Exercise:Design Additional Server Security Based on Role
In this exercise, you will provide your plan for providing additional MCSE 2003 security based on role. To do so, answer the following question.
1. What additional security elements should be addressed for server roles?
Chapter Summary
Security templates should be designed to apply security based on the role that a server will perform on the network.
Use the “allow the absolute minimum of function, maximum of security” dictum to design security templates.
If a service is not used, disable it.
If a setting can be locked down, lock it down.
Use incremental templates to provide a server with the ability to perform its function.
Before taking the exam, review these key points and terms. You need to know this information.
Server roles are the categories that indicate the specific function that a server plays on the network.
Baseline and incremental templates are combined with an OU infrastructure to deliver the maximum security configuration to servers on a network while still allowing them to perform their function.Baseline templates should be configured to the maximum security settings that will allow a server to still run, and incremental templates relax this security so that a MCITP study guides free download can play a specific role.Security templates should be configured with the organization’s security policy in mind.
Baseline template A security template that is configured to lock down a Windows computer to the maximum amount for a specific network.
Incremental template A security template that, when used to configure security settings on a computer, relaxes security so that a specific server role can be implemented.
Security template A list of security configurations in a file. The file can be used to configure security on a computer or analyze security on a computer, or it can be imported into a Group Policy object and used to configure security on multiple computers.
Server role The job that a server plays on the network, such as file server or print server.
Debugging shouldn’t be occurring on a production computer. Revoke for all security groups and accounts. No one should have this privilege.
Processing your request, Please wait....
