3. Specify whether you want the permissions to be inherited by subfolders.
By default, all the NTFS drives on a computer running Windows Server 2003, except
the system drive, have Full Control permission assigned to the Everyone group. There-
fore, it is up to you to design a directory structure and a system of permissions for your
drives that gives users only the access they need to the files stored there.
Tip In addition to file system permissions, you can also use a GPO to configure registry per-
missions on a computer running Windows Server 2003. Browse to the Registry container
and, from the Action menu, choose Add Key. The process resembles configuring file system
permissions, except that you select a registry key instead of a file or folder.
Securing Application Servers
It is difficult, if not impossible, to create a generic security configuration for application
servers, because the requirements of the individual applications are usually unique.
Windows Server 2003 includes some software that enables the computer to function as
an application server, most notably Internet Information Services (IIS), which provides
World Wide Web, File Transfer Protocol (FTP), and other Internet server services, but
in most cases, application servers run external software products, such as database or
e-mail servers. To secure these applications, you must compare the security require
ments of your network and your users with the security features provided by the appli
cation itself.
Practice: Modifying the GPO for the Domain Controllers Container’s GPO
In this practice, you increase the security of your domain controllers by modifying the
GPO for the Domain Controllers container that Windows Server 2003 creates by
default.
Exercise: Modify the Domain Controllers Container’s GPO
Bạn đang xem 3. - MICROSOFT PRESS MCSA MCSE SELF PACED TRAINING KIT EXAM 70 293 PHẦN 6 PPTX
