A hat tip to an (unnamed) pal at Microsoft, who sent me (working) links for three useful documents:
- The Windows Server 2003 Security Guide describes best practices for securing WIndows Server 2003 member servers, DCs, file servers, and IIS boxes. Well worth reading, if only to get an appreciation for what’s new in 2003.
- Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP describes almost all of the group policy settings that apply to WS2003 and XP; for each, it explains what the setting does, what side effects it may cause, and what vulnerabilities it protects against.
- The Windows 2000 Hardening Guide explains how to harden your W2K servers, depending on their roles.
