Personally I us the Windows Server 2003 Security Guide at http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w20 03hg/. If it is not in there I am very cautious about applying the change. There is also a windows XP security guide at http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/de fault.mspx. I made one change that was not in either guide. The change was from a reputable source and claimed this should have no impact on end users. This was a modification to the behavior of IE to fix an unpatched vulnerability. I did test the change, but not well enough. Shortly after rolling out the change to our entire organization, one of our applications stopped working. This was a third part application. We had rolled it out using a custom adiminstrative template. The roll back required another modification using a custom template. Again testing was not totally complete. It took several weeks before we finally removed this from all the PCs in our domain.
Dennis -----Original Message----- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 4:23 PM To: focus-ms@securityfocus.com Subject: What server hardening are you doing these days? Steve Riley's WebLog : When security breaks things: http://blogs.technet.com/steriley/archive/2005/11/08/414002.aspx Are folks doing additional hardening to their servers these days and if so, what guidance are you using? Interesting blog post about the impact of such hardening and not supported ACL adjusting. -- Letting your vendors set your risk analysis these days? http://www.threatcode.com ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
