Re: Program to Walk Through Securing Windows 2000 Box
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/07/05
- Previous message: Will: "Program to Walk Through Securing Windows 2000 Box"
- In reply to: Will: "Program to Walk Through Securing Windows 2000 Box"
- Next in thread: Will: "Re: Program to Walk Through Securing Windows 2000 Box"
- Reply: Will: "Re: Program to Walk Through Securing Windows 2000 Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 7 Apr 2005 01:45:40 -0500
The Microsoft Baseline Security Analyzer could be a start to check basic
security vulnerabilities. Beyond that I don't know of an automated program.
Your best bet would be to create a security template baseline for that
computer. Then it could be enforced via Group Policy or local Group Policy
startup script or scheduled task using secedit to apply the template. A
security template can enforce password policy for local users, audit policy,
user rights, security options, file system permissions, registry
permissions, and services for startup type and permissions. Security
templates can then be applied to other computers with secedit or via Group
Policy. If you applied the security template to an OU, then any computer you
place in the OU would have that security template applied to it. Using the
Security Configuration and Analysis mmc snapin tool [or secedit in a script
to automate] could be used to make sure that computers are kept in a secure
state by doing a periodic analysis using the security template that you use
to harden the server.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/seconfig.mspx
-- secedit including gui
Keeping current with critical security updates can also be automated and
occasionally verified with MBSA or mbsacli command line tool. Implementing
SUS on the network would allow you to approve which updates can be applied
to the computer to allow for testing for compatibility. For security that
can not be applied via security policy such as disabling lm hash you could
use a startup script with a reg file to modify the registry or upgrade to
Windows 2003 which has more security options.. --- Steve
"Will" <DELETE_westes@earthbroadcast.com> wrote in message
news:Omq%23TfzOFHA.3072@TK2MSFTNGP09.phx.gbl...
> Is there a program that will walk through step-by-step the securing of a
> Windows 2000 box that needs to be extremely hardened? I realize there
> are
> Microsoft documents that discuss the steps, but it would be nice to have a
> program that works in the form of a wizard to analyze the current
> condition
> of the box, then allow you to automatically reset the attribute to a more
> hardened state. Such a program could then periodically be run to
> re-analyze the settings against some ideal. The state of the box could
> also be saved to a configuration file, to help automate bringing other
> boxes
> to an identical condition.
>
> --
> Will
>
>
>
- Previous message: Will: "Program to Walk Through Securing Windows 2000 Box"
- In reply to: Will: "Program to Walk Through Securing Windows 2000 Box"
- Next in thread: Will: "Re: Program to Walk Through Securing Windows 2000 Box"
- Reply: Will: "Re: Program to Walk Through Securing Windows 2000 Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
