Solved

Securing a stand-alone DC and file server

Posted on 2011-03-13
2
471 Views
Last Modified: 2012-08-14
I'm configuring my first Windows Server 2008 R2 Standard.  This will be the one and only DC for this company and the only server.  The server will be used for a file server, it will control the virus protection for the computers (currently 10 computers) in the company.  The computers access to certain resources and drives will be controlled by the server but that is basically all it will be used for.  The computers accessing the server will be Windows XP SP3 and 1 laptop running Windows 7.  The reason for this post, is to find IT personnel that have had experience in this area and give me ideas or best pratices from experience to lock down this server.  For all I know maybe it is locked down pretty much all the way now, so any knowledge from anyone would be helpful.  Any questions will be answered that might help you help give me better insight.

Thanks in advance
0
Comment
Question by:Zantis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 35125419
2008 installs a minimal set of roles and features - you have to add the ones you want.  You then add the roles and features you want (pre-requesites should be noted and automatically installed). In general, if you create user accounts and assign them to the Domain Users group, they should have no access to the server other than for Authentication and file and printer sharing.

If this is the first time you are installing 2008 R2 as a domain controller, I suggest running through it a couple of times at least and playing a bit to learn it.  Then ask more specific questions.  THEN install it in production.  Either that, or hire a consultant to ensure it gets done right from the start.  (Often, setups are among the most complicated - once setup properly, maintenance is fairly easy, but if not setup properly, it can be expensive and a PITA to get it working as it should be).
0
 
LVL 9

Accepted Solution

by:
Chev_PCN earned 500 total points
ID: 35126594
As this is a fairly limited environment, I would recommend not going too overboard ITO Security (unless your company is a sub-branch of the NSA. . .)
I would recommend putting the user data on a separate drive to the OS.
If you are using IIS for any reason, put the inetpub folder on the data drive as well.
I've attached a CIS benchmark doc that I've found useful. Don't apply everything - you may break stuff, and apply changes in small increments so that you can roll back if something does stop working.
Do you have an adequate backup system in place? With only one server, if there's a crash, then you need to have a way to recover everything.
Do the users access the internet? How does that work? (e.g. router / proxy?) That should be one of your primary focal points for security.
Good luck!


CIS-Windows-Server-2008-Benchmar.pdf
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question