Entire books are devoted to Windows security—how to secure Windows clients, servers, headless machines, terminals, web servers, and more. In this chapter, however, I’ve chosen to highlight some of the useful tools for managing and automating security on Windows Server 2008. I’ve also included some references to security policy settings that most organizations will find helpful.
In the interest of full disclosure, I must say I have not included an exhaustive reference to every security setting to be found in Windows. So many options are unique to different environments that I’ve found the best strategy for this particular book is to give a broad overview of security policy management tools, along with some general settings that can increase security greatly, and then let you explore the Windows security features yourself.
Most small- and medium-size businesses have several issues to keep in mind when securing their configurations. Some of these might include the following:
The organization comprises multiple servers, and many have distinct and independent roles. It is difficult to be consistent and strict enough with a security policy when multiple machines are performing different functions, each with its own security requirements.
Older operating systems and applications are in use. Older programs and systems often use programming and communication techniques that, although secure enough when they ...