The best education I got on
locking down a Windows Server was when I attempted to remove any peripheral
functionality from a Terminal Server deployment using Group Policy Objects in Active
Directory so that all users could do was log on, use applications, and then log off.
I strongly recommend that you check out this whitepaper on locking down terminal
servers from Microsoft: www.microsoft.com/windowsserver2003/techinfo/overview/
lockdown.mspx. The basic goal here is to use Active Directory to manage some low-level
security settings across all ISA Servers in the enterprise. Some of the restrictions that
can be implemented this way are:
?– Preventing password hashes from being stored locally.
?– Preventing remote users from shutting the system down.
?– Defi ning the minimum session security for authentication.
?– Restricting access to various services and parts of the operating system.
Confi guring & Implementing??¦
Confi guring Multiple WAN Addresses
Organizations that have at least a business-class DSL or cable connection or
better often have more than one IP address provided by their Internet Service
Provider (ISP). Setting up multiple WAN addresses in Windows is actually quite
easy. With your set of IP addresses in hand, enter the Network Connections
interface, and complete the following:
1. Right-click the WAN adapter and select Properties.
2. Select Internet Protocol (TCP/IP), and click Properties.
Pages:
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386