Re: Hardening Member Servers
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/27/05
- Next message: Steven L Umbach: "Re: DMZ and Memberservers"
- Previous message: Steven L Umbach: "Re: Active Directory User Passwords."
- In reply to: Rob: "Hardening Member Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 May 2005 18:08:31 -0500
You could put those servers into an OU with it's own GPO and then configure
the user right for logon locally to contain only the groups/users that you
want to be able to logon to locally. Be very careful with security templates
and test them out thoroughly first on a test network or at least test OU as
too extreme security settings can break access that you want to have. Also
ipsec can be used to control access to your servers requiring that the
computer trying to access needs to authenticate with it via kerberos and be
compatible with it's ipsec policy. Ipsec policies need to be thoroughly
tested before implementing and domain controllers must be exempt from ipsec
ESP/AH traffic with domain members. --- Steve
"Rob" <Rob@discussions.microsoft.com> wrote in message
news:B23DB4AF-C391-4651-9482-82091B1B29DA@microsoft.com...
> Hello,
>
> I want to prevent unauthorized access to the member servers on our domain.
> I
> know windows 2k has some built in security templates but is there a good
> site
> or something for this info or better templates? I want to make sure only
> authorized users can logon locally etc. Any help is greatly appreciated.
>
> Thanks
>
> --
> Rob
> IT guy!
- Next message: Steven L Umbach: "Re: DMZ and Memberservers"
- Previous message: Steven L Umbach: "Re: Active Directory User Passwords."
- In reply to: Rob: "Hardening Member Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
