Thu, Nov 25 2004 15:49
So one sticking point I had on a older line of business tax application was that it was freaking out saying it didn't have the right permissions, so I had to go up to the server, and on the folder it resided in, push down a permission for read/write/muck with it whatever you want.
In case everyone is not aware of this change in Windows 2003, Everyone isn't Everyone any more. In Windows 2000, Everyone included anonymous users. 2003 it does not. One of the great resources for learning more about Windows 2003 and security tweaks and changes in it is in the Threats and countermeasures guide and the 2k3 Security guide. This is one of the reasons why I'm so glad I'm finally on SBS 2k3. I have all the tools, tweaks, “stuff“ that came out of the security push at Microsoft. If you will remember SBS2k3 “beta'd“ right as the security push was underway. We had a long long long beta and what SBS2k3 ended up with was a bit different from where it started.
For those still on the Win NT platform, I cannot stress how much you need to seriously consider getting off that platform. 98 machines should be seriously “planned for future death”. I have so so so much more controlability of my workstations, much more protection of them than with any other server/workstation combo. I've got some screen shots of the defaults of the XP sp2 group policy. There are many more tweaks you can put in there and as I start expanding the tweaks, I'll let you know.
One tweak is right here regarding Lan Manager has values. So why should we care about that on our little networks? For one, if we have an up to date network, there's no reason to not have this setting. We don't need the hash values. Next, grabbing the hashes either by internal staff or even through a misconfigured opening into your network [hard to do if you use the wizards and patch your systems], password are our first line of defense.
It's just a little tweak to make us all safer.
Filed under: News