Windows system >> Windows 2003 System Tutorial >> Windows 2003 FAQ

2003 server security settings

  

A lot of online security about the windows server 2003 system configuration, but careful analysis found that many are not comprehensive, and many are still not reasonable enough, and there are great security risks, today I decided to carefully do the extreme BT The security configuration of the 2003 server allows more network management friends to sit back and relax.
The components we need to support are as follows: (ASP, ASPX, CGI, PHP, FSO, JMAIL, MySql, SMTP, POP3, FTP, 3389 Terminal Services, Remote Desktop Web Connection Management Service, etc.) The system has been installed, IIS, including FTP server, mail server, etc., these specific configuration methods will not be repeated, and now we focus on the security configuration.
About regular security installation systems, setting up and managing accounts, shutting down redundant services, auditing policies, modifying terminal management ports, and configuring MS-SQL, deleting dangerous stored procedures, connecting with the least privileged public account, etc. Wait.
First of all, about the NTFS disk permission settings of the system, you may have seen more, but the 2003 server has some details to pay attention to, I have read a lot of articles have not written completely.
C drive only gives administrators and system permissions, other permissions are not given, other disks can also be set this way, the system permissions given here do not necessarily need to be given, just because some third-party applications are started as services You need to add this user, otherwise it will not start.

Windows directory to add the default permissions to users, otherwise ASP and ASPX and other applications will not run. In the past, a friend separately set the directory permissions such as Instsrv and temp. In fact, there is no such necessity.

Also in the c: /Documents and Settings /Xiangdangchongyao here, behind the directory permissions will not inherit the previous settings, if only just set up the C drive permissions for administrators, and in the All Users /Application In the Data directory, everyone has full control permissions, so the intrusion can jump to this directory, write scripts or files only, and combine other vulnerabilities to enhance permissions; for example, use serv-u's local overflow to enhance permissions, or the system Missing patches, database weaknesses, and even social engineering and other N-methods, there used to be no one who said: "Just give me a webshell, I can get system", which is indeed possible. In systems that use the web/ftp server, the recommendation is to lock these directories. The directories of each of the other disks are set as such, and none of the disks only give the adinistrators permission.

addition, it will: net.exe, cmd.exe, tftp.exe, netstat.exe, regedit.exe, at.exe, attrib.exe, cacls.exe, these files are set to only allow the administrators access.
Unnecessary services are banned, although these may not be exploitable by attackers, but in terms of security rules and standards, unnecessary things are not necessary to open, reducing a hidden danger.

Windows 2003 FAQ
Windows system
Win2008 Performance and Availability Detection Tool Configuration Guide

A new performance detection tool is included in the Windows Server 2008 operating system: Windows Pe
Windows 2003 Security: Re-supporting ASP scripts

When you mention ASP (ActiveServerPage), everyone will think of Windows. It is popular among WEB dev
Resolve Win2008 Recycle Bin can't clear fault

In Windows Server 2008 system environment, we sometimes see the recycle bin icon on the system deskt
How to improve FSO security under Windows 2003

ASP provides powerful file system access, which can read, write, copy, delete, rename, and other fil
Windows 2003 system uses SyGate agent to access the Internet fault

The school computer room recently upgraded the system to Windows 2003. In order to strengthen manage
How to create a relationship between Win2003 and Win2008

We created a domain trust relationship in the previous article. This trust relationship occurred bet
  • Windows2003 system skills
  • Windows 2003 Tutorial
  • Windows 2003 FAQ

    • How to set up the Win10 system to connect the projector?

    Windows 7 system flash disk encryption function tutorial

    Why is win10 called the last version of Windows? What is the intention?

    Microsoft Webpage Comparison Plug-in Diff-IE Experience [Photos]

    Windows 8 versions of the main features difference list

    Details Windows Server 2008 Comprehensive Review Strategy

    Hat accelerator out of VPN691 error how to do hat accelerator error how to do

    If the computer can't start 10 solutions to teach you the fault

    How to solve directX error? WinXP system graphics card is running normally but can not play the game situation solution introduction

    [Chinese/English] Microsoft launched the Win10 feature demo website to help newcomers get started quickly

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved