Solved

Options to securing W2K MEMBER server without AD

Posted on 2001-06-20
4
140 Views
Last Modified: 2010-04-13
Experts,

What options do I have in securing a W2K member server without having Active Directory in place.

Case:
I have to implement Citrix XP for my organisation, and for this to work W2K is the recomended platform.
Now we do not have AD in place, nor plan to roll out in the near future.
But I have to secure the W2K servers (locally) to avoid having users harm my precious servers.

I could use the "old" policys and (poledit) from NT, but that does not work for the user part of a profile, only the machine part.

I could use the local security policy, but (as far as I can see) for ALL users (including me) which is not nice at all.

So again, can anybody tell me what my options are, or do I need to implement AD on any cost.
Or can I exclude (some) users from inheriting a local security policy.

Please help me!

More points will be added for quick and accurate responce.

Thanks in advance.
0
Comment
Question by:wlaarhov
  • 2
4 Comments
 
LVL 7

Expert Comment

by:franka
ID: 6213556
check this:
http://www.microsoft.com/technet/security/default.asp

for a comrehensive overview and tips about security.
there are tools and checklist for NT4 and Win2k.

Most of the IIS5 advices for win2k are also true for termnial services.
0
 
LVL 7

Expert Comment

by:franka
ID: 6213608
check this:
http://www.microsoft.com/technet/security/default.asp

for a comrehensive overview and tips about security.
there are tools and checklist for NT4 and Win2k.

Most of the IIS5 advices for win2k are also true for termnial services.
0
 
LVL 13

Accepted Solution

by:
hstiles earned 200 total points
ID: 6215197
I'm afraid the more granular aspects of group policy configuration are only available if you have an AD in place.

Without Active Directory, the focus of the group policy snap-in can only be set to the local machine.  There's no way you can implement different security settings for different users.

Until you have AD in place, your choices are very limited:
1)Implement a blanket security policy for the local machine and all locally logged on users
2)Stick to using NT4 TS (far from ideal)
3)Use alternative methods to securing the system (i.e. update NTFS permissions to reduce the level of access and damage available to normal users and admin staff that aren't suitably skilled)
0
 
LVL 4

Author Comment

by:wlaarhov
ID: 6217203
I thank you for quick response, and you answer reflects what I was afraid off from the start.
It reflects exactly the same options I presented to our project manager before I posted the question here.
I also added a 4th option, which is, do nothing about (exept from NTFS security changes) security and take the risk.
And this is also far from ideal.

So we will probebly go for a small AD implementation just to host terminal servers, and add this AD to our current NT4 domain structure. (as a resource domain with manual trust)
After we have the corporate AD in place, we will just migrate the servers to that and abandon the temp AD.

0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now