Click here to get back home

2003 IIS/OS Server Security
 HomeNewsGroups | Search | About
Login Password
Register Now! Lost Password?
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
2003 IIS/OS Server Security john d 05-16-2006
Get Chitika Premium
Posted by john d on May 16, 2006, 9:13 pm
Please log in for more thread options
 Does anyone know of any good checklists or sites with info on locking down
the 2003 server OS and/or IIS 6? I am finding alot of vague info, but
nothing as detailed as those resources available for 2000.

Posted by Steven L Umbach on May 16, 2006, 9:34 pm
Please log in for more thread options
 The Windows 2003 Server Security Guide, the Threats and Countermeasures
Guide, and Security Configuration Wizard for SP1 are great starts. The
Windows 2003 Server Security Guide comes with security templates though I
would first try the Security Configuration Wizard that has the handy
rollback feature. You can roll back security templates if you use secedit to
create a rollback security template before you apply the security
mplate. --- Steve

http://www.microsoft.com/windowsserver2003/technologies/security/configwiz/default.mspx
--- Security Configuration Wizard
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
--- Windows 2003 Server Security Guide
http://www.microsoft.com/technet/security/topics/Serversecurity/tcg/tcgch00.mspx
--- Threats and Countermeasures Guide
http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
tool
http://www.microsoft.com/technet/security/prodtech/default.mspx ---
TechNet Security Product and Technology index
http://labmice.techtarget.com/windows2003/default.htm --- Labmice website


> Does anyone know of any good checklists or sites with info on locking down
> the 2003 server OS and/or IIS 6? I am finding alot of vague info, but
> nothing as detailed as those resources available for 2000.



Posted by Roger Abell [MVP] on May 16, 2006, 9:41 pm
Please log in for more thread options

> Does anyone know of any good checklists or sites with info on locking down
> the 2003 server OS and/or IIS 6? I am finding alot of vague info, but
> nothing as detailed as those resources available for 2000.

http://www.microsoft.com/technet/security/prodtech/windowsserver2003.mspx
but particularly
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/W2003HG/SGCH00.mspx
and the associated
http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgch00.mspx

Now, the guide (second link) emphasizes use of the SCW, but the index (first
link)
manages to omit links for the SCW, so see brief info that begins at
http://technet2.microsoft.com/WindowsServer/en/Library/216b9194-cae8-48ef-93bb-cf30840aa70f1033.mspx?mfr=true
but also other items linked in the search
http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&s6=on&q=security+configuration+wizard


Whereas IIS is, or can be, a more difficult nut to crack, depending upon the
specifics of the deployment scenario involved
http://www.microsoft.com/technet/security/prodtech/iis.mspx
http://technet2.microsoft.com/windowsserver/en/technologies/featured/iis/default.mspx
index into some of the MS provided content, but there is also a threats and
countermeasures guide you should check into if you want to become serious
about coverage of ways an IIS can be allowed to be vulnerable.




Similar ThreadsPosted
Role-based security from Windows Server 2003 Security Guide gives problems November 6, 2006, 8:00 am
Windows server 2003 security. How to protect against 100's of invalid logons to the server?? August 12, 2005, 5:29 pm
Security Tab missing (Win 2003 Server) December 1, 2005, 7:40 pm
Windows 2003 server and VPN: Security(?) December 16, 2005, 4:20 pm
Security on a stand-alone windows 2003 Server August 8, 2005, 11:42 am
Windows Server 2003 Security Guide 2.0 January 17, 2006, 10:24 am
Need help with ActiveX Security Permissions on Server 2003 September 24, 2006, 7:12 am
Create a new Web Security Certificate 2003 Server December 27, 2006, 11:16 am
IIS or directory security issue on 2003 E server January 12, 2007, 9:56 pm
Windows Server 2003 Security Guide for SP2? June 4, 2007, 7:03 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap