Click here to get back home

WIN2K3 SP1 for a web server I am deploying
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
WIN2K3 SP1 for a web server I am deploying Patøö­v+ºË"¢{&‰Ê貇ír‰ 10-03-2005
`--> RE: WIN2K3 SP1 for a web server I am deploying Patøö­v+ºË"¢{&‰Ê貇ír‰10-04-2005
Posted by Patøö­v+ºË"¢{&‰Ê貇ír‰ on October 3, 2005, 7:10 am
Please log in for more thread options
 I have a WIN2K3 web server that will need port 80 and and SNMP open and maybe
SMTP, It's been security scanned and some services are being requested shut
off on this server

Epmap
Isakmp listen
Microsoft-ds
netbios-dgm
netbios-ns
netios-ssn
and ntp

Should I manually go in and disable these services or can WIN2K3 SP1 take
care of disabling these services if I use the security configuration tool and
choose web application server, will it lock or disable the services mentioned
for me with this process?

Thanks


Posted by Eric Denekamp on October 3, 2005, 7:17 am
Please log in for more thread options
 AFAIK, the security configuration wizzard can take care and will take care
of this for you, and it is easier to turn back if you made an error.

Greetings

Eric


> I have a WIN2K3 web server that will need port 80 and and SNMP open
> and maybe SMTP, It's been security scanned and some services are being
> requested shut off on this server
>
> Epmap
> Isakmp listen
> Microsoft-ds
> netbios-dgm
> netbios-ns
> netios-ssn
> and ntp
> Should I manually go in and disable these services or can WIN2K3 SP1
> take care of disabling these services if I use the security
> configuration tool and choose web application server, will it lock or
> disable the services mentioned for me with this process?
>
> Thanks
>




Posted by Patøö­v+ºË"¢{&‰Ê貇ír‰ on October 3, 2005, 7:46 am
Please log in for more thread options
so it will effectively disable all services and processes mentioned?

thanks

"Eric Denekamp" wrote:

> AFAIK, the security configuration wizzard can take care and will take care
> of this for you, and it is easier to turn back if you made an error.
>
> Greetings
>
> Eric
>
>
> > I have a WIN2K3 web server that will need port 80 and and SNMP open
> > and maybe SMTP, It's been security scanned and some services are being
> > requested shut off on this server
> >
> > Epmap
> > Isakmp listen
> > Microsoft-ds
> > netbios-dgm
> > netbios-ns
> > netios-ssn
> > and ntp
> > Should I manually go in and disable these services or can WIN2K3 SP1
> > take care of disabling these services if I use the security
> > configuration tool and choose web application server, will it lock or
> > disable the services mentioned for me with this process?
> >
> > Thanks
> >
>
>
>


Posted by Eric Denekamp on October 3, 2005, 7:52 am
Please log in for more thread options
Well, uhhh

Yes it wil LET YOU decide what is going on on your systems in an easier way
than going in yourself, But YOU make the decision WHAT will be disabled.

good luck.

Eric


> so it will effectively disable all services and processes mentioned?
>
> thanks
>
> "Eric Denekamp" wrote:
>
>> AFAIK, the security configuration wizzard can take care and will take
>> care of this for you, and it is easier to turn back if you made an
>> error.
>>
>> Greetings
>>
>> Eric
>>
>>> I have a WIN2K3 web server that will need port 80 and and SNMP open
>>> and maybe SMTP, It's been security scanned and some services are
>>> being requested shut off on this server
>>>
>>> Epmap
>>> Isakmp listen
>>> Microsoft-ds
>>> netbios-dgm
>>> netbios-ns
>>> netios-ssn
>>> and ntp
>>> Should I manually go in and disable these services or can WIN2K3 SP1
>>> take care of disabling these services if I use the security
>>> configuration tool and choose web application server, will it lock
>>> or
>>> disable the services mentioned for me with this process?
>>> Thanks
>>>




Posted by Roger Abell [MVP] on October 4, 2005, 12:27 am
Please log in for more thread options
and, in addition to Eric's response, you really have not told us
whether you will need to use the domain member role . . .
which will have impact on ports left open

I would suggest using SCW first, and then after the fact adjusting
the assigned IPsec policy so that only the few desired ports are
allowed, and those other than Tcp 80/443 allowed only with the
particular IPs (especially for SNMP!).

> so it will effectively disable all services and processes mentioned?
>
> thanks
>
> "Eric Denekamp" wrote:
>
>> AFAIK, the security configuration wizzard can take care and will take
>> care
>> of this for you, and it is easier to turn back if you made an error.
>>
>> Greetings
>>
>> Eric
>>
>>
>> > I have a WIN2K3 web server that will need port 80 and and SNMP open
>> > and maybe SMTP, It's been security scanned and some services are being
>> > requested shut off on this server
>> >
>> > Epmap
>> > Isakmp listen
>> > Microsoft-ds
>> > netbios-dgm
>> > netbios-ns
>> > netios-ssn
>> > and ntp
>> > Should I manually go in and disable these services or can WIN2K3 SP1
>> > take care of disabling these services if I use the security
>> > configuration tool and choose web application server, will it lock or
>> > disable the services mentioned for me with this process?
>> >
>> > Thanks
>> >
>>
>>
>>




Similar ThreadsPosted
Win95 SR1 logon to win2K3 Server AD August 29, 2005, 1:48 pm
win2k3 server - set advanced permissions CLI December 11, 2005, 1:28 am
Cached credentials win2k3 server April 16, 2008, 6:22 am
Windows Media Player vulnerability in Win2K3 Server with SP2 October 25, 2007, 2:06 pm
Ways of deploying antispyware? June 23, 2005, 9:58 am
Is third-party middleware required when deploying smartcards? October 1, 2007, 12:02 pm
Deploying Active Directory Users and Computers? February 22, 2008, 2:34 pm
Is DC-cert a requirement when deploying smart card certificates? November 17, 2005, 2:08 pm
Win2k3 SP1- Removing Ctrl+Alt Del June 28, 2005, 1:55 pm
Win2k3/IIS Kerberos challenges December 22, 2005, 1:42 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap