Deploying Security Policies

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

It is beyond the scope of this chapter to prescribe the security measures that you should take to protect your computing environment. Some things to consider are:

  • Protect your physical equipment. For example, you might want to keep your domain controller computer inside a locked room or cabinet.

  • Secure data as it traverses the network. If you are using Encrypting File System (EFS) to encrypt files, keep in mind that encrypted data is not encrypted when in transit over the network, but only when stored on disk. EFS does not work with roaming user profiles; if users encrypt files that are stored in their roaming profile, they will receive an error message when the profile is saved to the server. (You can, however, use IPSec in combination with EFS to protect the data when it is in transit.)

    For more information about securing data as it traverses a network, see "Deploying Security Policy" in this book and "Deploying IPSec" in Deploying Network Services of this kit.

  • If you have a wireless network, be sure to enable 128-bit WEP protection. Consider deploying Group Policy settings specifically designed to protect your data in a wireless environment; for more information, see "Deploying Security Policy" in this book.

For more information about Group Policy and security policies, see "Designing a Group Policy Infrastructure" and "Deploying Security Policy" in this book. For best practices and considerations for securing user data and settings, see "Implementing User State Management" in this book. For more information about how to secure your Windows computing environment, see "Planning a Secure Environment" in Designing and Deploying Directory and Security Services of this kit.

It is recommended that you deploy your selected security measures before continuing with the tasks in this chapter. If you are not ready to do so, you can proceed with the tasks, but be sure to secure your system before you deploy in a production environment.