Additional Resources
This guide explains the most significant security countermeasures that are available in Windows Server® 2003 with SP1 and Windows Vista®. You can use the Security Configuration Wizard (SCW) to create security policies and import them into a Group Policy object (GPO) that is linked to the parent organizational unit (OU) for the member server to manage most of the recommended settings. Because some hardening procedures cannot be applied through Group Policy, the guide also discusses some manual configuration settings. This guide was not intended to be a comprehensive reference to all of the features and considerations that you need to take into account when securing Windows Server 2003 and Windows Vista systems. When constructing your information and network security plans for your environment, you may also find useful information in the following locations:
- For more information about security and privacy at Microsoft, see the Security Central page (https://go.microsoft.com/fwlink/?LinkID=49428).
- For more information about authoritative security guidance from Microsoft, see Enterprise Security Best Practices (https://go.microsoft.com/fwlink/?LinkID=100430).
- For information about the "10 Immutable Laws of Security," see https://go.microsoft.com/fwlink/?LinkID=18751.
- For more information about security for Windows Vista, see https://go.microsoft.com/fwlink/?LinkID=101446.
- For more information about security for Windows Server 2003, see https://go.microsoft.com/fwlink/?LinkID=22387.
- For information about how to delegate administration of the Active Directory® directory service, see Design Considerations for Delegation of Administration in Active Directory (https://go.microsoft.com/fwlink/?LinkID=91034).
- For more information about how to harden the Windows Server 2003 TCP/IP stack, see article 324270, How to Harden the TCP/IP Stack Against Denial of Service Attacks in Windows Server 2003, in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=116879).
- For more information about how to harden the settings for Windows Sockets applications, see article 142641, Internet Server Unavailable Because of Malicious SYN Attacks, in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=116881).
- For more information about Group Policy settings, including a listing of paths and values for all settings that are stored in the registry of Windows Server 2003 with SP1 and Windows Vista, see Group Policy Settings Reference (https://go.microsoft.com/fwlink/?LinkId=116882) and Group Policy Settings Reference Windows Vista (https://go.microsoft.com/fwlink/?LinkID=100431).
- For more information about LAN Manager compatibility levels, see article 823659, Client, service, and program incompatibilities that may occur when you modify security settings and user rights assignments, in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=116884).
- For more information about NTLMv2 authentication, see article 239869, How to Enable NTLM 2 Authentication, in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=116885).
- For more information about the default service settings in Windows Server 2003, see Default settings for services (https://go.microsoft.com/fwlink/?LinkID=68107).
- For more information about smart card deployment for Windows Server 2003, see the Windows Server 2003 Smart Card Technical Library (https://go.microsoft.com/fwlink/?LinkId=116887).
- For more information about Auditing policy for Windows Server 2003, see Auditing Policy (https://go.microsoft.com/fwlink/?LinkID=20184).
- For more information about user rights in Windows Server 2003, see User Rights (https://go.microsoft.com/fwlink/?LinkId=120345).
- For more information about how to restore default security settings locally, see article 313222, How to Reset Security Settings Back to the Defaults, in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=116890).
- For more information about how to restore default security settings in the built-in domain Group Policy objects, see article 324800, How to Reset User Rights in the Default Domain Group Policy in Windows Server 2003, in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=116891).
- For more information about security in the various Windows operating systems, see the Microsoft Windows Security Resource Kit, which you can purchase through Microsoft Press (https://go.microsoft.com/fwlink/?LinkId=116892).