Re: Windows Server 2003 Service Pack 1

From: Thor (Hammer of God) (thor_at_hammerofgod.com)
Date: 04/05/05

  • Next message: Brian Melancon: "Re: Windows Server 2003 Service Pack 1"
    To: <focus-ms@securityfocus.com>
    Date: Tue, 5 Apr 2005 13:23:10 -0700
    
    

    The SCW is *very* cool... It's just what many administrators need to easily
    lock down a server. One quick note though for those using the Win2k3 POP
    Service with users logging on via SPA: In the SCW config for Registry
    Settings, under Inbound Authentication Methods, you must make sure that
    "Computers that have not been configured to use NTLMv2 authentication" is
    selected, as the POP3 SPA (secure password authentication) uses a Type 3
    NTLM logon process. Even in role-specific POP3/Web configs where file and
    print sharing is not bound to the adapter and 139/445 blocked (where the
    server performs no ms client "authentication") you still need the registry
    value set correctly for SPA to work.

    t

    ----- Original Message -----
    From: "Ryan Gravlin" <RGravlin@newvision-inc.com>
    To: "Thaddeus McNamara" <tk@coast-radio.com>; <focus-ms@securityfocus.com>
    Sent: Tuesday, April 05, 2005 6:21 AM
    Subject: RE: Windows Server 2003 Service Pack 1

    I have installed it on a Windows 2003 Standard test server. It's
    actually very nice, although the security configuration wizard isn't
    installed by default. It comes with a firewall exactly like XP SP2.
    The configuration tool itself is really nice, it uses the server role
    selection and then continues to:

    - shut off client services (dns, dhcp, wins, etc...)
    - enable/disable administration services (rdp, backup, firewall, etc...)
    - network ports to open (http, dns, etc... You can also add your own!!)
    - SMB security signature requirements
    - methods used to authenticate with remote computers (domain, local,
    file sharing accounts)
    - inbound authentication methods (remote hosts that require lan manager,
    not configured to use ntlmv2
    - configure auditing
    - enable/disable web extensions for IIS
    - directories to retain for IIS
    - deny anonymous write access to content files

    Overall pretty nice!!

    Hope that answers your question.

    Ryan Gravlin

    New Vision Consulting, Inc.

    -----Original Message-----
    From: Thaddeus McNamara [mailto:tk@coast-radio.com]
    Sent: Friday, April 01, 2005 2:54 PM
    To: focus-ms@securityfocus.com
    Subject: Windows Server 2003 Service Pack 1

    Has anyone had time to install and test the new Windows Server 2003
    Service Pack 1? I haven't seen or heard much of anything on it... But,
    I have been a smidge on the BUSY side...

    Thadd McNamara
    Coast Radio Co., Inc.
    IT Director

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Brian Melancon: "Re: Windows Server 2003 Service Pack 1"