Admin Tips
- Windows Server 2008/2003/2000/XP/NT Administrator Knowledge Base
  - Windows 2003
    - Admin Tips
      - Security

Knowledge Base Tips topic

[	3440	]	Windows Server 2008/2003/2000/XP/NT Administrator Knowledge Base	Last updated: Mar 09, 2010
[	748	]	Windows 2000	Last updated: Feb 18, 2010
[	489	]	Admin Tips	Last updated: Feb 18, 2010
[	123	]	Registry Tips	Last updated: Feb 18, 2010
[	136	]	User Tips	Last updated: Jan 27, 2010
[	523	]	Windows 2003	Last updated: Feb 18, 2010
[	510	]	Admin Tips	Last updated: Feb 18, 2010
[	6	]	Registry Tips	Last updated: Sep 08, 2009
[	5	]	User Tips	Last updated: Apr 01, 2009
[	1155	]	Windows NT	Last updated: Jul 22, 2009
[	590	]	Admin Tips	Last updated: Jul 22, 2009
[	419	]	Registry Tips	Last updated: Dec 10, 2008
[	146	]	User Tips	Last updated: Apr 01, 2009
[	197	]	Windows Server 2008	Last updated: Mar 09, 2010
[	193	]	Admin Tips	Last updated: Mar 09, 2010
[	4	]	Registry Tips	Last updated: Sep 08, 2009
[	188	]	Windows Vista	Last updated: Mar 03, 2010
[	158	]	Admin Tips	Last updated: Jan 14, 2010
[	5	]	Registry Tips	Last updated: Jan 07, 2010
[	25	]	User Tips	Last updated: Mar 03, 2010
[	628	]	Windows XP	Last updated: Jan 14, 2010

Security Tips

Sort By: Title | Date | Rating

Hiding an Entire Computer from Network Users: Date - Aug 12, 2009; Rating - 3.5; Author - Eric Geier; Preventing network users from seeing a computer in My Network Places or Network.
Encrypting the system volumes on a server: Date - Jun 18, 2009; Rating - 1; Author - Mitch Tulloch; Why encrypting the system volume on a server is usually not a good idea.
Tips for Securing Your Wireless LAN: Date - Feb 04, 2009; Rating - 3.4; Author - Eric Geier; Ways to protect your Wi-Fi network from eavesdroppers and hackers.
Pros and Cons of Disabling NTLMv1: Date - Aug 19, 2008; Rating - Not Rated; Author - Mitch Tulloch; Is it a good idea to disable LM and NTLMv1 authentication on Windows networks and allow only NTLMv2 authentication?
Disabling Internet Explorer Enhanced Security Configuration: Date - Jan 22, 2008; Rating - 2; Author - Chris Sanders; Windows Server 2003 comes out of the box very hardened in some areas. One of these is through Internet Explorer Enhanced Security Configuration. Here is how to disable it.
Find all encrypted files: Date - Jan 08, 2008; Rating - Not Rated; Author - Mitch Tulloch; How to find all the EFS encrypted files on a machine.
Creating a password reset disk: Date - Jan 02, 2008; Rating - 3.7; Author - Mitch Tulloch; Creating a password reset disk
Authorized DHCP: Date - Dec 04, 2007; Rating - 2; Author - Mitch Tulloch; How to authorize DHCP for clients
Listening ports and services: Date - Nov 20, 2007; Rating - Not Rated; Author - Mitch Tulloch; How to find what ports your server is listening on and which service is listening on each port
Port 445 and trust creation: Date - Oct 04, 2007; Rating - 1; Author - Mitch Tulloch; How port 445 is used in trust creation
Enabling Windows Firewall on domain controllers: Date - Aug 08, 2007; Rating - 4.3; Author - Mitch Tulloch; Steps for enabling WF on domain controllers.
Configuring Security for Server Based Printers: Date - Jul 26, 2007; Rating - Not Rated; Author - Chris Sanders; Anytime you are using a printer in a large network environment you need to make sure it is securely distributed. Here we look at how to set security permissions on a server based printer.
Service accounts and user profiles: Date - Jul 17, 2007; Rating - 1; Author - Mitch Tulloch; How to create a profile for a service account and why you may need to do so.
Verifying ports are listening: Date - Jun 26, 2007; Rating - Not Rated; Author - Mitch Tulloch; How to determine if a server is listening on a given port.
Schema vs. Enterprise vs. Domain Admins: Date - Jun 20, 2007; Rating - 1.8; Author - Mitch Tulloch; Domain admins can basically do anything, anywhere in the forest.
Exempting User Accounts from Domain Password Policies: Date - Jun 14, 2007; Rating - 1; Author - Mitch Tulloch; There's one exemption to how domain password policies are applied.
Securing your Event logs: Date - Jun 07, 2007; Rating - 5; Author - Mitch Tulloch; Preventing rogue administrators from tampering with Event logs.
Pre-staging computer accounts: Date - Apr 25, 2007; Rating - 4.2; Author - Mitch Tulloch; How to ensure client computers are not left in an unmanaged state after joining a domain.
Group Policy in mixed environments: Date - Apr 24, 2007; Rating - Not Rated; Author - Mitch Tulloch; How to target Group Policy differently for different OSes.
How to prevent users from installing software: Date - Apr 17, 2007; Rating - 1.5; Author - Mitch Tulloch; Preventing users from installing software.
The Power with Power Users: Date - Apr 12, 2007; Rating - 1; Author - Chris Sanders; The power users group is often misused and can lead to the compromise of a system. Here is why this can happen.
How to remove unwanted local user accounts: Date - Apr 10, 2007; Rating - 3.8; Author - Mitch Tulloch; How to get rid of those pesky local user accounts on your workstations, or at least mitigate their unwanted presence.
Don’t forget to secure your UPS!: Date - Apr 04, 2007; Rating - 2; Author - Mitch Tulloch; Physical security for your servers may be useless if you don't secure your UPS also.
Eliminating Ping Responses from Secret Servers: Date - Mar 27, 2007; Rating - 3.3; Author - Chris Sanders; Ever have a server setup that you really don’t want people knowing even exists? Keeping it from returning ping responses is a great way to make it vanish.
Disabling LM Authentication: Date - Mar 22, 2007; Rating - 3; Author - Chris Sanders; Using strong passwords is useless if they are not encrypted properly. That’s why disabling LM authentication is important.
Logging Windows Firewall: Date - Mar 15, 2007; Rating - 5; Author - Chris Sanders; The built-in windows firewall won’t only stop unwanted traffic at your doorstep, it will log it too!
Warning Signs of a Rogue DHCP Server: Date - Mar 14, 2007; Rating - 3.3; Author - Chris Sanders; Just because you are only supposed to have one DHCP server on your network doesn’t mean it really is the only one
How to choose a VPN auth protocol: Date - Jan 17, 2007; Rating - 3; Author - Mitch Tulloch; How do you decide which auth protocol to use on a VPN client?
Default GPO Permissions: Date - Jul 13, 2006; Rating - 3.9; Author - Chris Sanders; It is very important to assign appropriate permissions to every GPO you create. Here I list the default permissions given to a new GPO.
Increase file server performance: Date - Jul 12, 2006; Rating - 2.8; Author - Mitch Tulloch; Don't use your domain controller as a file server--here's why.
Preventing users from Modifying Group Policy Settings: Date - May 30, 2006; Rating - 3.9; Author - Mitch Tulloch; How to prevent users from modifying Group Policy.
Troubleshooting WSUS: Date - May 02, 2006; Rating - 1.5; Author - Mitch Tulloch; How to troubleshoot WSUS when clients can't download and install patches.
Virtualization and Viruses: Date - Apr 26, 2006; Rating - 1.7; Author - Mitch Tulloch; How to protect your virtual machines without degrading performance.
Configuring Wireless Security Settings via GPO: Date - Mar 23, 2006; Rating - 3.1; Author - Chris Sanders; Using Group Policy wireless extensions you can more easily manage security and encryption settings for your networks wireless clients.
Auditing on a per-user basis: Date - Mar 01, 2006; Rating - 2.8; Author - Mitch Tulloch; How to configure per-user auditing.
Security Patches as ISO images: Date - Feb 21, 2006; Rating - 4.8; Author - Mitch Tulloch; You can obtain patches for Windows as an ISO (CD) image.
Don't Bother Deleting C$: Date - Feb 15, 2006; Rating - 4; Author - Mitch Tulloch; Why deleting the C$ share is not a good idea.
Enforcing Group Policy: Date - Feb 14, 2006; Rating - 3.5; Author - Mitch Tulloch; How to force Group Policy to apply even when users can override settings using local admin credentials.
Preventing Users From Circumventing Group Policy: Date - Jan 24, 2006; Rating - 3; Author - Mitch Tulloch; Given enough privileges, a user can often circumvent Group Policy restrictions. Here's what you can do about it.
Local accounts and Group Policy: Date - Jan 17, 2006; Rating - 2.5; Author - Mitch Tulloch; Group Policy can be a minefield and some policy settings are best left unchanged...
Adding Pop-Up Blocker Exceptions via GPO: Date - Dec 22, 2005; Rating - 4.1; Author - Chris Sanders; Occasionally there are sites that we as domain administrators need to allow pop-ups for across the board. This tip shows how to do this with Group Policy.
Checking Local Group Policy: Date - Dec 21, 2005; Rating - 3.7; Author - Mitch Tulloch; There may be times when you want to check the Local Group Policy Settings on a desktop machine.
Secure USB ports: Date - Dec 01, 2005; Rating - 4.4; Author - Mitch Tulloch; How to prevent users from downloading sensitive files using USB keys.
Security Options Ignored: Date - Nov 08, 2005; Rating - 2.3; Author - Mitch Tulloch; Why are some Security Options in Group Policy not being applied?
Why It's Hard to Harden Clients: Date - Nov 01, 2005; Rating - 1.4; Author - Mitch Tulloch; Servers are usually hardened--why not clients?
A Common Misconception Regarding Security Logs: Date - Oct 27, 2005; Rating - 2.6; Author - Mitch Tulloch; Do domain controllers share security logs?
Value of Auditing Workstations: Date - Oct 25, 2005; Rating - 2.6; Author - Mitch Tulloch; Why you might consider enabling auditing on workstations...
Top 5 Group Policy Links: Date - Oct 20, 2005; Rating - 2.5; Author - Mitch Tulloch; Five great resrouces with helpful information on Group Policy...
Be an example: Date - Oct 18, 2005; Rating - 2.4; Author - Mitch Tulloch; Want users in your company to follow the security policies and practices you lay down?
Security policies--where to start: Date - Oct 13, 2005; Rating - 1.5; Author - Mitch Tulloch; If you tell IT managers they need to create a formal, written security policy for their company (many small- and mid-sized companies don't have one) what's the first thing they'll say in response?
What Defense In Depth Is NOT: Date - Oct 11, 2005; Rating - 2.6; Author - Mitch Tulloch; A common misconception concerning network security is the meaning of the term "defense in depth".
Tool for slipstreaming patches: Date - Oct 06, 2005; Rating - 1.6; Author - Mitch Tulloch; It's not easy to slipstream a bunch of patches properly into Windows.
Management software and security: Date - Sep 28, 2005; Rating - 3; Author - Mitch Tulloch; Which kind of management software is more secure, agent-based or agentless?
Automatic Updates for Servers?: Date - Sep 27, 2005; Rating - 2; Author - Mitch Tulloch; Should the Automatic Updates (AU) feature be used to keep your servers patched?
IIS 6 and MIME Types: Date - Sep 07, 2005; Rating - 3.6; Author - Mitch Tulloch; Serving up files from a web server running IIS 6 can sometimes be problematical.
Changing Worker Process Identity in IIS 6: Date - Aug 30, 2005; Rating - 1.5; Author - Mitch Tulloch; In IIS 6 on W2K3, all worker processes run by default using NetworkService as their identity.
Listing All DHCP Servers: Date - Aug 09, 2005; Rating - 3.1; Author - Mitch Tulloch; Want to know the DNS names and IP addresses of all DHCP servers on your network?
Preventing Rogue DHCP Clients: Date - Aug 04, 2005; Rating - 2.8; Author - Mitch Tulloch; If you are using DHCP on your network and you want to prevent rogue clients from obtaining IP addresses from your DHCP server and participating on your network, your options are simple.
Protect Your Security Logs: Date - Jul 26, 2005; Rating - 1.4; Author - Mitch Tulloch; Tip on how to protect your Security logs.
Finding Significant Security Events: Date - Jul 20, 2005; Rating - Not Rated; Author - Mitch Tulloch; How to sort the wheat from the chaff in Windows Security logs.
Audit Collection Services (ACS): Date - Jul 19, 2005; Rating - 1.6; Author - Mitch Tulloch; Microsoft's Audit Collection Services (ACS) is coming soon to simplify collection and management of Security logs throughout your organization.
Gaps in Security Log: Date - Jul 14, 2005; Rating - 4.7; Author - Mitch Tulloch; You found a gap of several hours in your Security log, what does it mean?
Managing Event Logs on Multiple Servers: Date - Jul 13, 2005; Rating - 3; Author - Mitch Tulloch; Tools for managing Event logs on multiple Windows servers.
Get the Latest ADM Files: Date - Jul 12, 2005; Rating - 2.8; Author - Mitch Tulloch; How to obtain the latest Administrative Template files from Microsoft.
Auditing Access to Sensitive Data: Date - Jul 06, 2005; Rating - 2; Author - Mitch Tulloch; How to see who's accessing sensitive files on a server.
Terrific Resource for Windows Security Log: Date - Jul 05, 2005; Rating - 2; Author - Mitch Tulloch; Here's a terrific resource for the Security log that every Windows admin should know about.
Want to Improve Group Policy?: Date - Jun 30, 2005; Rating - 2.4; Author - Mitch Tulloch; How to help Microsoft improve Group Policy and other aspects of Windows Server System platforms.
Auditing Group Policy Settings: Date - Jun 28, 2005; Rating - 2; Author - Mitch Tulloch; How to use the GPMC for auditing purposes.
Preventing Group Policy Workarounds: Date - Jun 22, 2005; Rating - 1; Author - Mitch Tulloch; A smart user who has local Administrator or Power Users privileges on their desktop computer may be able to circumvent Group Policy.
Group Policy Task Force: Date - Jun 21, 2005; Rating - 1; Author - Mitch Tulloch; Check out the work of the Group Policy Task Force.
Comparing Two Group Policy Objects: Date - Jun 16, 2005; Rating - 3.2; Author - Mitch Tulloch; How to compare two GPOs and see how their settings differ.
Reversing Folder Redirection: Date - Jun 16, 2005; Rating - 1.9; Author - Mitch Tulloch; Careful planning makes it easy to reverse folder redirection later on.
How Can I Learn Group Policy?: Date - Jun 14, 2005; Rating - 1.6; Author - Mitch Tulloch; Need to learn how Group Policy works, what it can do, and how to implement it?
XP SP2 Breaks Group Policy: Date - Jun 09, 2005; Rating - 2.8; Author - Mitch Tulloch; Resolving an issue with adm files in XP SP2.
Find Out When Policy Last Applied: Date - Jun 08, 2005; Rating - 3; Author - Mitch Tulloch; How to find out when Group Policy was last applied to a remote machine.
Joining a Domain Securely: Date - May 26, 2005; Rating - 3.2; Author - Mitch Tulloch; How to securely add a computer to a domain.
Transferring Ownership of Files: Good or Bad?: Date - May 11, 2005; Rating - 2.2; Author - Mitch Tulloch; Windows Server 2003 lets you easily transfer ownership of files, but should you?
NETBIOS: Leave On or Turn Off?: Date - Apr 14, 2005; Rating - 3.9; Author - Mitch Tulloch; NETBIOS is supposed to be no longer needed since Windows 2000, but this is not really the case.
Map Your Network For Better Protection and Incident Response: Date - Apr 01, 2005; Rating - 3.7; Author - Tony Bradley; It is difficult to protect devices that you don't even know exist. In larger enterprises it is very easy to lose track of the asset inventory which leads to complacency about rogue devices. In order to effectively protect the network and to respond to incidents efficiently, an updated asset inventory and network map should always be handy.
Using Reservations to Ensure DHCP Server Availability and Security: Date - Mar 24, 2005; Rating - 3.5; Author - Mitch Tulloch; In high security environments you can use Reservations to ensure the security and availability of DHCP servers.
Protect Wireless Access Using MAC Address Filters: Date - Mar 22, 2005; Rating - 4.2; Author - Tony Bradley; Wireless networks add a significant level of convenience for many users. The ability to roam at will and access the network without adding wires is quite useful. But, you need to do so securely. There are a number of basic steps you should take to protect your wireless network and filtering MAC addresses is one more way to secure it.
Disabling the RunAs Command: Date - Mar 22, 2005; Rating - 4.3; Author - Mitch Tulloch; To enhance security you can prevent users from using the RunAs command.
Google Yourself To Identify Security Holes: Date - Mar 15, 2005; Rating - 4; Author - Tony Bradley; Google is very good at what it does. It automatically and systematically catalogues every document, image, web site or other data that is web accessible so that it can be quickly retrieved using the Google search engine. That includes potentially sensitive or confidential data that wasn't intended to be shared publicly. Google your own network or sites to identify possible security holes.
Disable Enumeration of SID's: Date - Mar 08, 2005; Rating - 4.5; Author - Tony Bradley; One way for an attacker to scope out a target system and, particularly, to identify the Administrator account so they can focus their efforts on the account with the most privileges is to list, or enumerate, the SID's (serial identifiers) on a Windows machine.
Security Innovations in Windows Server 2003: Date - Aug 25, 2004; Rating - 1.9; Author - Wayne Maples; 205 KB Microsoft Word file - outlines how they facilitate business scenarios such as: building a secure Web application platform, providing secure mobile access, and streamlining identity management across the enterprise.
Technical Overview of Windows Server 2003 Security Services: Date - Aug 20, 2004; Rating - 3; Author - Wayne Maples; 205 KB Microsoft Word file - 324 KB Microsoft Word file
Using Attack Surface Area and Relative Attack Surface Quotient to Identify Attackability of Windows Server 2003: Date - Aug 12, 2004; Rating - 3; Author - Wayne Maples; 416 KB Adobe Acrobat file - In March 2003, Microsoft engaged the Security and Technology Solutions practice of Ernst & Young LLP to validate the Relative Attack Surface Quotient (RASQ) model developed by Microsoft, which quantifies the relative "attackability" provided by each of its operating system platforms. The model provides a methodology to compute the attackability of Microsoft Windows server operating systems by describing potential exploit points and assigning a relative vulnerability level based on exploits that occur in the real world. Ernst & Young conclude that Windows Server 2003 is the least attackable operating system Microsoft has ever released.
TechNet Webcast: Windows Server 2003 As A Foundation for Risk Management and Security Regulatory Compliance: Date - Apr 20, 2004; Rating - Not Rated; Author - Wayne Maples; 71 mins - we will examine the nature of risk management as reflected in these security regulatory requirements. Specifically, we will explore how Windows Server 2003 can be employed as the foundation technology for risk management and to introduce the concept of the Microsoft/Secure Logistix jointly developed Compliance WorkCenter
TechNet Webcast: Security in a Windows Server 2003 Environment: Date - Apr 20, 2004; Rating - Not Rated; Author - Wayne Maples; 95 mins - Rand will talk about the security technologies built-in to Windows Server 2003 and how organizations are implementing the technologies to solve business challenges. Portions of the content covered in this webcast will be taken from Rand's latest book "Windows Server 2003 Unleashed," a 1286-page book from Sams Publishing. Some of the topics that will be covered include IPSec NAT Traversal, Passport technology, Windows Server 2003 certificates, and wireless security using 802.1X in a Windows Server 2003 environment.
TechNet webcast: Windows Server 2003 Security Guide: Date - Apr 20, 2004; Rating - 3; Author - Wayne Maples; 63 mins - webcast will examine the recently released guide called Windows Server 2003 Security Guide and its companion guide, Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP . The new guides provide customers with detailed security guidance on Microsoft Windows Server 2003™ that is authoritative, proven, and tested. The guides are designed to empower users to assess and mitigate a wide range of significant security issues that may exist in their environment.
MSDN Webcast: Using Authorization Manager on Windows Server 2003: Date - Apr 20, 2004; Rating - Not Rated; Author - Wayne Maples; 83 mins - In this advanced session, we will learn how to leverage the Authorization Manager API that’s built into Windows Server 2003 to control access to resources and limit the tasks that a user can perform. We’ll write code to perform dynamic access checks on specific tasks. We’ll compare and contrast controlling authorization via a custom-built SQL scheme and using the Active Directory and Authorization Manager in Windows Server 2003. Finally, we’ll explore how roles can be inherited and integrate auditing.
MSDN Webcast: Windows Server 2003 Internet Explorer Security Setting Functionality: Date - Apr 20, 2004; Rating - 2; Author - Wayne Maples; 36 minutes - look at the changes made to Internet Explorer in Windows Server 2003 and how these changes will affect the ISV or developer when developing applications. This short webcast will cover the background of why the default settings for Internet Explorer will be set at the highest level of security, how the user's experience will be affected and what an ISV or developer can do to ensure their customer has a productive experience on Windows Server 2003.