Microsoft unveils security aid

Microsoft Corp. released a guide recently designed to help systems administrators run Windows Server 2003 securely, and re-announced a similar guide for Windows 2000.

The Windows Server 2003 Security Guide and the Windows 2000 Security Hardening Guide for Windows 2000 Professional and Server editions give instructions on how to set up the software and how to mitigate various attack types, as well as other tips, said Michael Stephenson, lead product manager for Windows Server at Microsoft.

“We felt we needed to do a better job in helping our customers to better secure their products,” Stephenson said.

Microsoft found that a large majority of the security breaches its customers have suffered resulted from configuration mistakes. These included unpatched systems and unprotected admin accounts on servers, Stephenson said.

The guides walk administrators through the best practices for setting up a Windows Server system in a variety of configuration scenarios, including file server, Web server, domain controller and Domain Name System (DNS) server, Stephenson said.

Also, users are taught how to reduce the impact of various attack types and how to harden the system against those types of attacks. The guides provide details on countermeasures users can take to make their systems less susceptible. Access to the shutdown function on a domain controller should be very limited, for example.

Previously, Microsoft had released security white papers addressing specific security issues such as password management. This is the first time Microsoft has published comprehensive guides, according to Stephenson. The Windows 2000 Security Hardening Guide was first released in March. The guides are part of Microsoft’s Trustworthy Computing initiative, he said.

The next thing Microsoft will do is to automate security setup. In mid-2003, Microsoft will launch a security configuration wizard for Windows Server 2003 that will ask customers about their environment and, based on the answers, will set the configuration settings, Stephenson said.

The Windows Server 2003 Security Guide is available at

The Windows 2000 Security Hardening Guide is at

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now