users Read and Execute, Administrators Full control, this is much better than the old system where the group Everyone had Full Control.

Guy Recommends: Permissions Analyzer – Free Active Directory ToolFree Permissions Analyzer for Active Directory

I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT.  When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.  Give this permissions monitor a try – it’s free!

Download Permissions Analyser – Free Active Directory Tool

If you like this page then please share it with your friends


Related topics

See Also

TrainSignal - Windows Server 2008 AdminWindows Server 2008 Enterprise Admin

Train Signal have an excellent Windows Server 2008 course.  You get over 70 hrs instruction with Ed Liberman and Ben "Coach" Culbertson.  Try their step-by-step videos and master Windows Server 2008 Enterprise Admin.

The package includes the Transcender exams, which are the key to gaining the coverted Microsoft Certified IT Professional certification.  However, the course also builds practical experience so that you can manage your network effectively once you complete the course.

Watch a Demo of Train Signal’s MCITP course