Tuesday, January 16, 2007

Securing Windows Member Servers

Every company has member servers at some capacity or another. Some companies have just a few, where others might have thousands. These member servers are the work horses of your network, providing the core production services for the company. From running the intranet, providing print services, SQL databases, e-mail services, file storage, and application support. With member servers providing all of these essential functions, it goes hand-in-hand with the fact that you need to protect these servers. This article will discuss some of key security configurations that can be made to help protect your member servers.

Introduction


Member servers are those servers in your Active Directory environment that don’t provide authentication for domain user accounts. This task is left to the domain controllers. Even though member servers don’t provide authentication for domain users, they still provide essential functions for your company. When it comes down to it, member servers provide the backbone of services, applications, file storage, and more for your company.

Member servers come in all sizes, responsibilities, and functions. Some of the more common tasks that member servers are responsible for include:

  • File storage
  • Printer management
  • SQL Database storage and management
  • E-mail management
  • Web services
  • Applications
  • Faxing
  • Image management
  • Human resource functions
  • Financial application functions

With member servers driving and containing such important information and data, it is no wonder that these servers should be at the top of the list when it comes to protecting computers on the network. There are of course obvious security measures that you can take, such as locking the servers in an isolated room and then within a locked cage within the room. However, there are logical configurations that you can also make to help protect these servers. Here, we will expose those areas and discuss the best ways to accomplish securing your member servers.

Security Areas of Member Servers


There are plenty of security areas that need to be addressed when it comes to protecting your member servers. Some of the most important areas are also some of the easiest to configure, once you are aware of the tools available to ensure the security configurations are made correctly. The most important areas that all member servers need protected include:

  • Local SAM
  • Ports
  • Services
  • User Rights
  • Application permissions

We will investigate each of these areas, exposing the most efficient methods available to configure each member server to ensure the settings are correct and persistent. By far one of the most useful tools for configuring security of member servers, or any computer in the Active Directory network for that matter, is Group Policy. Each of the solutions will include using Group Policy, which is being used more and more by companies today. (To get more information on Group Policy, refer to “The Group Policy Guide,” by Microsoft Press.)



http://www.windowsecurity.com/articles/Securing-Windows-Member-Servers.html