win 2003 OS question

24giovanni · 08-13-2006, 03:09 PM

Hi, I have to redesign the file sharing structure on all the hard drives for the a file server that has FAT partitions and Microsoft Windows default permissions/security settings. I need to know the following please:what should I do when it comes to Uninstalling Unnecessary Programs,Stop Unnecessary Services running in IIS,User Accounts, what kind of file sharing program should I use so I can take extra caution in opening up whatever you download. What do I need to do please? This is a win 2003 machine. Any help is greatly appreciated.

Law · 08-13-2006, 06:54 PM

Running FAT32 partition on Win2003? Well I would convert it to NTFS for sure, that way you have more control over your folders and files.

We don't install unnecessary software on a server machine in the first place, so when you do and you need to uninstall it, which usually means having to bring the server down for a restart. Time=Money, every minute your server is down it cost the company money, plus do you know how long it can take for Win2003 server to start up into the desktop again? Could be up to 20 minutes, I've seen it take that long, so the point is, don't install unnecessary software in the first place, or wait to remove it after no one is using it. Installing unnecessary software and services creates more complication and adds more to the security problem. Keep the server simple.

Users account should be limited, only permit what they need and deny the rest. ItÂ’s a simple concept I follow all the time.

Windows file sharing and NetBIOS is ok in a small network, you have NTFS security and Active Directory. Try FTP?

Taken extra precaution when opening files on Win2003? I donÂ’t know what you are using it for but you have the wrong idea about Win2003 server, itÂ’s not a workstation. You donÂ’t use it to browse the Internet; actually you donÂ’t even use it like Windows XP. You configured what you need and you leave it alone with a password protected screen saver.

Look http://www.microsoft.com/technet/sec...hg/sgch00.mspx

That's enough to keep you busy for awhile.

24giovanni · 08-13-2006, 07:04 PM

Law, Do you know if there are any serice packs, hot fixes and patches for 2003 server that I need to install? Again, I really appreciate your help and wisdom.

Law · 08-13-2006, 07:16 PM

Currently it's Service Pack 1, but there is SP2 which I believe is still in beta but I haven't check as of now. I would advice to stay away from beta service pack, especially on a server OS until the final release is out. Just visit M$ update site and get all the updates.

In a big business environment, they don't apply the patches as soon as it's release, probably due to the reason that the patches could be just as worse as the vulnerability it was meant to fix, or it might just crash the system (like in the HP and M$ case back in April). Before they apply the patch they usually test it out in a test environment before rolling it out into their production machines. ItÂ’s good to test the patch to see if itÂ’s stable and to apply it as soon as possible before the attacker finds out.

But in your case, youÂ’re probably just using it for home and learning off it? Than you shouldnÂ’t have to worry since itÂ’s not feasible for you to add more cost by creating a test environment.

24giovanni · 08-13-2006, 07:21 PM

Would you leave all IIS settings as defaults? Again, Thanks so much.

Law · 08-13-2006, 07:40 PM

No way, if you are configuring a web server/email server/FTP server you can not leave it at default setting. Default setting was made for ease of deployment and it's unsecured.