The updated Windows Server 2003 Security Guide provides specific recommendations about how to harden computers that run Microsoft® Windows Server™ 2003 with Service Pack 1 (SP1) in three distinct enterprise environments—one in which older operating systems such as Windows NT® 4.0 and Windows® 98 must be supported, one in which Windows 2000 is the earliest version of the Windows operating system in use, and one in which concern about security is so great that significant loss of client functionality and manageability is considered an acceptable tradeoff to achieve maximum security. These three environments are respectively referred to as the Legacy Client (LC), Enterprise Client (EC), and Specialized Security – Limited Functionality (SSLF) environments throughout this guide.
Guidance about how to harden computers in these three environments is provided for a group of distinct server roles. The countermeasures that are described and the tools that are provided assume that each server will have a single role. If you need to combine roles for some of the servers in your environment, you can customize the security templates that are included in the downloadable version of the guide to create the appropriate combination of services and security options. The server roles that are referenced in this guide include the following:
- Domain controllers that also provide DNS services
- Infrastructure servers that provide WINS and DHCP services
- File servers
- Print servers
- Web servers that run Microsoft Internet Information Services (IIS)
- Internet Authentication Services (IAS) servers
- Certificate Services servers
- Bastion hosts
Significant efforts were made to make this guidance well organized and easily accessible so that you can quickly find the information that you need and determine which settings are suitable for the computers in your organization. Although this guide is intended for enterprise customers, much of the information that it contains is appropriate for organizations of any size.
You can download the guide here.