Security for Windows 2000 Server

Archived from groups: microsoft.public.win2000.security (More info?)

Which guide should i consider to secure my windows 2000 server ?

as i found many different guides from Microsoft itself

1) Windows 2000 Security Hardening Guide
downloaded from
http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en

2)Securing Windows 2000 Server.pdf
downloaded from
http://www.microsoft.com/downloads/details.aspx?FamilyId=9964CF42-E236-4D73-AEF4-7B4FDC0A25F6&displaylang=en

3) Windows 2000 Security Configuration Guide
http://download.microsoft.com/download/8/c/c/8cc94365-13d6-4975-bf69-9d4cd16a01a7/w2kccscg.pdf

I found no problem to secure my Windows XP systems, as i found only one
security guide from Microsoft
but this is not the case with 2000 server

please do help me !

Any help is greatly appreciated !

Thanks in advance !!!

Cheers,
Shekar
7 answers Last reply
More about security windows 2000 server
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    The first guide is a broad baseline security guide that is appropriate for
    most installations. It is the foundation for the more specific role-based
    guidance that's described in the second guide. The third guide is specific
    to the Windows 2000 configuration that attained Common Criteria certification.

    Generally we recommend you follow the first and use the specific recommendations
    from the second that are appropriate for your environment. Use the third
    (rather than the others) only if you have a need to exactly duplicate CC
    settings (which is generally not necessary).

    Steve Riley
    steriley@microsoft.com


    > Which guide should i consider to secure my windows 2000 server ?
    >
    > as i found many different guides from Microsoft itself
    >
    > 1) Windows 2000 Security Hardening Guide downloaded from
    > http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8
    > -4C8F-A9D0-A0201F639A56&DisplayLang=en
    >
    > 2)Securing Windows 2000 Server.pdf downloaded from
    > http://www.microsoft.com/downloads/details.aspx?FamilyId=9964CF42-E236
    > -4D73-AEF4-7B4FDC0A25F6&displaylang=en
    >
    > 3) Windows 2000 Security Configuration Guide
    > http://download.microsoft.com/download/8/c/c/8cc94365-13d6-4975-bf69-9
    > d4cd16a01a7/w2kccscg.pdf
    >
    > I found no problem to secure my Windows XP systems, as i found only
    > one security guide from Microsoft but this is not the case with 2000
    > server
    >
    > please do help me !
    >
    > Any help is greatly appreciated !
    >
    > Thanks in advance !!!
    >
    > Cheers, Shekar
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    There is a lot of overlap between all of them but I like the first two in
    your list. If I had to pick one it would be Securing Windows 2000 Server. It
    looks like the first half of that guide is a lot about risk management
    theory and the last half is about actual recommendations. I would read
    through the first part and focus on procedures in starting with chapter five
    which includes most of what is covered in the Windows 2000 Security
    Hardening Guide. --- Steve


    "ambharish" <ambharish@discussions.microsoft.com> wrote in message
    news:1F0BAF20-783D-45C4-A529-ED0451CE0CBA@microsoft.com...
    > Which guide should i consider to secure my windows 2000 server ?
    >
    > as i found many different guides from Microsoft itself
    >
    > 1) Windows 2000 Security Hardening Guide
    > downloaded from
    > http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en
    >
    > 2)Securing Windows 2000 Server.pdf
    > downloaded from
    > http://www.microsoft.com/downloads/details.aspx?FamilyId=9964CF42-E236-4D73-AEF4-7B4FDC0A25F6&displaylang=en
    >
    > 3) Windows 2000 Security Configuration Guide
    > http://download.microsoft.com/download/8/c/c/8cc94365-13d6-4975-bf69-9d4cd16a01a7/w2kccscg.pdf
    >
    > I found no problem to secure my Windows XP systems, as i found only one
    > security guide from Microsoft
    > but this is not the case with 2000 server
    >
    > please do help me !
    >
    > Any help is greatly appreciated !
    >
    > Thanks in advance !!!
    >
    > Cheers,
    > Shekar
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks for the valuable info,

    Do u mean for providing security to "Member Server" I need to consider
    "Hardening Guide"(W2KHG-MemberServer) and for more specific recommendations
    such as File and Print Server use the "Securing Windows 2000 Server"

    INF Files from Hardening Guide
    W2KHG-baseline
    W2KHG-MemberServer ***Used for Member Server***
    W2KHG-DomainController ***used for Domain Controller***
    W2KHG-StandaloneServer

    INF Files from Securing Windows 2000 Server
    MSS Domain
    MSS Baseline ***Used for Member Server***
    MSS DCBaseline Role ***used for Domain Controller***
    MSS FilePrint Role
    MSS Infrastructure Role
    MSS IIS Role
    MSS Optional File System ACLs

    When both the documents provide security for Member Server, then why should
    i consider
    Hardening Guide

    and more over

    is it ok to consider only "Securing Windows 2000 Server" as it sounds complete
    providing security to almost any role except stand-alone
    and consider only Stand-alone role from hardening guide
    NOTE: "Securing Windows 2000 Server" gives recommendations based on
    fictitious organization
    which he called "Contoso"

    it would be great if these concerns are clarified

    Thanks in advance

    --Shekar


    "Steve Riley [MSFT]" wrote:

    > The first guide is a broad baseline security guide that is appropriate for
    > most installations. It is the foundation for the more specific role-based
    > guidance that's described in the second guide. The third guide is specific
    > to the Windows 2000 configuration that attained Common Criteria certification.
    >
    > Generally we recommend you follow the first and use the specific recommendations
    > from the second that are appropriate for your environment. Use the third
    > (rather than the others) only if you have a need to exactly duplicate CC
    > settings (which is generally not necessary).
    >
    > Steve Riley
    > steriley@microsoft.com
    >
    >
    >
    > > Which guide should i consider to secure my windows 2000 server ?
    > >
    > > as i found many different guides from Microsoft itself
    > >
    > > 1) Windows 2000 Security Hardening Guide downloaded from
    > > http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8
    > > -4C8F-A9D0-A0201F639A56&DisplayLang=en
    > >
    > > 2)Securing Windows 2000 Server.pdf downloaded from
    > > http://www.microsoft.com/downloads/details.aspx?FamilyId=9964CF42-E236
    > > -4D73-AEF4-7B4FDC0A25F6&displaylang=en
    > >
    > > 3) Windows 2000 Security Configuration Guide
    > > http://download.microsoft.com/download/8/c/c/8cc94365-13d6-4975-bf69-9
    > > d4cd16a01a7/w2kccscg.pdf
    > >
    > > I found no problem to secure my Windows XP systems, as i found only
    > > one security guide from Microsoft but this is not the case with 2000
    > > server
    > >
    > > please do help me !
    > >
    > > Any help is greatly appreciated !
    > >
    > > Thanks in advance !!!
    > >
    > > Cheers, Shekar
    > >
    >
    >
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks Steve !

    i do think same but want to be bit confident before going for it

    i dont understand y Microsoft provides different security guides

    if they are for different purpose
    the overlap creates problem

    Cheers,
    Shekar


    Cheers,
    Shekar

    "Steven L Umbach" wrote:

    > There is a lot of overlap between all of them but I like the first two in
    > your list. If I had to pick one it would be Securing Windows 2000 Server. It
    > looks like the first half of that guide is a lot about risk management
    > theory and the last half is about actual recommendations. I would read
    > through the first part and focus on procedures in starting with chapter five
    > which includes most of what is covered in the Windows 2000 Security
    > Hardening Guide. --- Steve
    >
    >
    > "ambharish" <ambharish@discussions.microsoft.com> wrote in message
    > news:1F0BAF20-783D-45C4-A529-ED0451CE0CBA@microsoft.com...
    > > Which guide should i consider to secure my windows 2000 server ?
    > >
    > > as i found many different guides from Microsoft itself
    > >
    > > 1) Windows 2000 Security Hardening Guide
    > > downloaded from
    > > http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en
    > >
    > > 2)Securing Windows 2000 Server.pdf
    > > downloaded from
    > > http://www.microsoft.com/downloads/details.aspx?FamilyId=9964CF42-E236-4D73-AEF4-7B4FDC0A25F6&displaylang=en
    > >
    > > 3) Windows 2000 Security Configuration Guide
    > > http://download.microsoft.com/download/8/c/c/8cc94365-13d6-4975-bf69-9d4cd16a01a7/w2kccscg.pdf
    > >
    > > I found no problem to secure my Windows XP systems, as i found only one
    > > security guide from Microsoft
    > > but this is not the case with 2000 server
    > >
    > > please do help me !
    > >
    > > Any help is greatly appreciated !
    > >
    > > Thanks in advance !!!
    > >
    > > Cheers,
    > > Shekar
    >
    >
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    From what I have read the guides give pretty consistent advice. The Securing
    Windows 2000 Server seems to have added some additional info for using ipsec
    filtering to secure the network. If you have a question on conflicting
    advice be sure to post back if you want some opinions. A lot of the advice
    given in the guides depends on the makeup of the network as far as downlevel
    clients, etc. Anyhow it is great you are taking steps to secure the network
    and I would also recommend reviewing the Antivirus in Depth Guide from
    Microsoft as the other security guides do not go into much detail on malware
    or firewalls. --- Steve

    http://www.microsoft.com/technet/security/guidance/avdind_0.mspx ---
    AntiVirus in Depth Guide.

    "ambharish" <ambharish@discussions.microsoft.com> wrote in message
    news:347635C0-73FD-4B6C-BF75-8919270B8617@microsoft.com...
    > Thanks Steve !
    >
    > i do think same but want to be bit confident before going for it
    >
    > i dont understand y Microsoft provides different security guides
    >
    > if they are for different purpose
    > the overlap creates problem
    >
    > Cheers,
    > Shekar
    >
    >
    >
    >
    >
    > Cheers,
    > Shekar
    >
    > "Steven L Umbach" wrote:
    >
    >> There is a lot of overlap between all of them but I like the first two in
    >> your list. If I had to pick one it would be Securing Windows 2000 Server.
    >> It
    >> looks like the first half of that guide is a lot about risk management
    >> theory and the last half is about actual recommendations. I would read
    >> through the first part and focus on procedures in starting with chapter
    >> five
    >> which includes most of what is covered in the Windows 2000 Security
    >> Hardening Guide. --- Steve
    >>
    >>
    >> "ambharish" <ambharish@discussions.microsoft.com> wrote in message
    >> news:1F0BAF20-783D-45C4-A529-ED0451CE0CBA@microsoft.com...
    >> > Which guide should i consider to secure my windows 2000 server ?
    >> >
    >> > as i found many different guides from Microsoft itself
    >> >
    >> > 1) Windows 2000 Security Hardening Guide
    >> > downloaded from
    >> > http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en
    >> >
    >> > 2)Securing Windows 2000 Server.pdf
    >> > downloaded from
    >> > http://www.microsoft.com/downloads/details.aspx?FamilyId=9964CF42-E236-4D73-AEF4-7B4FDC0A25F6&displaylang=en
    >> >
    >> > 3) Windows 2000 Security Configuration Guide
    >> > http://download.microsoft.com/download/8/c/c/8cc94365-13d6-4975-bf69-9d4cd16a01a7/w2kccscg.pdf
    >> >
    >> > I found no problem to secure my Windows XP systems, as i found only one
    >> > security guide from Microsoft
    >> > but this is not the case with 2000 server
    >> >
    >> > please do help me !
    >> >
    >> > Any help is greatly appreciated !
    >> >
    >> > Thanks in advance !!!
    >> >
    >> > Cheers,
    >> > Shekar
    >>
    >>
    >>
  6. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks Steve !

    I did consider "Securing Windows 2000 Server"

    it took lot of time to decide !!!

    Thanks once again

    Cheers,
    Shekar


    "Steven L Umbach" wrote:

    > From what I have read the guides give pretty consistent advice. The Securing
    > Windows 2000 Server seems to have added some additional info for using ipsec
    > filtering to secure the network. If you have a question on conflicting
    > advice be sure to post back if you want some opinions. A lot of the advice
    > given in the guides depends on the makeup of the network as far as downlevel
    > clients, etc. Anyhow it is great you are taking steps to secure the network
    > and I would also recommend reviewing the Antivirus in Depth Guide from
    > Microsoft as the other security guides do not go into much detail on malware
    > or firewalls. --- Steve
    >
    > http://www.microsoft.com/technet/security/guidance/avdind_0.mspx ---
    > AntiVirus in Depth Guide.
    >
    > "ambharish" <ambharish@discussions.microsoft.com> wrote in message
    > news:347635C0-73FD-4B6C-BF75-8919270B8617@microsoft.com...
    > > Thanks Steve !
    > >
    > > i do think same but want to be bit confident before going for it
    > >
    > > i dont understand y Microsoft provides different security guides
    > >
    > > if they are for different purpose
    > > the overlap creates problem
    > >
    > > Cheers,
    > > Shekar
    > >
    > >
    > >
    > >
    > >
    > > Cheers,
    > > Shekar
    > >
    > > "Steven L Umbach" wrote:
    > >
    > >> There is a lot of overlap between all of them but I like the first two in
    > >> your list. If I had to pick one it would be Securing Windows 2000 Server.
    > >> It
    > >> looks like the first half of that guide is a lot about risk management
    > >> theory and the last half is about actual recommendations. I would read
    > >> through the first part and focus on procedures in starting with chapter
    > >> five
    > >> which includes most of what is covered in the Windows 2000 Security
    > >> Hardening Guide. --- Steve
    > >>
    > >>
    > >> "ambharish" <ambharish@discussions.microsoft.com> wrote in message
    > >> news:1F0BAF20-783D-45C4-A529-ED0451CE0CBA@microsoft.com...
    > >> > Which guide should i consider to secure my windows 2000 server ?
    > >> >
    > >> > as i found many different guides from Microsoft itself
    > >> >
    > >> > 1) Windows 2000 Security Hardening Guide
    > >> > downloaded from
    > >> > http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en
    > >> >
    > >> > 2)Securing Windows 2000 Server.pdf
    > >> > downloaded from
    > >> > http://www.microsoft.com/downloads/details.aspx?FamilyId=9964CF42-E236-4D73-AEF4-7B4FDC0A25F6&displaylang=en
    > >> >
    > >> > 3) Windows 2000 Security Configuration Guide
    > >> > http://download.microsoft.com/download/8/c/c/8cc94365-13d6-4975-bf69-9d4cd16a01a7/w2kccscg.pdf
    > >> >
    > >> > I found no problem to secure my Windows XP systems, as i found only one
    > >> > security guide from Microsoft
    > >> > but this is not the case with 2000 server
    > >> >
    > >> > please do help me !
    > >> >
    > >> > Any help is greatly appreciated !
    > >> >
    > >> > Thanks in advance !!!
    > >> >
    > >> > Cheers,
    > >> > Shekar
    > >>
    > >>
    > >>
    >
    >
    >
  7. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Steve

    As i said i m cosidering "Microsoft Solutions for Security" for securing my
    Windows 2000 Server

    I have a small concern about Registry permissions(Appendis B) given at page
    378

    The following info is given for each registry

    Permissions Apply
    Configure & Propagate
    Configure & Replace
    Do Not Replace
    Inheritable/Can Propagate

    I could understand all of them but except "Inheritable/Can Propagate"

    I mapped "Inheritable/Can Propagate" to
    Allow inheritable permissions from parent to propagate to this object checkbox

    but felt its ambiguous
    as this(Inheritable/Can Propagate) was selected only when "Do Not Replace"
    was selected

    could u please tell me know where does this(Inheritable/Can Propagate) fit
    in DACL Editor

    i m reposting in this thread expecting u r help

    any help will be greatly appreciated

    Thanks in advance !!!

    Cheers,
    ambharish

    "Steven L Umbach" wrote:

    > From what I have read the guides give pretty consistent advice. The Securing
    > Windows 2000 Server seems to have added some additional info for using ipsec
    > filtering to secure the network. If you have a question on conflicting
    > advice be sure to post back if you want some opinions. A lot of the advice
    > given in the guides depends on the makeup of the network as far as downlevel
    > clients, etc. Anyhow it is great you are taking steps to secure the network
    > and I would also recommend reviewing the Antivirus in Depth Guide from
    > Microsoft as the other security guides do not go into much detail on malware
    > or firewalls. --- Steve
    >
    > http://www.microsoft.com/technet/security/guidance/avdind_0.mspx ---
    > AntiVirus in Depth Guide.
    >
    > "ambharish" <ambharish@discussions.microsoft.com> wrote in message
    > news:347635C0-73FD-4B6C-BF75-8919270B8617@microsoft.com...
    > > Thanks Steve !
    > >
    > > i do think same but want to be bit confident before going for it
    > >
    > > i dont understand y Microsoft provides different security guides
    > >
    > > if they are for different purpose
    > > the overlap creates problem
    > >
    > > Cheers,
    > > Shekar
    > >
    > >
    > >
    > >
    > >
    > > Cheers,
    > > Shekar
    > >
    > > "Steven L Umbach" wrote:
    > >
    > >> There is a lot of overlap between all of them but I like the first two in
    > >> your list. If I had to pick one it would be Securing Windows 2000 Server.
    > >> It
    > >> looks like the first half of that guide is a lot about risk management
    > >> theory and the last half is about actual recommendations. I would read
    > >> through the first part and focus on procedures in starting with chapter
    > >> five
    > >> which includes most of what is covered in the Windows 2000 Security
    > >> Hardening Guide. --- Steve
    > >>
    > >>
    > >> "ambharish" <ambharish@discussions.microsoft.com> wrote in message
    > >> news:1F0BAF20-783D-45C4-A529-ED0451CE0CBA@microsoft.com...
    > >> > Which guide should i consider to secure my windows 2000 server ?
    > >> >
    > >> > as i found many different guides from Microsoft itself
    > >> >
    > >> > 1) Windows 2000 Security Hardening Guide
    > >> > downloaded from
    > >> > http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en
    > >> >
    > >> > 2)Securing Windows 2000 Server.pdf
    > >> > downloaded from
    > >> > http://www.microsoft.com/downloads/details.aspx?FamilyId=9964CF42-E236-4D73-AEF4-7B4FDC0A25F6&displaylang=en
    > >> >
    > >> > 3) Windows 2000 Security Configuration Guide
    > >> > http://download.microsoft.com/download/8/c/c/8cc94365-13d6-4975-bf69-9d4cd16a01a7/w2kccscg.pdf
    > >> >
    > >> > I found no problem to secure my Windows XP systems, as i found only one
    > >> > security guide from Microsoft
    > >> > but this is not the case with 2000 server
    > >> >
    > >> > please do help me !
    > >> >
    > >> > Any help is greatly appreciated !
    > >> >
    > >> > Thanks in advance !!!
    > >> >
    > >> > Cheers,
    > >> > Shekar
    > >>
    > >>
    > >>
    >
    >
    >
Ask a new question

Read More

Security Windows 2000 Microsoft Servers Windows