Solved

Options to securing W2K MEMBER server without AD

Posted on 2001-06-20
4
143 Views
Last Modified: 2010-04-13
Experts,

What options do I have in securing a W2K member server without having Active Directory in place.

Case:
I have to implement Citrix XP for my organisation, and for this to work W2K is the recomended platform.
Now we do not have AD in place, nor plan to roll out in the near future.
But I have to secure the W2K servers (locally) to avoid having users harm my precious servers.

I could use the "old" policys and (poledit) from NT, but that does not work for the user part of a profile, only the machine part.

I could use the local security policy, but (as far as I can see) for ALL users (including me) which is not nice at all.

So again, can anybody tell me what my options are, or do I need to implement AD on any cost.
Or can I exclude (some) users from inheriting a local security policy.

Please help me!

More points will be added for quick and accurate responce.

Thanks in advance.
0
Comment
Question by:wlaarhov
  • 2
4 Comments
 
LVL 7

Expert Comment

by:franka
ID: 6213556
check this:
http://www.microsoft.com/technet/security/default.asp

for a comrehensive overview and tips about security.
there are tools and checklist for NT4 and Win2k.

Most of the IIS5 advices for win2k are also true for termnial services.
0
 
LVL 7

Expert Comment

by:franka
ID: 6213608
check this:
http://www.microsoft.com/technet/security/default.asp

for a comrehensive overview and tips about security.
there are tools and checklist for NT4 and Win2k.

Most of the IIS5 advices for win2k are also true for termnial services.
0
 
LVL 13

Accepted Solution

by:
hstiles earned 200 total points
ID: 6215197
I'm afraid the more granular aspects of group policy configuration are only available if you have an AD in place.

Without Active Directory, the focus of the group policy snap-in can only be set to the local machine.  There's no way you can implement different security settings for different users.

Until you have AD in place, your choices are very limited:
1)Implement a blanket security policy for the local machine and all locally logged on users
2)Stick to using NT4 TS (far from ideal)
3)Use alternative methods to securing the system (i.e. update NTFS permissions to reduce the level of access and damage available to normal users and admin staff that aren't suitably skilled)
0
 
LVL 4

Author Comment

by:wlaarhov
ID: 6217203
I thank you for quick response, and you answer reflects what I was afraid off from the start.
It reflects exactly the same options I presented to our project manager before I posted the question here.
I also added a 4th option, which is, do nothing about (exept from NTFS security changes) security and take the risk.
And this is also far from ideal.

So we will probebly go for a small AD implementation just to host terminal servers, and add this AD to our current NT4 domain structure. (as a resource domain with manual trust)
After we have the corporate AD in place, we will just migrate the servers to that and abandon the temp AD.

0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2000 Kerberos problem 5 321
Print Server: NT to 2008 10 586
Window 2000 server in a SBS2011 domain DNS Errors 4 463
OLD CPUs 12 80
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This tutorial shows how to create a greeting card by combining two image layers and a text layer on a PC using a free image editing app.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question