This is a great list, Wayne! However, I've got one addition for you.
Wayne S. Anderson wrote: > 3) Immediately review the service configuration and default > accounts. If you don't need them, disable them, or in the > case of services at least set them to manual so they do not > run by default. With Windows default accounts, make sure that > the steps that you can take, you have. <snip> > With the services, take the most restrictive approach possible. > Remember, if something doesn't start, we can always restart > whatever was stopped so its ok if something now fails to start. > We just make the necessary adjustments and restart it and we > know not to stop that particular service again ;) You ARE > building the security for this server while it is in a build > or pre-production stage..... right? You should be able to risk > causing other service failures while you determine what services > are necessary. Don't forget that with Windows Server 2003 SP1 and later, the OS includes a great tool for automating a lot of this work for you -- the Security Configuration Wizard. You'll need to go into Add/Remove Programs, Add/Remove Windows Components to ensure that it's installed on the system, but once you do -- it's a great tool that allows you to define and manage security policy for multiple systems. -- Devin L. Ganger, Exchange MVP Email: [EMAIL PROTECTED] 3Sharp Phone: 425.882.1032 14700 NE 95th Suite 210 Cell: 425.239.2575 Redmond, WA 98052 Fax: 425.558.5710 (e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/
