When you re designing network security for a medium-to-large enterprise, it s often helpful to think of servers in terms of the role that they play on the network, rather than just as Server1, Server2, and Server3. To assist in this process, Windows Server 2003 has introduced features such as the Configure Your Server Wizard that simplify the process of assigning a specific role to a given machine. Once you ve configured a server (or group of servers) to fulfill a specific role on your network, you should then secure these different server roles in a consistent fashion to improve the overall security of your enterprise network.
In this chapter, we discuss the use of security templates as a way to apply consistent security settings to an entire network, or to a subset of computers or servers. You ll need to begin with a baseline security template that will define security settings common to your entire network. We ll start with a review of the use of security templates, which you should already be familiar with from preparing for the Windows Server 2003 Core Four exams. Once we ve reviewed the use of security templates in Windows Server 2003, we ll focus on how to deploy these templates across an entire network in an efficient manner. (You certainly wouldn t want to individually configure security settings on a network with hundreds or thousands of machines, now, would you?) We ll focus on the use of Group Policy Objects (GPOs) and scripting techniques to quickly deploy common security settings across an entire network.
Once you ve established your baseline security settings, you ll then need to modify those settings based on the function of a given server or group of servers on your network. A number of security enhancements can specifically benefit machines that are functioning as domain controllers (DCs), Web servers, network infrastructure servers, and file servers. Just as you used templates to create a common security configuration for your entire network, you can also modify that baseline to quickly configure a group of servers whose security requirements might differ from the common configuration. When designing a secure network infrastructure for a Windows Server 2003 network, the use and deployment of security templates will be of great use to you, both on the 70-298 exam and in real-world security deployments.