The SCW is *very* cool... It's just what many administrators need to easily
lock down a server. One quick note though for those using the Win2k3 POP
Service with users logging on via SPA: In the SCW config for Registry
Settings, under Inbound Authentication Methods, you must make sure that
"Computers that have not been configured to use NTLMv2 authentication" is
selected, as the POP3 SPA (secure password authentication) uses a Type 3
NTLM logon process. Even in role-specific POP3/Web configs where file and
print sharing is not bound to the adapter and 139/445 blocked (where the
server performs no ms client "authentication") you still need the registry
value set correctly for SPA to work.
t
----- Original Message -----
From: "Ryan Gravlin" <RGravlin@newvision-inc.com>
To: "Thaddeus McNamara" <tk@coast-radio.com>; <focus-ms@securityfocus.com>
Sent: Tuesday, April 05, 2005 6:21 AM
Subject: RE: Windows Server 2003 Service Pack 1
I have installed it on a Windows 2003 Standard test server. It's
actually very nice, although the security configuration wizard isn't
installed by default. It comes with a firewall exactly like XP SP2.
The configuration tool itself is really nice, it uses the server role
selection and then continues to:
- shut off client services (dns, dhcp, wins, etc...)
- enable/disable administration services (rdp, backup, firewall, etc...)
- network ports to open (http, dns, etc... You can also add your own!!)
- SMB security signature requirements
- methods used to authenticate with remote computers (domain, local,
file sharing accounts)
- inbound authentication methods (remote hosts that require lan manager,
not configured to use ntlmv2
- configure auditing
- enable/disable web extensions for IIS
- directories to retain for IIS
- deny anonymous write access to content files
Overall pretty nice!!
Hope that answers your question.
Ryan Gravlin
New Vision Consulting, Inc.
-----Original Message-----
From: Thaddeus McNamara [mailto:tk@coast-radio.com]
Sent: Friday, April 01, 2005 2:54 PM
To: focus-ms@securityfocus.com
Subject: Windows Server 2003 Service Pack 1
Has anyone had time to install and test the new Windows Server 2003
Service Pack 1? I haven't seen or heard much of anything on it... But,
I have been a smidge on the BUSY side...
Thadd McNamara
Coast Radio Co., Inc.
IT Director
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
