Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Options to securing W2K MEMBER server without AD

Posted on 2001-06-20
4
Medium Priority
?
158 Views
Last Modified: 2010-04-13
Experts,

What options do I have in securing a W2K member server without having Active Directory in place.

Case:
I have to implement Citrix XP for my organisation, and for this to work W2K is the recomended platform.
Now we do not have AD in place, nor plan to roll out in the near future.
But I have to secure the W2K servers (locally) to avoid having users harm my precious servers.

I could use the "old" policys and (poledit) from NT, but that does not work for the user part of a profile, only the machine part.

I could use the local security policy, but (as far as I can see) for ALL users (including me) which is not nice at all.

So again, can anybody tell me what my options are, or do I need to implement AD on any cost.
Or can I exclude (some) users from inheriting a local security policy.

Please help me!

More points will be added for quick and accurate responce.

Thanks in advance.
0
Comment
Question by:wlaarhov
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Expert Comment

by:franka
ID: 6213556
check this:
http://www.microsoft.com/technet/security/default.asp

for a comrehensive overview and tips about security.
there are tools and checklist for NT4 and Win2k.

Most of the IIS5 advices for win2k are also true for termnial services.
0
 
LVL 7

Expert Comment

by:franka
ID: 6213608
check this:
http://www.microsoft.com/technet/security/default.asp

for a comrehensive overview and tips about security.
there are tools and checklist for NT4 and Win2k.

Most of the IIS5 advices for win2k are also true for termnial services.
0
 
LVL 13

Accepted Solution

by:
hstiles earned 600 total points
ID: 6215197
I'm afraid the more granular aspects of group policy configuration are only available if you have an AD in place.

Without Active Directory, the focus of the group policy snap-in can only be set to the local machine.  There's no way you can implement different security settings for different users.

Until you have AD in place, your choices are very limited:
1)Implement a blanket security policy for the local machine and all locally logged on users
2)Stick to using NT4 TS (far from ideal)
3)Use alternative methods to securing the system (i.e. update NTFS permissions to reduce the level of access and damage available to normal users and admin staff that aren't suitably skilled)
0
 
LVL 4

Author Comment

by:wlaarhov
ID: 6217203
I thank you for quick response, and you answer reflects what I was afraid off from the start.
It reflects exactly the same options I presented to our project manager before I posted the question here.
I also added a 4th option, which is, do nothing about (exept from NTFS security changes) security and take the risk.
And this is also far from ideal.

So we will probebly go for a small AD implementation just to host terminal servers, and add this AD to our current NT4 domain structure. (as a resource domain with manual trust)
After we have the corporate AD in place, we will just migrate the servers to that and abandon the temp AD.

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The online market is growing at an unprecedented rate and retail eCommerce sales are expected to reach $4 trillion by 2020. Yet, the profit is not just there for the taking because you have to set yourself apart from the competition.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question