Windows system >> Windows 2003 System Tutorial >> Windows 2003 FAQ

Win2003 server security settings

  

A lot of online security about the windows server 2003 system configuration, but careful analysis found that many are not comprehensive, and many are still not reasonable enough, and there are great security risks, today I decided Carefully do the security configuration of the extreme BT 2003 server, so that more network management friends can sit back and relax.
The components we need to support are as follows: (ASP, ASPX, CGI, PHP, FSO, JMAIL, MySql, SMTP, POP3, FTP, 3389 Terminal Services, Remote Desktop Web Connection Management Service, etc.) The system has been installed, IIS, including FTP server, mail server, etc., these specific configuration methods will not be repeated, and now we focus on the security configuration.
About regular security installation systems, setting up and managing accounts, shutting down redundant services, auditing policies, modifying terminal management ports, and configuring MS-SQL, deleting dangerous stored procedures, connecting with the least privileged public account, etc. Wait.
First of all, about the NTFS disk permission settings of the system, you may have seen more, but the 2003 server has some details to pay attention to, I have read a lot of articles have not written completely.
C drive only gives administrators and system permissions, other permissions are not given, other disks can also be set this way, the system permissions given here do not necessarily need to be given, just because some third-party applications are started as services You need to add this user, otherwise it will not start.

Windows directory to add the default permissions to users, otherwise ASP and ASPX and other applications will not run. In the past, a friend separately set the directory permissions such as Instsrv and temp. In fact, there is no such necessity.

Also in the c: /Documents and Settings /Xiangdangchongyao here, behind the directory permissions will not inherit the previous settings, if only just set up the C drive permissions for administrators, and in the All Users /Application In the Data directory, everyone has full control permissions, so the intrusion can jump to this directory, write scripts or files only, and combine other vulnerabilities to enhance permissions; for example, use serv-u's local overflow to enhance permissions, or the system Missing patches, database weaknesses, and even social engineering and other N-methods, there used to be no one who said: "Just give me a webshell, I can get system", which is indeed possible. In systems that use the web/ftp server, the recommendation is to lock these directories. The directories of each of the other disks are set as such, and none of the disks only give the adinistrators permission.

addition, it will: net.exe, cmd.exe, tftp.exe, netstat.exe, regedit.exe, at.exe, attrib.exe, cacls.exe, these files are set to only allow the administrators access.
Unnecessary services are banned, although these may not be exploitable by attackers, but in terms of security rules and standards, unnecessary things are not necessary to open, reducing a hidden danger.

Windows 2003 FAQ
Windows system
Windows 2003 system uses SyGate agent to access the Internet fault

The school computer room recently upgraded the system to Windows 2003. In order to strengthen manage
How to manually clone the Windows operating system hidden account

When a hacker invades a target, he often leaves a back door to control the computer for a long time.
Win2008 Virtualization 64-bit virtual machine system installation

For how to create a Windows Server 2008 virtual machine, you can refer to the previous article (clic
Tips for securing Win2008 remote control security

In a slightly larger LAN operating environment, network administrators often use remote control to m
IIS service prompt address is occupied Startup failure solution

Some netizens reflected a Windows Server 2003 server and installed IIS 6.0 components. When you manu
How to achieve network sharing restore in Win2003

You must remember the system restore function of Windows XP, but it can only restore the files of th
  • Windows2003 system skills
  • Windows 2003 Tutorial
  • Windows 2003 FAQ

    • How to close in XP does not need unsafe port

    What should I do if Win8.1 fails to start after installing August update (Aug Update)?

    Lenovo notebook Win7 automatically turns on the solution after turning off the monitor

    Causes and solutions for 100% CPU resources under Win 7

    Win10 adds biological verification function: face, iris, fingerprint can be registered before

    IIS Application Pool Optimization Method

    Windows xp system to create a folder that can not be deleted

    How to change the default decoder of WMP12 in Win7?

    Win7 system computer installation PP assistant prompts "can not get application package information" error how to do

    How to make iPhone ringtones in Win10 system?

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved