ServePath Dedicated Server Hosting
What's This? GoGrid - Cloud & Hybrid Infrastructures

Worldwide: +1 415.869.7000

  • Customer Login
  • Email Us
  • Request A Call
  • Live Chat
  • Dedicated Hosting
  • Hybrid Hosting
  • Managed Services
  • Why ServePath
  • Company
  • Support

Support

  • Support
  • Knowledge Base
  • FAQs
  • Resource Center
  • Dedicated Server Flash Tutorials
  • Professional Services
  • Dedicated Service Teams
  • New Customer Starter Kit

Questions? Call Us!

Live Chat

Server Specials

From: $179.99 /month

Start Saving Now
Microsoft WebsiteSpark Hosting for your professional web design and development business. Microsoft BizSpark Hosting for your Startup

Windows 2003 Server Security Checklist

  • Windows Servers
  • Managed Services
  • Professional Services
  • Cloud Hosting

Filesystem Security

  • Minimize NTFS permissions for EVERYONE
  • At the logical drive level, reset and propagate the following permissions:
    • Full Control to Administrators
    • Full Control to CREATOR OWNER
    • Modify, Read/Execute, List Folder Contents, Read, Write to Authenticated Users
  • Remove and propagate ALL permissions for Authenticated Users from System directory.
  • Allow Authenticated Users Modify, Read/Execute, List Folder Contents, Read, and Write on:
    • \Documents and Settings\
    • \WINNT\Installer # hidden directory
    • \WINNT\System32\Config\
    • \WINNT\Repair

Network Security

  • Disable unnecessary services. Common unnecessary services for servers include:
    • DHCP Client
    • Fax Service
    • Internet Connection Sharing
    • Intersite Message
    • Remote Registry Service
    • RunAs Service
    • Simple TCP/IP Services
    • Telnet
    • Utility Manager
  • Un-install protocols such as IPX/SPX and NetBIOS unless required.

User Security

  • Disable Guest account and assign strong password.
  • Disable TsInternetUser account and assign a strong password.
  • Rename the Administrator account.

TCP/IP Hardening

Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services add or modify the following keys:

Key: Tcpip\Parameters
Value: SynAttackProtect
Value Type: REG_DWORD
Parameter: 1

Key: Tcpip\Parameters
Value: EnableDeadGWDetect
Value Type: REG_DWORD
Parameter: 0

Key: Tcpip\Parameters
Value: EnablePMTUDiscovery
Value Type: REG_DWORD
Parameter: 0

Key: Tcpip\Parameters
Value: KeepAliveTime
Value Type: REG_DWORD
Parameter: 300,000

Key: Netbt\Parameters
Value: NoNameReleaseOnDemand
Value Type: REG_DWORD
Parameter: 1

Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control add or modify the following keys:

Key: Lsa
Value: RestrictAnonymous
Value Type: REG_DWORD
Parameter: 2

Key: SecurePipeServers
Value: RestrictAnonymous
Value Type: REG_DWORD
Parameter: 1

System Security

Uncheck "Hide file extensions for known file types."

Download and install all Critical Updates from http://windowsupdate.microsoft.com.

Download and run the Microsoft Baseline Security Analyzer (MBSA).


  • Dedicated Hosting
    • Load Balanced Server Networks
    • Dedicated Server Specials
    • Compare Dedicated Server Packages
  • Hybrid Hosting
    • Hybrid Hosting Case Studies
    • Sample Hybrid Network Configurations
  • Managed Services
    • Security Services
    • Backup & Storage
    • Networking Services
    • Monitoring Services
    • Content Delivery Network
    • Load Balancing
  • Why ServePath
    • Service Level Agreement
    • San Francisco Datacenter
    • Screaming Fast Network™
    • Certifications
    • Customer Testimonails
    • Customer Case Studies
  • Company
    • Contact ServePath
    • ServePath Leadership
    • Partners
    • News & Press
    • Events
    • Awards
    • Referral Programs
    • Careers
  • Support
    • Knowledge Base
    • FAQs
    • Resource Center
    • Dedicated Server Flash Tutorials
    • Professional Services
    • Dedicated Service Teams
    • New Customer Starter Kit

Use of ServePath services is subject to our Terms of Service, SLA, AUP, and Privacy Policy. Copyright © 2001 - 2010 ServePath. All rights reserved.