Windows server2003 is the most mature network server platform at present, and the security is greatly improved compared to Windows 2000. However, the default security configuration of 2003 may not be suitable for our needs. Therefore, we should comprehensively implement Win2003 according to the actual situation. Security configuration. To be honest, security configuration is a more difficult network technology, the permissions are too strict, many programs can not afford to run, the permissions are too loose, and it is easy to be hacked, as a network administrator, really Headache, therefore, combined with the experience of network security management over the past few years, I have summarized the following methods to improve the security of our servers.
The first trick: correctly divide the file system format, choose a stable operating system installation disk
In order to improve security, the server's file system format must be divided into NTFS (new technology file system) Format, it is much better than FAT16, FAT32 security, space utilization, we can use it to configure file security, disk quota, EPS file encryption and so on. If you have already divided the FAT32 format, you can use the CONVERT drive /FS:NTFS /V to convert FAT32 to NTFS format. Proper installation of Windows 2003 server, you can directly upgrade online, we only install the components we must use when installing, after the installation, put the latest patch, upgrade to the latest version online! Ensure that the operating system itself is free of vulnerabilities.
The second trick: correctly set the security of the disk, as follows (virtual machine security settings, we use asp program as an example) Focus:
1, system disk permissions settings C: Partition: c:\\ administrators All (this folder, subfolders and files) CREATOR OWNER All (only subfiles and files) system All (this folder, subfolders and files) IIS_WPG Create file/write data (only this folder) IIS_WPG (this folder, subfolders and files) Traversing folders/running files Listing folders/reading data Reading attributes Create Folder/Additional Data Read Permissions c:\\Documents and Settings administrators All (this folder, subfolders and File) Power Users (the folder, subfolders and files) Read and run List folder directories Read SYSTEM All (the folder, subfolders and files) C:\\Program Files administrators All (this folder, subfolders and files) ) CREATOR OWNER all (only subfiles and files) IIS_WPG (this folder, subfolders and files) Read and run List folder directory Read Power Users (this folder, subfolders and files) Modify permissions SYSTEM all (The folder, subfolders and files) TERMINAL SERVER USER (the folder, subfolders and files) Modify permissions 2 Website and virtual machine permission settings (such as the website in the E disk) Description: We assume that the website is all in the www directory of the E disk, and create a guest user for each virtual machine, the user name is Vhost1...vhostn and created a webuser group, all the vhost users are added to the webuser group for easy management. E:\\ Administrators All (the folder, subfolders and files) E:\\wwwsite Administrators All (this folder , subfolders and files) system all (the folder, subfolders and files) service all (the folder, subfolders and files) E:\\wwwsite\\vhost1 Administrators all (this folder, subfolders and files) system all (this folder, subfolders and files) vhost1 all (the folder, subfolders and files) 3, data backup disk The data backup disk preferably only specifies a specific user to it Have full operational privileges. For example, the F disk is a data backup disk, and we only specify one administrator to have full operation rights to it. 4, permission settings in other places Please find these files on the c drive, and set the security settings only to the specific administrator who has full operation rights. The following files only allow administrators to access net.exe net1.exet cmd.exe tftp.exe< Br> netstat.exe regedit.exe at.exe attrib.exe cacls.exe Format.com 5. Delete the c:\\inetpub directory, delete the unnecessary mappings of iis, create trap accounts, and change the description. The third measure: disable unnecessary services, improve security and system efficiency. Computer Browser maintains an up-to-date list of computers on the network and provides this list
Foreword: On May 22, 2003, Microsofts next-generation operating system Windows Server 2003 Chinese
First, the existing environment First of all, please add the Windows 2008 server to the original Wi
Imagine how long your servers hard drive can support if anyone can take up the servers hard drive sp
Windows Server 2008 (hereinafter referred to as: WS08) system installation, you will find that altho
Preventing Ping Attacks in Win2000
Windows 2000 virtual host basic permissions settings
How to install and use IE7.0 in Windows 2003
Win2003 IIS6 server settings troubleshooting
Improvements to Active Directory in Windows Server 2008: Read-Only Domain Controller (RODC)
General questions about Active Directory
Windows 2000 backup and recovery Active Directory
The magical use of environment variables in Windows 2000
Be the first to watch! WinServer 2003 R2 RTM announced
Win10 how to close the taskbar commonly used list
Win8.1 update push did not receive how
How to remove the uninstalled Modern application icon
How to delete all files except a file under Linux
Win10 flight mode can not close the solution
Win10 system screenshot shortcuts? Where is the Win10 screenshot saved?
Where is the Logitech G300s driver in the computer
Open AVI file high CPU usage reason