[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

Securing a stand-alone DC and file server

I'm configuring my first Windows Server 2008 R2 Standard.  This will be the one and only DC for this company and the only server.  The server will be used for a file server, it will control the virus protection for the computers (currently 10 computers) in the company.  The computers access to certain resources and drives will be controlled by the server but that is basically all it will be used for.  The computers accessing the server will be Windows XP SP3 and 1 laptop running Windows 7.  The reason for this post, is to find IT personnel that have had experience in this area and give me ideas or best pratices from experience to lock down this server.  For all I know maybe it is locked down pretty much all the way now, so any knowledge from anyone would be helpful.  Any questions will be answered that might help you help give me better insight.

Thanks in advance
0
Zantis
Asked:
Zantis
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
2008 installs a minimal set of roles and features - you have to add the ones you want.  You then add the roles and features you want (pre-requesites should be noted and automatically installed). In general, if you create user accounts and assign them to the Domain Users group, they should have no access to the server other than for Authentication and file and printer sharing.

If this is the first time you are installing 2008 R2 as a domain controller, I suggest running through it a couple of times at least and playing a bit to learn it.  Then ask more specific questions.  THEN install it in production.  Either that, or hire a consultant to ensure it gets done right from the start.  (Often, setups are among the most complicated - once setup properly, maintenance is fairly easy, but if not setup properly, it can be expensive and a PITA to get it working as it should be).
0
 
Chev_PCNCommented:
As this is a fairly limited environment, I would recommend not going too overboard ITO Security (unless your company is a sub-branch of the NSA. . .)
I would recommend putting the user data on a separate drive to the OS.
If you are using IIS for any reason, put the inetpub folder on the data drive as well.
I've attached a CIS benchmark doc that I've found useful. Don't apply everything - you may break stuff, and apply changes in small increments so that you can roll back if something does stop working.
Do you have an adequate backup system in place? With only one server, if there's a crash, then you need to have a way to recover everything.
Do the users access the internet? How does that work? (e.g. router / proxy?) That should be one of your primary focal points for security.
Good luck!


CIS-Windows-Server-2008-Benchmar.pdf
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now