Solved

Options to securing W2K MEMBER server without AD

Posted on 2001-06-20
4
137 Views
Last Modified: 2010-04-13
Experts,

What options do I have in securing a W2K member server without having Active Directory in place.

Case:
I have to implement Citrix XP for my organisation, and for this to work W2K is the recomended platform.
Now we do not have AD in place, nor plan to roll out in the near future.
But I have to secure the W2K servers (locally) to avoid having users harm my precious servers.

I could use the "old" policys and (poledit) from NT, but that does not work for the user part of a profile, only the machine part.

I could use the local security policy, but (as far as I can see) for ALL users (including me) which is not nice at all.

So again, can anybody tell me what my options are, or do I need to implement AD on any cost.
Or can I exclude (some) users from inheriting a local security policy.

Please help me!

More points will be added for quick and accurate responce.

Thanks in advance.
0
Comment
Question by:wlaarhov
  • 2
4 Comments
 
LVL 7

Expert Comment

by:franka
ID: 6213556
check this:
http://www.microsoft.com/technet/security/default.asp

for a comrehensive overview and tips about security.
there are tools and checklist for NT4 and Win2k.

Most of the IIS5 advices for win2k are also true for termnial services.
0
 
LVL 7

Expert Comment

by:franka
ID: 6213608
check this:
http://www.microsoft.com/technet/security/default.asp

for a comrehensive overview and tips about security.
there are tools and checklist for NT4 and Win2k.

Most of the IIS5 advices for win2k are also true for termnial services.
0
 
LVL 13

Accepted Solution

by:
hstiles earned 200 total points
ID: 6215197
I'm afraid the more granular aspects of group policy configuration are only available if you have an AD in place.

Without Active Directory, the focus of the group policy snap-in can only be set to the local machine.  There's no way you can implement different security settings for different users.

Until you have AD in place, your choices are very limited:
1)Implement a blanket security policy for the local machine and all locally logged on users
2)Stick to using NT4 TS (far from ideal)
3)Use alternative methods to securing the system (i.e. update NTFS permissions to reduce the level of access and damage available to normal users and admin staff that aren't suitably skilled)
0
 
LVL 4

Author Comment

by:wlaarhov
ID: 6217203
I thank you for quick response, and you answer reflects what I was afraid off from the start.
It reflects exactly the same options I presented to our project manager before I posted the question here.
I also added a 4th option, which is, do nothing about (exept from NTFS security changes) security and take the risk.
And this is also far from ideal.

So we will probebly go for a small AD implementation just to host terminal servers, and add this AD to our current NT4 domain structure. (as a resource domain with manual trust)
After we have the corporate AD in place, we will just migrate the servers to that and abandon the temp AD.

0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now