Evaluating Your Security Requirements

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The security requirements for managed desktops in your organization are an essential part your configuration management deployment. Examine both the internal and the external security threats that might exist. Internal threats range from accidental damage that your users might cause to their desktops to intentionally malicious actions. External threats include viruses, malicious users, or attackers. Some things to consider as you plan for desktop security include:

  • What user security level is appropriate for users to have on their computers?

    Three fundamental levels of security are granted to users by membership in one of these groups: Users, Power Users, and Administrators. Membership in the Users group gives the most protection from a number of external threats, such as viruses, and it limits the damage that a user can accidentally or intentionally cause to their computers. However, user level permissions have the most incompatibility problems with older applications. Take particular care before you give users privileged access to computers that they share with other employees.

  • What type of systems do the workstations need to interoperate with?

    They might need to interoperate with Windows NT 4.0 servers, UNIX server message block (SMB) servers, or other types of servers. Interoperability with older systems means that some security you might use in a pure Windows Server 2003 environment must be relaxed.

  • Do users have to provide any level of support on their own computers, or do they have to configure their own computers?

    Users who use portable computers and provide their own support might require administrator rights on their computers. Other high-performance users, such as developers, might also need administrative rights.

A series of security templates is supplied with Windows Server 2003 that you can use to manage security configurations. For more information about deploying Windows Server 2003 security, see "Deploying Security Policy" in this book or see "Planning a Secure Environment" in Designing and Deploying Directory and Security Services of this kit.