Entire books are devoted to Windows security—how to secure Windows clients, servers, headless machines, terminals, web servers, and more. In this chapter, however, I’ve chosen to highlight some of the useful tools for managing and for automating security on Windows Server 2003. I’ve also included some references to security policy settings that most organizations will find helpful.
In the interest of full disclosure, I must say I have not included an exhaustive reference to every security setting to be found in Windows. So many options are unique to different environments that I’ve found the best procedure is to give a broad overview of security policy management tools, along with some general settings that can increase security greatly, and then let you explore Windows’ security features yourself. For a more in-depth treatment of Windows security, see Securing Windows Server 2003 (O’Reilly).
Most small- and medium-size businesses have several issues to keep in mind when securing their configurations. Some of these might include the following:
The organization comprises multiple servers, and many have distinct and independent roles. It is difficult to be consistent and strict enough with a security policy when multiple machines are performing different functions, each with its own security requirements.
Older operating systems and applications are in use. Older programs and systems often use programming ...