Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] - نسخه متنی

Roberta Bragg

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید







Security Templates


Security templates are a collection of security settings in a format that can be applied to Windows computers to configure security. In Windows Server 2003 and Windows 2000, security templates exist as text files, but they are more easily understood and modified when displayed, as shown in Figure 11-1, in their own Security Templates Microsoft Management Console (MMC). A security template has many uses such as the following:

Used to test the effect of security settings on a single computer

Imported into a Group Policy Object (GPO) and therefore used to secure servers, workstations, and users across an entire domain, or for a smaller portion of a domain

Imported into GPOs in multiple domains in order to provide consistent security to every domain in the forest

Applied directly to a single computer that is or is not a member of a domain

Applied via a script to multiple computers

Periodically reapplied to these computers via scripts or tasks

Used to audit security compliance


Figure 11-1. Viewing Security Templates and settings.

Using Incremental Templates and other Techniques to Provide Security for Infrastructure Servers," describes other security settings and additional security templates for computers with infrastructure roles. Each computer role and each server application provides unique security challenges, and you should study and apply appropriate security using any role- or application-specific tools they provide.

Developing a security template is not difficult, but it does require intimate knowledge of Windows services and security settings. To make the job easier, Microsoft provides sample security templates as part of the operating system install, and special baseline and incremental templates are available for download. To inspect the provided security templates and provide a utility to manage any additional templates, build a security template console by doing the following:


1.

Open a new MMC console.

2.

From the File menu, choose Add/Remove Snap-in.

3.

Click Add.

4.

Select the Security Templates snap-in, click Add, click Close, and then click OK. The basic Security Templates are added to the MMC, as shown in Figure 11-1.

5.

From the file menu, select Save, name the console, and click OK.


Microsoft provides three types of templates: default templates that are used to set security during installation and dcpromo, basic templates provided with the operating system that can be used to modify security, and role templates provided with security white papers for specific operating systems. How to Use Security Templates to Secure Computers by Role."

Table 11-1. Default Security Templates

Template

Purpose

Compatws

Provides relaxed file and registry permissions to support legacy applications

DC Security

A baseline for domain controller security

Hisecdc

Highest security template for DCs

Hisecws

Highest security for workstations and servers

Iesacls

Sets registry permissions and values for IE

Rootsec

Root permissions for os partion

Securedc

Higher security for DCs

Securews

Higher security for workstations and servers

Setup security

The settings applied to the specific computer during installation


/ 194