Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2003 : Creating a Baseline for Member Servers (part 2) - Setting Event Log Policies & Configuring Services

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
4/3/2011 11:40:17 AM

Setting Event Log Policies

The Event Log is an essential tool for Windows Server 2003 administrators, and the Event Log policies control various aspects of the log’s performance, including the maximum size of the logs, who has access to them, and how the logs behave when they reach their maximum size. The Event Log policies in a GPO are located in the Computer Configuration \ Windows Settings \Security Settings\Event Log container, as shown in Figure 6.

Figure 6. The Event Log container in the Group Policy Object Editor console

For each of the following, there are three policies, one for each of the logs: application, security, and system.

  • Maximum log size Specifies the maximum size the system permits, in kilobytes. Values must be in 64 KB increments, and the maximum value is 4,194,240 (4 gigabytes).

  • Prevent local guests group from accessing log Specifies whether members of the local Guests group on the computer are permitted to view the log file.

  • Retain log Specifies the number of days for which the log should retain information.

  • Retention method for log Specifies the behavior of the log when it reaches its maximum size, using the following options:

    • Overwrite Events By Days— The log retains the number of days of entries specified by the retain log policy. Once the log grows to the specified number of days, the system erases the oldest day’s entries each day.

    • Overwrite Events As Needed— The log erases the oldest individual entries as needed once the log file has reached the size specified in the maximum log size policy.

    • Do Not Overwrite Events (Clear Log Manually)— The system stops creating new entries when the log reaches the size specified in the maximum log size policy.

Creating an event logging configuration for a member server usually requires some experimentation. The best way to proceed is to configure the events and resources that you want to audit, and then let the logs accrue for several days. Calculate the average number of entries for each log per day and then decide how many days of history you want to retain. This enables you to determine a suitable maximum size for your logs.

Before setting the retain log and retention method for log policies, you should decide how often someone is going to review the logs and clear or archive them when necessary. If it is essential to retain all log information, you can specify a maximum size for the log and then enable the Security Options policy, Audit: Shut Down System Immediately If Unable To Log Security Audits, which forces you to manage the logs regularly.

Configuring Services

Windows Server 2003 installs a great many services with the operating system, and configures quite a few with the Automatic startup type, so that these services load automatically when the system starts. Many of these services are not needed in a typical member server configuration, and it is a good idea to disable the ones that the computer doesn’t need. Services are programs that run continuously in the background, waiting for another application to call on them. For this reason, services are also potential points of attack, which intruders might be able to exploit.

Instead of controlling the services manually, using the Services console, you can configure service parameters as part of a GPO. Applying the GPO to a container object causes the services on all the computers in that container to be reconfigured. To configure service parameters in the Group Policy Object Editor console, you browse to the Computer Configuration \ Windows Settings\Security Settings\System Services container and select the policies corresponding to the services you want to control (see Figure 7).

Figure 7. The System Services container in the Group Policy Object Editor console


Tip

When a service policy is left undefined, the service retains the default status that the Windows Server 2003 Setup program assigned it during the operating system installation. For example, even if you do not configure a particular service with the Automatic startup type, Windows Server 2003 itself might configure that service to load automatically. If you want to be certain that a service is disabled, you must activate the System Services policy and choose the Disabled option.


Table 1 contains the services that Windows Server 2003 typically installs on a member server. The Automatic column contains the services that Windows Server 2003 requires for basic system management and communications. The Manual column contains services that do not have to be running all the time, but which must be available so that other processes can activate them. The Disabled column contains services that the typical member server does not need, and which you can permanently deactivate, unless the computer has a specific need for them.

Table 1. Typical Member Server Service Assignments
AutomaticManualDisabled
Automatic UpdatesBackground Intelligent Transfer ServiceAlerter
Computer BrowserCOM+ Event SystemApplication Management
DHCP ClientLogical Disk Manager Administrative ServiceClipBook
Distributed Link Tracking ClientNetwork ConnectionsDistributed File System
DNS ClientNT LM Security Support ProviderDistributed Transaction Coordinator
Event LogPerformance Logs And AlertsFax Service (only present when a modem is installed)
IPSEC ServicesTerminal ServicesInternet Service
Logical Disk ManagerWindows InstallerInternet Connection Firewall (ICF)/Internet Connection Sharing (ICS)
Net LogonWindows Management Instrumentation Driver ExtensionsLicense Logging
Plug And Play Messenger
Protected Storage NetMeeting Remote Desktop Sharing
Remote Procedure Call (RPC) Network (DDE)
Remote Registry Network DDE DSDM
Security Accounts Manager Print Spooler
Server Remote Access Auto Connection Manager
System Event Notification Remote Access Connection Manager
TCP/IP NetBIOS Helper Removable Storage
Windows Management Instrumentation Routing And Remote Access
Windows Time Secondary Logon
Workstation Smart Card
  Task Scheduler
  Telephony
  Telnet
  Uninterruptible Power Supply

In a default Windows Server 2003 member server installation, the Setup program has already configured many of the services listed in Table 9-1 with the startup type values listed there. However, controlling service configurations with a GPO enables you to be sure that only the services you need are running.

Caution

Member servers might need other services to perform certain functions. You can create and apply additional GPOs to configure the services that servers performing particular roles need. Before deploying a server in a live environment, be sure to test the configuration thoroughly, to ensure that the modifications to the default setup do not interfere with the server’s operation.


Configuring Security Options

The Security Options container in the Group Policy Object Editor console contains a long list of policies that you can use to secure specific server elements. Almost all these policies are undefined in a default member server installation, but you can activate them and use them to secure your servers against a wide variety of accidents and threats. To configure these policies, browse to the Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options container in the Group Policy Object Editor console, as shown in Figure 8. Because these policies are widely divergent in their functions, the Properties dialog box for each one has different configuration options.

Figure 8. The Security Options container in the Group Policy Object Editor console

Some of the most useful Security Options policies are as follows:

  • Accounts: Administrator Account Status Enables or disables the computer’s local Administrator account.

  • Accounts: Guest Account Status Enables or disables the computer’s local Guest account.

  • Accounts: Rename Administrator Account Specifies an alternative name for the security identifier (SID) associated with the local Administrator account.

  • Accounts: Rename Guest Account Specifies an alternative name for the SID associated with the local Guest account.

  • Audit: Audit The Use Of Backup And Restore Privilege Causes the computer to audit all user privileges when the Audit Privilege Use policy is enabled, including all file system backups and restores.

  • Audit: Shut Down System Immediately If Unable To Log Security Audits Causes the computer to shut down if the system is unable to add auditing entries to the security log because the log has reached its maximum size.

  • Devices: Allowed To Format And Eject Removable Media Specifies which local groups are permitted to format and eject removable NTFS file system media.

  • Devices: Restrict CD-ROM Access To Locally Logged-on User Only Prevents network users from accessing the computer’s CD-ROM drives.

  • Devices: Restrict Floppy Access To Locally Logged-on User Only Prevents network users from accessing the computer’s floppy disk drive.

  • Domain Member: Maximum Machine Account Password Age Specifies how often the system changes its computer account password.

  • Interactive Logon: Do Not Require CTRL+ALT+DEL Select the Disable option to protect users against Trojan attacks that attempt to intercept users’ passwords.

  • Interactive Logon: Require Domain Controller Authentication To Unlock Workstation Prevents unlocking the computer using cached credentials. The computer must be able to use a domain controller to authenticate the user attempting to unlock the system for the process to succeed.

  • Microsoft Network Client: Digitally Sign Communications (Always) The computer requires packet signatures for all Server Message Block (SMB) client communications.

  • Microsoft Network Server: Digitally Sign Communications (Always) The computer requires packet signatures for all Server Message Block (SMB) server communications.

  • Network Access: Do Not Allow Anonymous Enumeration Of SAM Accounts And Shares Prevents anonymous users from determining the names of local user accounts and shares. This prevents potential intruders from gathering information about the computer without being authenticated.

  • Network Access: Remotely Accessible Registry Paths And Sub-paths Specifies which registry paths and subpaths qualified users can access over the network.

  • Network Access: Shares That Can Be Accessed Anonymously Specifies which shares anonymous users are permitted to access.

  • Network Security: Force Logoff When Logon Hours Expire Causes the computer to terminate existing local user connections when they reach the end of their specified logon time.

  • Shutdown: Allow System To Be Shut Down Without Having To Log On Activates the Shut Down button in the Log On To Windows dialog box.

Other -----------------
- Windows Server 2003 : Creating a Baseline for Member Servers (part 1) - Creating a Baseline Policy & Setting Audit Policies
- BizTalk 2010 Recipes : Orchestrations - Sending Messages
- BizTalk 2010 Recipes : Orchestrations - Receiving Messages
- SharePoint 2010 : Designing and Managing Pages and Sites for Knowledge Workers - Reviewing the Look and Feel Tools
- SharePoint 2010 : Designing and Managing Pages and Sites for Knowledge Workers - Reviewing the Site Administration Tools
- SharePoint 2010 : Designing and Managing Pages and Sites for Knowledge Workers - Reviewing the Galleries Tools
- Exchange Server 2010 : Installing Operations Manager 2007 R2 (part 3) - Deploying OpsMgr Agents
- Exchange Server 2010 : Installing Operations Manager 2007 R2 (part 2) - Importing Management Packs
- Exchange Server 2010 : Installing Operations Manager 2007 R2 (part 1) - Single Server OpsMgr 2007 R2 Install
- Using Operations Manager to Monitor Exchange Server 2010 : Securing OpsMgr
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server