In the documents shown to you so far, you should find all the services (including ports, etc) that you need to open up such a configuration. A good, basic hardening rule is: Shut everything down (apart from the most basic services, you'll find those in the documents mentioned earlier) and then decide which services you need based on the server roles you designate to your servers. However, I'd recommend thinking carefully whether or not you really, really want to open up your firewall like this. If it's just authentication you're looking for, perhaps IAS or a RADIUS server are more suitable, or consider using a standalone server. Also consider any legal requirements your organization might be subject to regarding security measures.
Regards, Paul. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pennell, Ronald B. Sent: Monday, January 10, 2005 4:30 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Office Topic: Windows 2000 & 2003 Servers Lockdown Policies This might not be the right forum for this question, but, does anyone have any templates for what needs to be locked-down for servers in the domain and in a DMZ. What ports and services that do not need to be running/open. Ron Pennell Institute For Defense Analyses [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/