Solved

Options to securing W2K MEMBER server without AD

Posted on 2001-06-20
4
149 Views
Last Modified: 2010-04-13
Experts,

What options do I have in securing a W2K member server without having Active Directory in place.

Case:
I have to implement Citrix XP for my organisation, and for this to work W2K is the recomended platform.
Now we do not have AD in place, nor plan to roll out in the near future.
But I have to secure the W2K servers (locally) to avoid having users harm my precious servers.

I could use the "old" policys and (poledit) from NT, but that does not work for the user part of a profile, only the machine part.

I could use the local security policy, but (as far as I can see) for ALL users (including me) which is not nice at all.

So again, can anybody tell me what my options are, or do I need to implement AD on any cost.
Or can I exclude (some) users from inheriting a local security policy.

Please help me!

More points will be added for quick and accurate responce.

Thanks in advance.
0
Comment
Question by:wlaarhov
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Expert Comment

by:franka
ID: 6213556
check this:
http://www.microsoft.com/technet/security/default.asp

for a comrehensive overview and tips about security.
there are tools and checklist for NT4 and Win2k.

Most of the IIS5 advices for win2k are also true for termnial services.
0
 
LVL 7

Expert Comment

by:franka
ID: 6213608
check this:
http://www.microsoft.com/technet/security/default.asp

for a comrehensive overview and tips about security.
there are tools and checklist for NT4 and Win2k.

Most of the IIS5 advices for win2k are also true for termnial services.
0
 
LVL 13

Accepted Solution

by:
hstiles earned 200 total points
ID: 6215197
I'm afraid the more granular aspects of group policy configuration are only available if you have an AD in place.

Without Active Directory, the focus of the group policy snap-in can only be set to the local machine.  There's no way you can implement different security settings for different users.

Until you have AD in place, your choices are very limited:
1)Implement a blanket security policy for the local machine and all locally logged on users
2)Stick to using NT4 TS (far from ideal)
3)Use alternative methods to securing the system (i.e. update NTFS permissions to reduce the level of access and damage available to normal users and admin staff that aren't suitably skilled)
0
 
LVL 4

Author Comment

by:wlaarhov
ID: 6217203
I thank you for quick response, and you answer reflects what I was afraid off from the start.
It reflects exactly the same options I presented to our project manager before I posted the question here.
I also added a 4th option, which is, do nothing about (exept from NTFS security changes) security and take the risk.
And this is also far from ideal.

So we will probebly go for a small AD implementation just to host terminal servers, and add this AD to our current NT4 domain structure. (as a resource domain with manual trust)
After we have the corporate AD in place, we will just migrate the servers to that and abandon the temp AD.

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question