Detailed explanation of Win2003 network server security Raiders

First, Windows Server2003 installation

1, the installation system requires at least two partitions, the partition format is NTFS format

2, disconnected from the network The situation is installed 2003 system

3, install IIS, only install the necessary IIS components (disable unwanted such as FTP and SMTP services). By default, the IIS service is not installed. Select "Application Server" in the Add/Remove Win component, and then click "Details", double-click Internet Information Services (iis) and check the following options:

Internet Information Services Manager;

Public Files;

Background Intelligent Transfer Service (BITS) Server Extensions;

World Wide Web Services.

If you use the FrontPage extended Web site, check the box: FrontPage 2002 Server Extensions

4. Install MSSQL and other required software and then update.

5. Use the MBSA (Microsoft Baseline Security Analyzer) tool provided by Microsoft to analyze your computer's security configuration and identify missing patches and updates. Download address: see the link at the end of the page

Second, set up and manage the account

1, the system administrator account is best to build less, change the default administrator account name (Administrator) and description, The password is preferably a combination of a number plus uppercase and lowercase letters plus a number of upper keys, preferably no less than 14 digits in length.

2, create a new trap account named Administrator, set the minimum permissions for it, and then enter the combination of the best not less than 20 passwords

3, disable the Guest account And change the name and description, then enter a complex password, of course, there is now a DelGuest tool, maybe you can also use it to delete the Guest account, but I have not tried.

4. Enter gpedit.msc in the run, press Enter, open the Group Policy Editor, select Computer Configuration - Windows Settings - Security Settings - Account Policies - Account Lockout Policy, set the account to "ld"; three logins are invalid ”,“ When locked, 0 minutes & rdquo;, “ reset lock count is set to 30 minutes & rdquo;.

5, in the Security Settings - Local Policies - Security Options will "do not show the last user name" set to enable

6, in the security settings - local policy - user rights In the distribution, "Access this computer from the network" only keeps the Internet guest account and starts the IIS process account. If you use Asp.net, you also need to keep your Aspnet account.

7. Create a User account and run the system. If you want to run the privileged command, use the Runas command. Previous12345Next page Total 5 pages