Using Templates to Improve Usage and Management


One of the biggest keys to effective security is the standardization of the application of security policies across the environment. Windows 2003 continues to support this concept with the use of the Security Configuration and Analysis MMC plug-in. This plug-in enables you to convert your own security policies into a template file that can be applied to other servers. This ensures that servers are configured identically. This can be exceptionally useful for systems configured to sit outside a firewall that are not members of an Active Directory domain and thus aren't managed by Group Policy Objects.

Using the Security Configuration and Analysis Tool

The Security Configuration and Analysis tool, which is available in Windows 2003 from the MMC Snap-in, is designed to read specific security information from a server and compare it to a template file. This enables you to create standard templates and see whether servers in their environment conform to those settings.

To perform an analysis of a system, do the following:

  1. Select Start, Run, mmc.exe and then click OK to launch the MMC snap-in.

  2. Add the Security Configuration and Analysis snap-in.

  3. Right-click the Security Configuration and Analysis scope item, and choose Open Database.

  4. Choose a database name and then click Open.

  5. Pick a security template, and then open it.

  6. Right-click the Security Configuration and Analysis scope item and choose Analyze Computer Now, then click OK.

The system will display all local security settings and show the template recommendation from the database. By comparing local settings to a standard template created by the administrator, settings can be made consistent without steamrollering any required local security settings.

Leveraging Secure Templates

Groups such as the National Security Agency or the National Institute of Standards and Technology have built what they consider to be secure templates for such roles as Domain Controller, Web Server, Application Server, and others. By using these templates as a starting point, you can build customized templates that take NIST or NSA guidelines into account. This makes it much easier to build a secure template as these groups specialized in knowing and understanding computer security.



Microsoft Windows Server 2003 Insider Solutions
Microsoft Windows Server 2003 Insider Solutions
ISBN: 0672326094
EAN: 2147483647
Year: 2003
Pages: 325

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net