RE: Binding Windows Services to Specific Addresses Only

From: Devin Ganger <DevinG@xxxxxxxxxx>
Date: Fri, 9 May 2008 10:43:10 -0700

This is a great list, Wayne!

However, I've got one addition for you.

Wayne S. Anderson wrote:

3) Immediately review the service configuration and default
accounts. If you don't need them, disable them, or in the
case of services at least set them to manual so they do not
run by default. With Windows default accounts, make sure that
the steps that you can take, you have.

<snip>

With the services, take the most restrictive approach possible.
Remember, if something doesn't start, we can always restart
whatever was stopped so its ok if something now fails to start.
We just make the necessary adjustments and restart it and we
know not to stop that particular service again ;) You ARE
building the security for this server while it is in a build
or pre-production stage..... right? You should be able to risk
causing other service failures while you determine what services
are necessary.

Don't forget that with Windows Server 2003 SP1 and later, the OS includes a great tool for automating a lot of this work for you -- the Security Configuration Wizard. You'll need to go into Add/Remove Programs, Add/Remove Windows Components to ensure that it's installed on the system, but once you do -- it's a great tool that allows you to define and manage security policy for multiple systems.

--
Devin L. Ganger, Exchange MVP Email: deving@xxxxxxxxxx
3Sharp Phone: 425.882.1032
14700 NE 95th Suite 210 Cell: 425.239.2575
Redmond, WA 98052 Fax: 425.558.5710
(e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/

Follow-Ups:
- RE: Binding Windows Services to Specific Addresses Only
  - From: Wayne S. Anderson

References:
- Binding Windows Services to Specific Addresses Only
  - From: Christian Koerner
- Re: Binding Windows Services to Specific Addresses Only
  - From: Steve Friedl
- RE: Binding Windows Services to Specific Addresses Only
  - From: Wayne S. Anderson

Prev by Date: RE: Binding Windows Services to Specific Addresses Only
Next by Date: RE: Binding Windows Services to Specific Addresses Only
Previous by thread: RE: Binding Windows Services to Specific Addresses Only
Next by thread: RE: Binding Windows Services to Specific Addresses Only
Index(es):
- Date
- Thread

Relevant Pages

Re: Annoyance - not enough memory???
... Open OE and read mail in one of my accounts. ... Worse yet, when I click on the "x" to close it out and restart, it still is running ... according to Windows Task Manager so I have to manually shut it off. ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: Annoyance - not enough memory???
... Open OE and read mail in one of my accounts. ... Worse yet, when I click on the "x" to close it out and restart, it still is running ... according to Windows Task Manager so I have to manually shut it off. ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: outlook 2003 wont recognize my email accounts
... outlook) and manually entered ONE email account. ... Tools> Accounts> add> ... It showed all three under Tools> Email Accounts. ... tried restart of machine 2x. ...
(microsoft.public.outlook.installation)
Re: outlook 2003 wont recognize my email accounts
... It showed all three under Tools> Email Accounts. ... Home and Outlook for multiple email accounts in pop3. ... tried restart of machine 2x. ...
(microsoft.public.outlook.installation)
Re: IE open error
... clear the Enable third-party browser extensions (requires restart) check box. ... To remove the toolbars, BHOs: ... I have two other accounts besides owner account, ...
(microsoft.public.windows.inetexplorer.ie6.browser)