Introduction to Sundry Security Topics in Windows Server 2003
Here are some examples of other security features that Windows Server 2003 provides.
Topics for Security in Windows Server 2003
- Authenticate in Active Directory
- Delegation of Administrative rights
- Authorization Manager
- IIS – no longer installed by default
- Stored User Names and Passwords
- Anonymous User – Everyone
- Syslog Analyzer – Free Utility
- EFS – No longer needs a recovery agent
DHCP, RIS and IAS all have to be Authenticated in Active Directory before they work. Microsoft’s point is that ordinary administrators may start adding more services than are needed. I can see the point, there are often too many DHCP servers in an organization so control is useful.
The old dictum of giving the job to the lowest level that has the skill to do the job is relevant to Windows Server 2003 administration, it makes sense to create lots of OU’s then delegate responsibility for routing user tasks like resetting passwords or modifying accounts for joiners and leavers.
Authorization Manager provides a integration of role-based access control into applications. You can provide access through assigned user roles that relate to job functions. The policy controls are stored in Active Directory or XML files and apply authorization policy at runtime.
To launch Authorization Manager Start run azman.msc
SolarWinds have produced three Active Directory add-ons. These free utilities have been approved by Microsoft, and will help to manage your domain by:
- Seeking and zapping unwanted user accounts.
- Finding inactive computers.
- Bulk-importing new users. Give this AD utility a try, it’s free!
In previous versions of Windows IIS has seemed like a hacker’s delight, well in Server 2003 it is not installed by default. Another indication of improved security is that IIS has been radically overhauled and reports to version 6.0, almost all other services report to being version 5.1xx. Finally there is a separate version of Server 2003 dedicated to IIS.
Stored User Names and Passwords is a feature of Microsoft Windows 2000/3 and XP that allows a user to connect to servers using user names and passwords that are different than those used to log on to the network.
Access is controlled through the Control Panel, Stored User Names and Passwords.
The Anonymous user is no longer a member of the group Everyone. Moreover the default NTFS permissions have been tightened up so users only have read permission by default. Administrator’s however, retain full control.
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
In a change from Windows 2000, EFS can now be configured even if there is no assigned recovery agent. As a cosmetic change they Encrypted files are now displayed green.
If you like this page then please share it with your friends