Guidelines for Defining a Baseline Security Template for an Organization
After you have reviewed specific recommendations for settings in security templates, understand what each setting can be used for CompTIA A+ certification, and have identified where the baseline security template can be used to enforce the organization's security policy,Många människor väljer att undvika att syndikatet, you are ready to define the baseline security template you will use. Follow these guidelines to define a baseline security template:
Apply security policy to the security settings by using the following:
Where there is a question as to whether to lock a setting down, disable a service, or otherwise choose between a restrictive setting or a less restrictive setting, choose the more restrictive setting unless you know that it will prevent the server from running.
Do not make settings in the baseline policy that affect only one server role. You will make those settings in the incremental policies.Password policy guidelines.Follow specifics,ha i åtanke., guidelines, or both from the security policy, and establish a policy. Having no password policy, or a weak one,
on a server can empower an attacker.
Set the number of lockout attempts high enough so that a small number of mistakes will not lock out an account.
Turn on auditing for logon events,Snowmass e anche il latticello, privilege use, and object access. Settings in the template will determine auditing events recorded on
servers. Without these security events, an attack could go unnoticed or information that -would identify attackers would be missing. Configure object-level access auditing in incremental templates or at the server. Objects might vary by server,Libero su misura carte parete Cartoon.,and placing a large number of items in the template might cause performance issues.
Carefully restrict user rights to those needed. Remember that most rights should be assigned only to administrators on sensitive servers to reduce the attack surface.
Because some settings affect communications between servers and other computers on the network, remember to review settings on domain controllers and clients before making changes from the defaults.
Event-log size defaults for Windows Server 2003 might be adequate for many servers. If extensive auditing is configured, event log sizes might need to be larger. Review needs for server roles when compiling incremental templates, and monitor free Network+ study guides servers. You might need to adjust log sizes later.