< Day Day Up > |
Security Model Changes in Windows Server 2003Windows Server 2003 contains numerous enhancements and modifications compared to the older members of Windows server family. Built-in .NET Framework support, hot-add memory, updated kernel and UI APIs, improved heap management, vectored exception handling, and many other features make it a significant improvement over Windows 2000 servers; and each of these features merits a discussion beyond the scope of this chapter. In this section I focus on changes in the Windows Server 2003 security model. Changes in Internet Information Server SecurityThe following list introduces some of the most important changes in the Windows security model.
Changes to the Default Permission SettingsWindows Server 2003 demonstrates Microsoft's shift of focus from access as the top priority to security. This shift is most visible in the changes made to the default access rights. In the previous versions of Windows, members of the Everyone group had Full Control access to shares and NTFS permissions. The locked-down default settings of Server 2003 give Everyone group members only noninheritable read and execute permissions to the drive roots. When new files are created, the permissions are not inherited from the parent and must be set manually. New shares give by default only read permission to the Everyone group . Another new access restriction in Windows Server 2003 applies to the anonymous users. They do not receive a membership in the Everyone group and instead belong to the new built-in Anonymous Logon group. To find out more about these and other new Windows Server 2003 features, use the numerous resources available on the following Microsoft site: www.microsoft.com/windowsserver2003/default.mspx. |
< Day Day Up > |