Web. Security Options Comparison



Similar documents
Security Options... 1

Windows Server 2008/2012 Server Hardening

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt 31/03/ L Wyatt Update to procedure

Defense Security Service Office of the Designated Approving Authority

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

Belarc Advisor Security Benchmark Summary

Microsoft Solutions for Security and Compliance. Windows Server 2003 Security Guide

About Microsoft Windows Server 2003

NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v

Secure configuration document

CIS Microsoft Windows Server v Benchmark

NNT PCI DSS Microsoft Windows Server 2012 R2 Benchmark 12/17/ :37

How To Set A Group Policy On A Computer With A Network Security Policy On Itunes.Com (For Acedo) On A Pc Or Mac Mac (For An Ubuntu) On An Ubode (For Mac) On Pc Or Ip

CIS Microsoft Windows 7 Benchmark. v

Defense Security Service Industrial Security Field Operations NISP Authorization Office. Technical Assessment Guide for Windows 7 Operating System

Diebold Security Analysis of ATM Operating and Application Systems Using the Center for Internet Security Scoring Tool

CIS Microsoft Windows Server Benchmark. v

Objectives. At the end of this chapter students should be able to:

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

Default Domain Policy Data collected on: 10/12/2012 5:28:08 PM General

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Setting Up, Managing, and Troubleshooting Security Accounts and Policies

APPENDIX I Basic Windows NT Server 4.0 Installation and Configuration

MCSE TestPrep: Windows NT Server 4, Second Edition Managing Resources

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM)

Data Stored on a Windows Server Connected to a Network

Data Stored on a Windows Computer Connected to a Network

CREDENTIAL MANAGER IN WINDOWS 7

Managing and Maintaining a Windows Server 2003 Network Environment

Session 17 Windows 7 Professional DNS & Active Directory(Part 2)

Windows IIS Server hardening checklist

Using Logon Agent for Transparent User Identification

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment

Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations

Windows NT Server Operating System Security Features Carol A. Siegel Payoff

Windows Server 2003 Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Security Settings for Domain Member Servers

JapanCert 専 門 IT 認 証 試 験 問 題 集 提 供 者

DC Agent Troubleshooting

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

Remote Administration

Windows Server 2003 Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Security Settings for Domain Controllers

Managing and Maintaining a Microsoft Windows Server 2003 Environment

Microsoft Baseline Security Analyzer

SQL Server Hardening

Windows XP Professional Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Baseline Security Settings

Symantec Backup Exec 12.5 for Windows Servers. Quick Installation Guide

How to monitor AD security with MOM

How To Audit A Windows Active Directory System

TrueEdit Remote Connection Brief

System Protection for Hyper-V Whitepaper

Entrust Managed Services PKI

Experion LX System Administration Guide

System Protection for Hyper-V User Guide

Setup process for a secure workstation

Set 'Reset account lockout counter after' to '15' or more

Installation of MicroSoft Active Directory

Activity 1: Scanning with Windows Defender

Windows Server 2003 Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Security Settings for Domain Member Servers

ANNE ARUNDEL COMMUNITY COLLEGE ARNOLD, MARYLAND COURSE OUTLINE CATALOG DESCRIPTION

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

NETWRIX PASSWORD MANAGER

Windows security for n00bs part 1 Security architecture & Access Control

Windows Operating Systems. Basic Security

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Managing Multi-Hypervisor Environments with vcenter Server

Maintaining a Microsoft Windows Server 2003 Environment

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Use of Commercial Backup Software with Juris (Juris 2.x w/msde)

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

RSA Security Analytics

Security Configuration Benchmark For. Microsoft Windows 7. Version July 30 th 2010

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Windows" 7 Desktop Support

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

CROSSPOINTE AT SABLE SUITE CHERRY PALM DRIVE TAMPA, FL UNITED STATES OF AMERICA TEL: (813) FAX:

70-685: Enterprise Desktop Support Technician

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS

Configuring Virtual Blades

Securing. Active. Directory. Your. Five Key Lessons to. Chapters. Sponsored by: 1. Perform a Self-Audit

Selected Windows XP Troubleshooting Guide

VERITAS Backup Exec TM 10.0 for Windows Servers

Paul McFedries. Home Server 2011 LEASHE. Third Edition. 800 East 96th Street, Indianapolis, Indiana USA

YubiKey PIV Deployment Guide

DCOM & Control List Genetec Information Systems Page i Win2003 Service Pack 1

Administration Guide ActivClient for Windows 6.2

Windows Firewall must be enabled on each host to allow Remote Administration. This option is not enabled by default

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Windows 7, Enterprise Desktop Support Technician

Microsoft" Windows8 Home Server

How the Active Directory Installation Wizard Works

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2 Common Criteria Supplemental Admin Guidance

BackupAssist Settings tab User guide

Transcription:

Web 3 Security Options Comparison Windows Server 2003 provides a number of Security Options that can be applied within the scope of managing a GPO. Most are the same as those available in Windows 2000. However, in Windows Server 2003, many names have changed, and some options have been expanded as separate settings to give you more control. Table 3.1 shows how Windows 2000 Security Options map to. This table does not list all the new options, but rather just maps the options between Windows 2000 and Windows Server 2003. To find the complete list of options, open the Group Policy Object Editor and browse to Computer Configuration Windows Settings Security Settings Local Policies Security Options. Tables 3.1 and 3.2 contain the same information. However, the items in Table 3.1 are alphabetized by the name of the Windows 2000 Security Option, and the items in Table 3.2 are alphabetized by the name of the Windows Server 2003 Security Option. TABLE 3.1 vs., Alphabetized by the Additional restrictions for anonymous connections Allow server operators to schedule tasks (Domain Controllers only) Allow system to be shut down without having to log on Allowed to eject removable NTFS media Amount of idle time required before disconnecting session Network access: Do not allow anonymous enumeration of SAM accounts Domain Controller: Allow server operators to schedule tasks Shutdown: Allow system to be shut down without having to log on Devices: Allowed to format and eject removable media Microsoft network server: Amount of idle time required before suspending session

2 Web 3 Security Options Comparison TABLE 3.1 vs., Alphabetized by the (continued) Audit the access of global system objects Audit the use of Backup and Restore privilege Automatically log off users when logon time expires Automatically log off users when logon time expires (local) Clear virtual memory pagefile when system shuts down Digitally sign client communication (always) Digitally sign client communication (when possible) Digitally sign server communication (always) Digitally sign server communication (when possible) Disable Ctrl+Alt+Del requirement for logon Do not display last user name in logon screen LAN Manager authentication level Message text for users attempting to log on Message title for users attempting to log on Number of previous logons to cache (in case Domain Controller is not available) Audit: Audit the access of global system objects Audit: Audit the use of Backup and Restore privilege Network security: Force logoff when logon hours expire Microsoft network server: Disconnect clients when logon hours expire Shutdown: Clear virtual memory pagefile Microsoft network client: Digitally sign communications (always) Microsoft network client: Digitally sign communications (if server agrees) Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Interactive logon: Do not require Ctrl+Alt+Del Interactive logon: Do not display last user name Network security: LAN Manager authentication level Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Interactive logon: Number of previous logons to cache (in case Domain Controller is not available)

Security Options Comparison 3 TABLE 3.1 vs., Alphabetized by the (continued) Prevent system maintenance of computer account password Prevent users from installing printer drivers Prompt user to change password before expiration Recovery Console: Allow automatic administrative logon Recovery Console: Allow floppy copy and access to all drives and all folders Rename administrator account Rename guest account Restrict CD-ROM access to locally logged-on user only Restrict floppy access to locally logged-on user only Secure channel: Digitally encrypt or sign secure channel data (always) Secure channel: Digitally encrypt secure channel data (when possible) Secure channel: Digitally sign secure channel data (when possible) Secure channel: Require strong (Windows 2000 or later) session key Secure system partition (for RISC platforms only) Send unencrypted password to connect to third-party SMB servers Domain member: Disable machine account password changes Devices: Prevent users from installing printer drivers Interactive logon: Prompt user to change password before expiration Recovery Console: Allow automatic administrative logon Recovery Console: Allow floppy copy and access to all drives and all folders Accounts: Rename administrator account Accounts: Rename guest account Devices: Restrict CD-ROM access to locally logged-on user only Devices: Restrict floppy access to locally logged-on user only Domain member: Digitally encrypt or sign secure channel data (always) Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible) Domain member: Require strong (Windows 2000 or later) session key Microsoft network client: Send unencrypted password to third-party SMB servers

4 Web 3 Security Options Comparison TABLE 3.1 vs., Alphabetized by the (continued) Shut down system immediately if unable to log security audits Smart card removal behavior Strengthen default permissions of global system objects (for example, Symbolic Links) Unsigned driver installation behavior Unsigned nondriver installation behavior Audit: Shut down system immediately if unable to log security audits Interactive logon: Smart card removal behavior System objects: Strengthen default permissions of internal system objects (for example, Symbolic Links) Devices: Unsigned driver installation behavior Accounts: Administrator account status (Windows 2003/SP1 only) Accounts: Guest account status Accounts: Limit account use of blank passwords to console logon only DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax (Windows 2003/SP1 only) DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax (Windows 2003/SP1 only) Devices: Allow undock without having to log on Domain Controller: LDAP server signing requirements Domain Controller: Refuse machine account password changes Domain member: Maximum machine account password age

Security Options Comparison 5 TABLE 3.2 vs., Alphabetized by the Accounts: Administrator account status (Windows 2003/SP1 only) Accounts: Guest account status Accounts: Limit account use of blank passwords to console logon only Accounts: Rename administrator account Accounts: Rename guest account Audit: Audit the access of global system objects Audit: Audit the use of Backup and Restore privilege Audit: Shut down system immediately if unable to log security audits DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax (Windows 2003/SP1 only) DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax (Windows 2003/SP1 only) Devices: Allow undock without having to log on Devices: Allowed to format and eject removable media Devices: Prevent users from installing printer drivers Devices: Restrict CD-ROM access to locally logged-on user only Devices: Restrict floppy access to locally logged-on user only Rename administrator account Rename guest account Audit the access of global system objects Audit the use of Backup and Restore privilege Shut down system immediately if unable to log security audits Allowed to eject removable NTFS media Prevent users from installing printer drivers Restrict CD-ROM access to locally logged-on user only Restrict floppy access to locally logged-on user only

6 Web 3 Security Options Comparison TABLE 3.2 vs., Alphabetized by the (continued) Devices: Unsigned driver installation behavior Domain Controller: Allow server operators to schedule tasks Domain Controller: LDAP server signing requirements Domain Controller: Refuse machine account password changes Domain member: Digitally encrypt or sign secure channel data (always) Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible) Domain member: Disable machine account password changes Domain member: Maximum machine account password age Domain member: Require strong (Windows 2000 or later) session key Interactive logon: Display user information when the session is locked (Windows 2003/ SP1 only) Interactive logon: Do not display last user name Interactive logon: Do not require Ctrl+Alt+Del Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Unsigned driver installation behavior Allow server operators to schedule tasks (Domain Controllers only) Secure channel: Digitally encrypt or sign secure channel data (always) Secure channel: Digitally encrypt secure channel data (when possible) Secure channel: Digitally sign secure channel data (when possible) Prevent system maintenance of computer account password Secure channel: Require strong (Windows 2000 or later) session key Do not display last user name in logon screen Disable Ctrl+Alt+Del requirement for logon Message text for users attempting to log on Message title for users attempting to log on

Security Options Comparison 7 TABLE 3.2 vs., Alphabetized by the (continued) Interactive logon: Number of previous logons to cache (in case Domain Controller is not available) Interactive logon: Prompt user to change password before expiration Interactive logon: Require smart card Interactive logon: Smart card removal behavior Microsoft network client: Digitally sign communications (always) Microsoft network client: Digitally sign communications (if server agrees) Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft network server: Amount of idle time required before suspending session Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Microsoft network server: Disconnect clients when logon hours expire Network access: Allow anonymous SID/name translation Network access: Do not allow anonymous enumeration of SAM accounts Number of previous logons to cache (in case Domain Controller is not available) Prompt user to change password before expiration Smart card removal behavior Digitally sign client communication (always) Digitally sign client communication (when possible) Send unencrypted password to connect to third-party SMB servers Amount of idle time required before disconnecting session Digitally sign server communication (always) Digitally sign server communication (when possible) Automatically log off users when logon time expires (local) Secure system partition (for RISC platforms only) Unsigned nondriver installation behavior Additional restrictions for anonymous connections

8 Web 3 Security Options Comparison TABLE 3.2 vs., Alphabetized by the (continued) Network access: Do not allow anonymous enumeration of SAM accounts and shares Network access: Do not allow storage of credentials or.net Passports for network authentication Network access: Let Everyone permissions apply to anonymous users Network access: Named pipes that can be accessed anonymously Network access: Remotely accessible registry paths Network access: Remotely accessible registry paths and subpaths Network access: Restrict anonymous access to named pipes and shares Network access: Shares that can be accessed anonymously Network access: Sharing and security model for local accounts Network access: Do not store LAN Manager hash value on next password change Network security: Force logoff when logon hours expire Network security: Force logoff when logon hours expire Network security: LAN Manager authentication level Network security: LDAP client signing requirements Automatically log off users when logon time expires LAN Manager authentication level

Security Options Comparison 9 TABLE 3.2 vs., Alphabetized by the (continued) Network security: Minimum session security for NTML SSP-based (including secure RPC) clients Network security: Minimum session security for NTLM SSP-based (including secure RPC) servers Recovery Console: Allow automatic administrative logon Recovery Console: Allow floppy copy and access to all drives and all folders Shutdown: Allow system to be shut down without having to log on Shutdown: Clear virtual memory pagefile System cryptography: Force strong key protection for user keys stored on the computer System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing System objects: Default owner for objects created by members of the Administrators group System objects: Require case insensitivity for non-windows subsystems System objects: Strengthen default permissions of internal system objects (for example, Symbolic Links) System settings: Optional subsystems System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Recovery Console: Allow automatic administrative logon Recovery Console: Allow floppy copy and access to all drives and all folders Allow system to be shut down without having to log on Clear virtual memory pagefile when system shuts down Strengthen default permissions of global system objects (for example, Symbolic Links)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information