Outcome 3: Implement secure network administration procedures

Table of Contents

1. Windows Server 2003 Security Features
   1. Physical Access
   2. Principle of Least Privilege
   3. Develop a Security Policy
   4. Security Baseline Settings
   5. Microsoft Baseline Security Analyzer
   6. Using the GUI Version of MBSA
   7. Security Templates
   8. Built-in Security Templates
   9. Group Membership and Privileges
   10. Secure Local PC Systems
   11. Securing the SAM Database
   12. Enforce a Strong Password Policy
   13. Do Not Run Unknown programs
   14. Keep Virus Software up-to-date
   15. Keep Operating System Current
2. NTFS File and Folder Permissions
3. Software Update Infrastructure
4. Network Protocol Security
5. Self Assessment Questions (SAQs)
6. Summary: Implementing secure network administration procedures
7. Summary: Software Update infrastructure

Group Membership and Privileges

In order to implement the principle of least privilege, you must assign each user to a group and assign the proper privileges to the group. Many of the privileges you need to assign will be determined by the level of privileges that the user's applications require. Many old legacy applications must have direct access to hardware, so with these types of applications you must assign more privileges to users.

By doing this you are opening up access on the network, so certain, older, legacy applications running on Windows 2000 or Windows XP can actually create security issues for a network. With older legacy applications, you may have to put regular users into the Power Users group, since membership of this provides greater access to hardware devices. Recent Windows applications should keep security more intact and allow you to put regular users into the Windows Users group. This will not allow the users any more privileges than usual.

Next: Secure Local PC Systems