How to Cheat at Designing Security for a Windows Server 2003 Network

When you re designing network security for a medium-to-large enterprise, it s often helpful to think of servers in terms of the role that they play on the network, rather than just as Server1, Server2, and Server3. To assist in this process, Windows Server 2003 has introduced features such as the Configure Your Server Wizard that simplify the process of assigning a specific role to a given machine. Once you ve configured a server (or group of servers) to fulfill a specific role on your network, you should then secure these different server roles in a consistent fashion to improve the overall security of your enterprise network.
In this chapter, we discuss the use of security templates as a way to apply consistent security settings to an entire network, or to a subset of computers or servers. You ll need to begin with a baseline security template that will define security settings common to your entire network. We ll start with a review of the use of security templates. Once we ve reviewed the use of security templates in Windows Server 2003, we ll focus on how to deploy these templates across an entire network in an efficient manner. (You certainly wouldn t want to individually configure security settings on a network with hundreds or thousands of machines, now, would you?) We ll focus on the use of Group Policy Objects (GPOs) and scripting techniques to quickly deploy common security settings across an entire network.
Once you ve established your baseline security settings, you ll then need to modify...