Sundry Security Topics in Windows Server 2003

Introduction to Sundry Security Topics in Windows Server 2003

Here are some examples of other security features that Windows Server 2003 provides.

Topics for Security in Windows Server 2003

  ‡

Authenticate in Active Directory

DHCP, RIS and IAS all have to be Authenticated in Active Directory before they work.  Microsoft’s point is that ordinary administrators may start adding more services than are needed.  I can see the point, there are often too many DHCP servers in an organization so control is useful.

Delegation of Administrative Rights

The old dictum of giving the job to the lowest level that has the skill to do the job is relevant to Windows Server 2003 administration, it makes sense to create lots of OU’s then delegate responsibility for routing user tasks like resetting passwords or modifying accounts for joiners and leavers.

Authorization Manager

Authorization Manager provides a integration of role-based access control into applications. You can provide access through assigned user roles that relate to job functions.  The policy controls are stored in Active Directory or XML files and apply authorization policy at runtime.

To launch Authorization Manager Start run azman.msc

Guy Recommends 3 Free Active Directory ToolsDownload Solarwinds Active Directory Administration Tool

SolarWinds have produced three Active Directory add-ons.  These free utilities have been approved by Microsoft, and will help to manage your domain by:

  1. Seeking and zapping unwanted user accounts.
  2. Finding inactive computers.
  3. Bulk-importing new users.  Give this AD utility a try, it’s free!

Download your FREE Active Directory administration tools.

IIS – no longer installed by default

In previous versions of Windows IIS has seemed like a hacker’s delight, well in Server 2003 it is not installed by default.  Another indication of improved security is that IIS has been radically overhauled and reports to version 6.0, almost all other services report to being version 5.1xx.  Finally there is a separate version of Server 2003 dedicated to IIS.

Stored User Names and Passwords

Stored User Names and Passwords is a feature of Microsoft Windows 2000/3 and XP that allows a user to connect to servers using user names and passwords that are different than those used to log on to the network.

Access is controlled through the Control Panel, Stored User Names and Passwords.

Anonymous User – Everyone

The Anonymous user is no longer a member of the group Everyone.  Moreover the default NTFS permissions have been tightened up so users only have read permission by default.  Administrator’s however, retain full control.

Guy Recommends: Permissions Analyzer – Free Active Directory ToolFree Permissions Analyzer for Active Directory

I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT.  When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.  Give this permissions monitor a try – it’s free!

Download Permissions Analyser – Free Active Directory Tool

EFS – No longer needs a recovery agent

In a change from Windows 2000, EFS can now be configured even if there is no assigned recovery agent.  As a cosmetic change they Encrypted files are now displayed green.

If you like this page then please share it with your friends

 


Related topics

Accounts   • Auditing  • IPSec  • Kerberos Tickets  • Windows RIS Server

LT2P and Certificates   • Security Snap-in  • Remote Shutdown