Click here to get back home

Windows Server 2003 Security Guide 2.0
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Windows Server 2003 Security Guide 2.0 Adime 01-17-2006
Posted by Adime on January 17, 2006, 10:24 am
Please log in for more thread options
 There are changes in the templates but Microsoft doesn't mentioned them...

Where can I get more information about the changes?
If I allready hardened a server with the old templates, do I have to
reharden my servers with the new ones?
Why are the system services not configured in the new templates?

Thank you for your help
Regards






Posted by Roger Abell [MVP] on January 18, 2006, 12:58 am
Please log in for more thread options
 Let's take these one by one.

The guide mentions much about the settings so I guess you are saying
that the differences between the v1.x and the v2.0 templates are not
highlighted as "new" or as "changed". Is that it?

The new guides take into account a number of policies that did not
exist for earlier versions. Whether you could find advantage from
those depends on what is deployed in your environment.
The new also has expanded guidance on both usage and custom
reg settings one may want to use for hardening. The number of
policy settings that did exist before but are now with different settings
recommendations is not large.

As to differences in the templates themselves, you could use a simple
difference program against your prior and the new .inf text files.
I previously had a script that parsed to templates and gave a friendly
display of samenesses and differences, but as this is not updated to
the XP SP2 / W2k3 SP1 changes I will keep it private at this point.

Whether you modified sceregvl or not, or want to now, would be
inherently something you would need to examine one-off, but the
number of suggested settings is now expanded.

I am also surprised at the total omission of System Services settings
from the new templates. I can offer two reasons. One is that the
new guidance recommends using the SCW, which itself will spin out
services settings based on server roles. The other is that there is
a potential for problems from people taking the templates and "blindly"
applying them with W2k toolset if the services were set and their
permissions altered per the older behaviors. When we had the
guides for editorial review we did not get the tools and templates,
else I would have a ready answer as to why these are voided, and
whether intended or oversight (but I am asking now).

--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
> There are changes in the templates but Microsoft doesn't mentioned them...
>
> Where can I get more information about the changes?
> If I allready hardened a server with the old templates, do I have to
> reharden my servers with the new ones?
> Why are the system services not configured in the new templates?
>
> Thank you for your help
> Regards
>
>
>
>
>



Posted by Roger Abell [MVP] on January 26, 2006, 2:24 am
Please log in for more thread options
In case you are following, the "omission" was intended, and
indeed due to the recommended use of SCW to profile the
system based on the declared roles.

> There are changes in the templates but Microsoft doesn't mentioned them...
>
> Where can I get more information about the changes?
> If I allready hardened a server with the old templates, do I have to
> reharden my servers with the new ones?
> Why are the system services not configured in the new templates?
>
> Thank you for your help
> Regards
>
>
>
>
>



Posted by Adime on January 26, 2006, 4:30 am
Please log in for more thread options
Hi Roger

Thank you very much for your reply.

It's exactly what I searched for. It's really strange that MS did not
mentioned in the ReleaseNotes.txt that they changed the templates.

Regards
André

Posted by Roger Abell [MVP] on January 26, 2006, 10:05 am
Please log in for more thread options

> Hi Roger
>
> Thank you very much for your reply.
>
You are welcome.

> It's exactly what I searched for. It's really strange that MS did not
> mentioned in the ReleaseNotes.txt that they changed the templates.
>
Yes, agreed. Given how some things are said so many times
this relatively major change could have been drawn out more.

Roger



Similar ThreadsPosted
Windows Server 2003 Security Guide for SP2? June 4, 2007, 7:03 pm
MSS tcp registry values in windows 2003 server security guide August 20, 2006, 7:23 am
Windows Server 2003 Security Guide: International versions? October 23, 2007, 1:51 pm
Role-based security from Windows Server 2003 Security Guide gives problems November 6, 2006, 8:00 am
MSS tcp registry values in windwos 2003 server security guide August 21, 2006, 2:33 am
2003 Security Guide August 10, 2005, 12:30 pm
Windows server 2003 security. How to protect against 100's of invalid logons to the server?? August 12, 2005, 5:29 pm
Windows 2003 server and VPN: Security(?) December 16, 2005, 4:20 pm
Security on a stand-alone windows 2003 Server August 8, 2005, 11:42 am
Security Configuration Wizard - Windows Server 2003 SP1 August 3, 2005, 6:56 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap