Locking Down Windows Server 2003

Microsoft released a massive set of documents and guidelines to help administrators lock down servers running the company's new OS.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Microsoft Corp. on Thursday released a massive set of documents and guidelines meant to help administrators lock down servers running the companys new Windows Server 2003 operating system.

Released this week, the new OS is the first major product to come out of the Redmond, Wash., company since the start of its Trustworthy Computing initiative in January 2002. Several Microsoft executives said they see the security and reliability of Windows Server 2003 as a key test of the efforts effectiveness.

The meat of the new documents is contained in the Windows Server 2003 Security Guide, nearly 300 pages of instructions and guidance on securing every piece of the new OS. There are 12 chapters, including individual sections on securing the notoriously troublesome IIS Web server, print servers, file servers and domain controllers. The main guide also comes with a set of tools and templates. Included in this are security checklists for each of the server components of the new OS, sample scripts and a test guide.

"The new guides provide detailed security guidance on Microsoft Windows Server 2003 that is authoritative, proven and tested. The guides are designed to allow users to assess and mitigate a wide range of significant security issues that may exist in their environment," Michael Howard, a senior security program manager at Microsoft, and one of the authors of the book "Writing Secure Code," said in a message announcing the release of the security guides. "While the default installation of the product is designed to be secure, a number of security settings can be further configured based on specific requirements and scenarios."

In addition to the main security guide, Microsoft also published a separate document called "Threats and Countermeasures: Security Settings in Windows Servers 2003 and Windows XP." This lays out each security setting in the OS along with a description of exactly which threat the setting was designed to counter. It also describes the effects of implementing each of the settings.

The guides are all available for download here.

Latest Security News:

Search for more stories by Dennis Fisher.
Find white papers on security.
For more on Windows Server 2003, see our special section.