Hardening Member Servers

[Guest]

Hello,

I want to prevent unauthorized access to the member servers on our domain. I
know windows 2k has some built in security templates but is there a good site
or something for this info or better templates? I want to make sure only
authorized users can logon locally etc. Any help is greatly appreciated.

Thanks

 

[Andrew Sword [MVP]]

Try this site

http://www.nsa.gov/snac/

 

[Steven L Umbach]

You could put those servers into an OU with it's own GPO and then configure
the user right for logon locally to contain only the groups/users that you
want to be able to logon to locally. Be very careful with security templates
and test them out thoroughly first on a test network or at least test OU as
too extreme security settings can break access that you want to have. Also
ipsec can be used to control access to your servers requiring that the
computer trying to access needs to authenticate with it via kerberos and be
compatible with it's ipsec policy. Ipsec policies need to be thoroughly
tested before implementing and domain controllers must be exempt from ipsec
ESP/AH traffic with domain members. --- Steve