Re: Need help locking down a server
- From: "Chris Hall" <someone@xxxxxxxxxxxxx>
- Date: Fri, 15 Dec 2006 10:16:53 -0500
Thanks all for the input. For now, we ended up setting some allow/deny local
logon and remote desktop access to our IT staff. We also have changed the
admin password. Not as complicated as I thought....
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:eYMCDh8HHHA.1248@xxxxxxxxxxxxxxxxxxxxxxx
Hi Chrisexcept
You would probably be well-informed by checking into
http://www.microsoft.com/technet/security/guidance/default.mspx
particularly in the "by product" section the two guides you will
locate under Exchange Server and under Windows 2003 Server
While I agree, it is admirable to limit excess administrative
access, I am scratching my head at the net result of your 3
proposed actions.
One controls local logon by use of the User Rights settings
that govern the machine. One may list groups and/or accounts
in the grants of logon rights (or deny of same).
"Chris Hall" <someone@xxxxxxxxxxxxx> wrote in message
news:e7gSEe5HHHA.3952@xxxxxxxxxxxxxxxxxxxxxxx
Greetings,
I'm looking into options to secure our mail server (Exchange 2003 on
Windows
2003). We have an IT staff of 5 people, which includes our dept mgr, all
of
which have access to the administrator password and whose accounts are
members of the Domain Admins group. What I propose to do is:
1. Change Admin password, allowing only one person access.
2. Disable Remote Desktop
3. Deny Logon Locally.
The only thing I can't seem to figure out is how to deny all users
administrator.
If anyone has any suggestions, I'd appreciate it!
.
- References:
- Need help locking down a server
- From: Chris Hall
- Re: Need help locking down a server
- From: Roger Abell [MVP]
- Need help locking down a server
- Prev by Date: Yow!!!
- Next by Date: Re: Need help locking down a server
- Previous by thread: Re: Need help locking down a server
- Next by thread: Re: Need help locking down a server
- Index(es):
Relevant Pages
|
|
