Re: Windows Server 2003 Service Pack 1

From: Thor (Hammer of God) (thor_at_hammerofgod.com)
Date: 04/05/05

  • Next message: Brian Melancon: "Re: Windows Server 2003 Service Pack 1"
    To: <focus-ms@securityfocus.com>
    Date: Tue, 5 Apr 2005 13:23:10 -0700
    
    

    The SCW is *very* cool... It's just what many administrators need to easily
    lock down a server. One quick note though for those using the Win2k3 POP
    Service with users logging on via SPA: In the SCW config for Registry
    Settings, under Inbound Authentication Methods, you must make sure that
    "Computers that have not been configured to use NTLMv2 authentication" is
    selected, as the POP3 SPA (secure password authentication) uses a Type 3
    NTLM logon process. Even in role-specific POP3/Web configs where file and
    print sharing is not bound to the adapter and 139/445 blocked (where the
    server performs no ms client "authentication") you still need the registry
    value set correctly for SPA to work.

    t

    ----- Original Message -----
    From: "Ryan Gravlin" <RGravlin@newvision-inc.com>
    To: "Thaddeus McNamara" <tk@coast-radio.com>; <focus-ms@securityfocus.com>
    Sent: Tuesday, April 05, 2005 6:21 AM
    Subject: RE: Windows Server 2003 Service Pack 1

    I have installed it on a Windows 2003 Standard test server. It's
    actually very nice, although the security configuration wizard isn't
    installed by default. It comes with a firewall exactly like XP SP2.
    The configuration tool itself is really nice, it uses the server role
    selection and then continues to:

    - shut off client services (dns, dhcp, wins, etc...)
    - enable/disable administration services (rdp, backup, firewall, etc...)
    - network ports to open (http, dns, etc... You can also add your own!!)
    - SMB security signature requirements
    - methods used to authenticate with remote computers (domain, local,
    file sharing accounts)
    - inbound authentication methods (remote hosts that require lan manager,
    not configured to use ntlmv2
    - configure auditing
    - enable/disable web extensions for IIS
    - directories to retain for IIS
    - deny anonymous write access to content files

    Overall pretty nice!!

    Hope that answers your question.

    Ryan Gravlin

    New Vision Consulting, Inc.

    -----Original Message-----
    From: Thaddeus McNamara [mailto:tk@coast-radio.com]
    Sent: Friday, April 01, 2005 2:54 PM
    To: focus-ms@securityfocus.com
    Subject: Windows Server 2003 Service Pack 1

    Has anyone had time to install and test the new Windows Server 2003
    Service Pack 1? I haven't seen or heard much of anything on it... But,
    I have been a smidge on the BUSY side...

    Thadd McNamara
    Coast Radio Co., Inc.
    IT Director

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Brian Melancon: "Re: Windows Server 2003 Service Pack 1"

    Relevant Pages

    • Re: Outlook -> remote exchange -> always wants a password
      ... I have my server set to use Integrated Windows authentication over SSL. ... almost certainly "break" your existing users if the client setup does not ... Close out of these configuration dialogs, ...
      (microsoft.public.windows.server.sbs)
    • Re: Help on SMTP setting, loosing my hairs
      ... to email server and I type in the mail server as: ... Thats it for the configuration of CEICW that I have done ... which is a different account as my ISP which give the outside line. ... you authentication. ...
      (microsoft.public.windows.server.sbs)
    • RE: IIS 6.0,ASP.NET 1.1 and confiig error
      ... "On" Always display custom messages. ... on the local Web server. ... This section sets the authentication policies of the application. ... configuration file located in the root directory of the current web ...
      (microsoft.public.windows.server.general)
    • Re: Client access to Win2k3 web server requiring authentication
      ... Setting the authentication method of the target web server to Basic only did ... this is not an approved configuration and I would love to hear if ... > I assume that your client machine is behind an ISA and the ...
      (microsoft.public.isa)
    • Re: Authentication doesnt work when using non - microsoft browsers :-(
      ... Either fix the browser to support the authentication protocol of the server, ... give me the Authentication configuration of /secure inside of IIS Manager UI ...
      (microsoft.public.inetserver.iis.security)