Using Win 2003 to build a secure Web server

The security of Win2003 Server has been greatly improved compared to Win2K, but is it really safe to use Win2003 Server as a server? How can I build a secure personal web server? Here we briefly introduce …… First, Windows Server2003 installation 1, the installation system requires at least two partitions, the partition format uses NTFS format 2, install the 2003 system in the case of disconnected network 3, install IIS, only install Necessary IIS components (disable unwanted services such as FTP and SMTP). By default, the IIS service is not installed. Select "Application Server" in the Add/Remove Win component, and then click "Details", double-click Internet Information Services (iis) and check the following options: Internet Information Service Manager; public files; Background Intelligent Transfer Service (BITS) server extensions; World Wide Web services. If you use the FrontPage extended Web site, check the box: FrontPage 2002 Server Extensions 4. Install MSSQL and other required software and then update. 5. Use the MBSA (Microsoft Baseline Security Analyzer) tool provided by Microsoft to analyze the security configuration of your computer and identify missing patches and updates. Download address: see the link at the end of the page Second, set up and manage the account 1, the system administrator account is best to build less, change the default administrator account name (Administrator) and description, the password is best to use numbers plus uppercase and lowercase letters plus numbers Upshift key combination, the length is preferably no less than 14 digits. 2. Create a new trap account named Administrator, set the minimum permissions for it, and then enter the combination of the best password of no less than 20 digits. 3. Disable the Guest account and change the name and description, then enter a complex password. And of course there is now a DelGuest tool, maybe you can also use it to delete the Guest account, but I have not tried it. 4. Enter gpedit.msc in the run, press Enter, open the Group Policy Editor, select Computer Configuration - Windows Settings - Security Settings - Account Policies - Account Lockout Policy, set the account to "three login invalid", "ld"; The time is 30 minutes & rdquo;, “ reset lock count is set to 30 minutes & rdquo;. 5. In the Security Settings - Local Policies - Security Options, set "Don't show last user name" to enable 6. In Security Settings - Local Policies - User Rights Assignment, "Access this computer from the network" ” Only the Internet guest account is kept and the IIS process account is started. If you use Asp.net, you also need to keep your Aspnet account. 7. Create a User account and run the system. If you want to run the privileged command, use the Runas command.