Tools and Configurations for Enhancing Win 2003 System Security

  

Windows Server 2003 is Microsoft's server operating system, also known as a more secure operating system, but there are still some insecure factors, and as a system administrator, The most important thing is the security of the Windows 2003 system. So what measures will they take to improve the security of the Win 2003 system? Of course, first of all, we must have a certain understanding and mastery of those insecure factors.

I. Basics of Security Configuration and Analysis and Security Templates

1. Security Configuration and Analysis

Security Configuration and Analysis Overview "Security Configuration and Analysis" A tool for analyzing and configuring security for local systems. Includes:

·Security Analysis

The state of the operating system and applications on the computer is dynamic. For example, in order to resolve management or network issues immediately, you may need to change the security level temporarily. However, this change is often not restored. This means that computers can no longer meet the requirements of corporate security. Routine analysis as part of an enterprise risk management program allows administrators to track and ensure a high enough level of security on each computer. Administrators can adjust the level of security and, most importantly, detect any security failures that occur during long-term system operation. “Security Configuration and Analysis” gives you quick access to security analysis results. Advice next to the current system settings, with visual markers or comments highlighting areas where the current settings do not match the recommended security level. "Security Configuration and Analysis" also provides any contradictory features that resolve the analysis display.

·Security Configuration

<quo;Security Configuration and Analysis  can also be used to directly configure the security of the local system. With a personal database, you can import security templates created by "security templates" and apply them to your local computer. This will immediately configure system security using the levels specified in the template.

2, Security Templates

Security Templates Using the Security Templates snap-in in the Microsoft Management Console, you can create security policies for your computer or network. It is a single point entry point that considers security throughout the system. The Security Templates snap-in does not introduce new security parameters, it simply organizes all existing security attributes for secure management. Importing security templates into the "Group Policy" object simplifies domain management by immediately configuring domain or department security. To apply a security template to your local computer, you can use the “Security Configuration and Analysis” or Secedit command-line tool.

Security templates can be used to define the following:

·Account Policies

·Password Policy

·Account Lockout Policy

·Kerberos Policy

·Local Policies

·Audit Policy

·User Rights Assignment

·Security Options

· Event Log: Event Log Settings for Applications, Systems, and Security

· Restricted Groups: Membership of Security-Sensitive Groups

· System Services: System Services Startup and permissions

· Registry: Permissions for registry keys

· File system: Permissions for folders and files

Save each template as based on The .inf file for the text. This allows you to copy, paste, import, or export some or all of the template properties. All security attributes except the "Internet Protocol" security and public key policies can be included in the security template.

3, there are two ways to configure local computer security

There are two ways to configure local computer security using the command line and Windows graphical interface. Here mainly introduce the former. One of the biggest features of the Windows command line is the cheapness of network management. The administrator only needs to input a few commands in the command line window to complete many complicated operations and achieve the intended purpose. Moreover, some command tools can be used to judge physical faults and network security problems within the network, and automation and batching of network management can be realized.

The command line under DOS and Windows NT/2000/XP/2003 under Windows 9X, although providing a black and white character interface, is essentially different. The reason is that Windows NT/2000/XP/2003 has completely detached from DOS. DOS exists only as a virtual machine provided by the operating system. In other words, the command line is no longer the basis and becomes a tool. However, we can't ignore these seemingly simple command line tools. The reason is simple. The command line is still the first step in solving our tough problems. Previous1234Next page Total 4 pages

Copyright © Windows knowledge All Rights Reserved