- Admin KnowledgeBase
- Articles & Tutorials
- Authors
- Blogs
- Hardware
- Message Boards
- Newsletters
- RSS
- Software
- White Papers
Knowledge Base Tips topic
| [ | 2939 | ] |
Windows Server 2008/2003/2000/XP/NT Administrator Knowledge Base
|
Last updated: Jul 17, 2008 |
| [ | 659 | ] |
Windows 2000
|
Last updated: Jul 16, 2008 |
| [ | 432 | ] |
Admin Tips
|
Last updated: Nov 13, 2007 |
| [ | 101 | ] |
Registry Tips
|
Last updated: Jul 16, 2008 |
| [ | 126 | ] |
User Tips
|
Last updated: May 04, 2005 |
| [ | 453 | ] |
Windows 2003
|
Last updated: Jul 03, 2008 |
| [ | 443 | ] |
Admin Tips
|
Last updated: Jul 03, 2008 |
| [ | 5 | ] |
Registry Tips
|
Last updated: Apr 18, 2006 |
| [ | 3 | ] |
User Tips
|
Last updated: Jun 30, 2005 |
| [ | 1141 | ] |
Windows NT
|
Last updated: Jun 15, 2006 |
| [ | 583 | ] |
Admin Tips
|
Last updated: Oct 19, 2005 |
| [ | 415 | ] |
Registry Tips
|
Last updated: Mar 22, 2006 |
| [ | 143 | ] |
User Tips
|
Last updated: Jun 15, 2006 |
| [ | 17 | ] |
Windows Server 2008
|
Last updated: Jul 17, 2008 |
| [ | 17 | ] |
Admin Tips
|
Last updated: Jul 17, 2008 |
| [ | 77 | ] |
Windows Vista
|
Last updated: Jul 15, 2008 |
| [ | 73 | ] |
Admin Tips
|
Last updated: Jul 15, 2008 |
| [ | 2 | ] |
Registry Tips
|
Last updated: Jun 19, 2008 |
| [ | 2 | ] |
User Tips
|
Last updated: Jun 26, 2008 |
| [ | 591 | ] |
Windows XP
|
Last updated: Jun 26, 2008 |
| [ | 322 | ] |
Admin Tips
|
Last updated: Jun 19, 2008 |
| [ | 82 | ] |
Registry Tips
|
Last updated: Jun 19, 2008 |
| [ | 187 | ] |
User Tips
|
Last updated: Jun 26, 2008 |
Security Tips
- Disabling Internet Explorer Enhanced Security Configuration
- Date - Jan 22, 2008
- Windows Server 2003 comes out of the box very hardened in some areas. One of these is through Internet Explorer Enhanced Security Configuration. Here is how to disable it.
- Find all encrypted files
- Date - Jan 08, 2008
- How to find all the EFS encrypted files on a machine.
- Creating a password reset disk
- Date - Jan 02, 2008
- Creating a password reset disk
- Authorized DHCP
- Date - Dec 04, 2007
- How to authorize DHCP for clients
- Listening ports and services
- Date - Nov 20, 2007
- How to find what ports your server is listening on and which service is listening on each port
- Port 445 and trust creation
- Date - Oct 04, 2007
- How port 445 is used in trust creation
- Enabling Windows Firewall on domain controllers
- Date - Aug 08, 2007
- Steps for enabling WF on domain controllers.
- Configuring Security for Server Based Printers
- Date - Jul 26, 2007
- Anytime you are using a printer in a large network environment you need to make sure it is securely distributed. Here we look at how to set security permissions on a server based printer.
- Service accounts and user profiles
- Date - Jul 17, 2007
- How to create a profile for a service account and why you may need to do so.
- Verifying ports are listening
- Date - Jun 26, 2007
- How to determine if a server is listening on a given port.
- Schema vs. Enterprise vs. Domain Admins
- Date - Jun 20, 2007
- Domain admins can basically do anything, anywhere in the forest.
- Exempting User Accounts from Domain Password Policies
- Date - Jun 14, 2007
- There's one exemption to how domain password policies are applied.
- Securing your Event logs
- Date - Jun 07, 2007
- Preventing rogue administrators from tampering with Event logs.
- Pre-staging computer accounts
- Date - Apr 25, 2007
- How to ensure client computers are not left in an unmanaged state after joining a domain.
- Group Policy in mixed environments
- Date - Apr 24, 2007
- How to target Group Policy differently for different OSes.
- How to prevent users from installing software
- Date - Apr 17, 2007
- Preventing users from installing software.
- The Power with Power Users
- Date - Apr 12, 2007
- The power users group is often misused and can lead to the compromise of a system. Here is why this can happen.
- How to remove unwanted local user accounts
- Date - Apr 10, 2007
- How to get rid of those pesky local user accounts on your workstations, or at least mitigate their unwanted presence.
- Don’t forget to secure your UPS!
- Date - Apr 04, 2007
- Physical security for your servers may be useless if you don't secure your UPS also.
- Eliminating Ping Responses from Secret Servers
- Date - Mar 27, 2007
- Ever have a server setup that you really don’t want people knowing even exists? Keeping it from returning ping responses is a great way to make it vanish.
- Disabling LM Authentication
- Date - Mar 22, 2007
- Using strong passwords is useless if they are not encrypted properly. That’s why disabling LM authentication is important.
- Logging Windows Firewall
- Date - Mar 15, 2007
- The built-in windows firewall won’t only stop unwanted traffic at your doorstep, it will log it too!
- Warning Signs of a Rogue DHCP Server
- Date - Mar 14, 2007
- Just because you are only supposed to have one DHCP server on your network doesn’t mean it really is the only one
- How to choose a VPN auth protocol
- Date - Jan 17, 2007
- How do you decide which auth protocol to use on a VPN client?
- Default GPO Permissions
- Date - Jul 13, 2006
- It is very important to assign appropriate permissions to every GPO you create. Here I list the default permissions given to a new GPO.
- Increase file server performance
- Date - Jul 12, 2006
- Don't use your domain controller as a file server--here's why.
- Preventing users from Modifying Group Policy Settings
- Date - May 30, 2006
- How to prevent users from modifying Group Policy.
- Troubleshooting WSUS
- Date - May 02, 2006
- How to troubleshoot WSUS when clients can't download and install patches.
- Virtualization and Viruses
- Date - Apr 26, 2006
- How to protect your virtual machines without degrading performance.
- Configuring Wireless Security Settings via GPO
- Date - Mar 23, 2006
- Using Group Policy wireless extensions you can more easily manage security and encryption settings for your networks wireless clients.
- Auditing on a per-user basis
- Date - Mar 01, 2006
- How to configure per-user auditing.
- Security Patches as ISO images
- Date - Feb 21, 2006
- You can obtain patches for Windows as an ISO (CD) image.
- Don't Bother Deleting C$
- Date - Feb 15, 2006
- Why deleting the C$ share is not a good idea.
- Enforcing Group Policy
- Date - Feb 14, 2006
- How to force Group Policy to apply even when users can override settings using local admin credentials.
- Preventing Users From Circumventing Group Policy
- Date - Jan 24, 2006
- Given enough privileges, a user can often circumvent Group Policy restrictions. Here's what you can do about it.
- Local accounts and Group Policy
- Date - Jan 17, 2006
- Group Policy can be a minefield and some policy settings are best left unchanged...
- Adding Pop-Up Blocker Exceptions via GPO
- Date - Dec 22, 2005
- Occasionally there are sites that we as domain administrators need to allow pop-ups for across the board. This tip shows how to do this with Group Policy.
- Checking Local Group Policy
- Date - Dec 21, 2005
- There may be times when you want to check the Local Group Policy Settings on a desktop machine.
- Secure USB ports
- Date - Dec 01, 2005
- How to prevent users from downloading sensitive files using USB keys.
- Security Options Ignored
- Date - Nov 08, 2005
- Why are some Security Options in Group Policy not being applied?
- Why It's Hard to Harden Clients
- Date - Nov 01, 2005
- Servers are usually hardened--why not clients?
- A Common Misconception Regarding Security Logs
- Date - Oct 27, 2005
- Do domain controllers share security logs?
- Value of Auditing Workstations
- Date - Oct 25, 2005
- Why you might consider enabling auditing on workstations...
- Top 5 Group Policy Links
- Date - Oct 20, 2005
- Five great resrouces with helpful information on Group Policy...
- Be an example
- Date - Oct 18, 2005
- Want users in your company to follow the security policies and practices you lay down?
- Security policies--where to start
- Date - Oct 13, 2005
- If you tell IT managers they need to create a formal, written security policy for their company (many small- and mid-sized companies don't have one) what's the first thing they'll say in response?
- What Defense In Depth Is NOT
- Date - Oct 11, 2005
- A common misconception concerning network security is the meaning of the term "defense in depth".
- Tool for slipstreaming patches
- Date - Oct 06, 2005
- It's not easy to slipstream a bunch of patches properly into Windows.
- Management software and security
- Date - Sep 28, 2005
- Which kind of management software is more secure, agent-based or agentless?
- Automatic Updates for Servers?
- Date - Sep 27, 2005
- Should the Automatic Updates (AU) feature be used to keep your servers patched?
- IIS 6 and MIME Types
- Date - Sep 07, 2005
- Serving up files from a web server running IIS 6 can sometimes be problematical.
- Changing Worker Process Identity in IIS 6
- Date - Aug 30, 2005
- In IIS 6 on W2K3, all worker processes run by default using NetworkService as their identity.
- Listing All DHCP Servers
- Date - Aug 09, 2005
- Want to know the DNS names and IP addresses of all DHCP servers on your network?
- Preventing Rogue DHCP Clients
- Date - Aug 04, 2005
- If you are using DHCP on your network and you want to prevent rogue clients from obtaining IP addresses from your DHCP server and participating on your network, your options are simple.
- Protect Your Security Logs
- Date - Jul 26, 2005
- Tip on how to protect your Security logs.
- Finding Significant Security Events
- Date - Jul 20, 2005
- How to sort the wheat from the chaff in Windows Security logs.
- Audit Collection Services (ACS)
- Date - Jul 19, 2005
- Microsoft's Audit Collection Services (ACS) is coming soon to simplify collection and management of Security logs throughout your organization.
- Gaps in Security Log
- Date - Jul 14, 2005
- You found a gap of several hours in your Security log, what does it mean?
- Managing Event Logs on Multiple Servers
- Date - Jul 13, 2005
- Tools for managing Event logs on multiple Windows servers.
- Get the Latest ADM Files
- Date - Jul 12, 2005
- How to obtain the latest Administrative Template files from Microsoft.
- Auditing Access to Sensitive Data
- Date - Jul 06, 2005
- How to see who's accessing sensitive files on a server.
- Terrific Resource for Windows Security Log
- Date - Jul 05, 2005
- Here's a terrific resource for the Security log that every Windows admin should know about.
- Want to Improve Group Policy?
- Date - Jun 30, 2005
- How to help Microsoft improve Group Policy and other aspects of Windows Server System platforms.
- Auditing Group Policy Settings
- Date - Jun 28, 2005
- How to use the GPMC for auditing purposes.
- Preventing Group Policy Workarounds
- Date - Jun 22, 2005
- A smart user who has local Administrator or Power Users privileges on their desktop computer may be able to circumvent Group Policy.
- Group Policy Task Force
- Date - Jun 21, 2005
- Check out the work of the Group Policy Task Force.
- Comparing Two Group Policy Objects
- Date - Jun 16, 2005
- How to compare two GPOs and see how their settings differ.
- Reversing Folder Redirection
- Date - Jun 16, 2005
- Careful planning makes it easy to reverse folder redirection later on.
- How Can I Learn Group Policy?
- Date - Jun 14, 2005
- Need to learn how Group Policy works, what it can do, and how to implement it?
- XP SP2 Breaks Group Policy
- Date - Jun 09, 2005
- Resolving an issue with adm files in XP SP2.
- Find Out When Policy Last Applied
- Date - Jun 08, 2005
- How to find out when Group Policy was last applied to a remote machine.
- Joining a Domain Securely
- Date - May 26, 2005
- How to securely add a computer to a domain.
- Transferring Ownership of Files: Good or Bad?
- Date - May 11, 2005
- Windows Server 2003 lets you easily transfer ownership of files, but should you?
- NETBIOS: Leave On or Turn Off?
- Date - Apr 14, 2005
- NETBIOS is supposed to be no longer needed since Windows 2000, but this is not really the case.
- Map Your Network For Better Protection and Incident Response
- Date - Apr 01, 2005
- It is difficult to protect devices that you don't even know exist. In larger enterprises it is very easy to lose track of the asset inventory which leads to complacency about rogue devices. In order to effectively protect the network and to respond to incidents efficiently, an updated asset inventory and network map should always be handy.
- Using Reservations to Ensure DHCP Server Availability and Security
- Date - Mar 24, 2005
- In high security environments you can use Reservations to ensure the security and availability of DHCP servers.
- Protect Wireless Access Using MAC Address Filters
- Date - Mar 22, 2005
- Wireless networks add a significant level of convenience for many users. The ability to roam at will and access the network without adding wires is quite useful. But, you need to do so securely. There are a number of basic steps you should take to protect your wireless network and filtering MAC addresses is one more way to secure it.
- Disabling the RunAs Command
- Date - Mar 22, 2005
- To enhance security you can prevent users from using the RunAs command.
- Google Yourself To Identify Security Holes
- Date - Mar 15, 2005
- Google is very good at what it does. It automatically and systematically catalogues every document, image, web site or other data that is web accessible so that it can be quickly retrieved using the Google search engine. That includes potentially sensitive or confidential data that wasn't intended to be shared publicly. Google your own network or sites to identify possible security holes.
- Disable Enumeration of SID's
- Date - Mar 08, 2005
- One way for an attacker to scope out a target system and, particularly, to identify the Administrator account so they can focus their efforts on the account with the most privileges is to list, or enumerate, the SID's (serial identifiers) on a Windows machine.
- Security Innovations in Windows Server 2003
- Date - Aug 25, 2004
- 205 KB Microsoft Word file - outlines how they facilitate business scenarios such as: building a secure Web application platform, providing secure mobile access, and streamlining identity management across the enterprise.
- Technical Overview of Windows Server 2003 Security Services
- Date - Aug 20, 2004
- 205 KB Microsoft Word file - 324 KB Microsoft Word file
- Using Attack Surface Area and Relative Attack Surface Quotient to Identify Attackability of Windows Server 2003
- Date - Aug 12, 2004
- 416 KB Adobe Acrobat file - In March 2003, Microsoft engaged the Security and Technology Solutions practice of Ernst & Young LLP to validate the Relative Attack Surface Quotient (RASQ) model developed by Microsoft, which quantifies the relative "attackability" provided by each of its operating system platforms. The model provides a methodology to compute the attackability of Microsoft Windows server operating systems by describing potential exploit points and assigning a relative vulnerability level based on exploits that occur in the real world. Ernst & Young conclude that Windows Server 2003 is the least attackable operating system Microsoft has ever released.
- TechNet Webcast: Windows Server 2003 As A Foundation for Risk Management and Security Regulatory Compliance
- Date - Apr 20, 2004
- 71 mins - we will examine the nature of risk management as reflected in these security regulatory requirements. Specifically, we will explore how Windows Server 2003 can be employed as the foundation technology for risk management and to introduce the concept of the Microsoft/Secure Logistix jointly developed Compliance WorkCenter
- TechNet Webcast: Security in a Windows Server 2003 Environment
- Date - Apr 20, 2004
- 95 mins - Rand will talk about the security technologies built-in to Windows Server 2003 and how organizations are implementing the technologies to solve business challenges. Portions of the content covered in this webcast will be taken from Rand's latest book "Windows Server 2003 Unleashed," a 1286-page book from Sams Publishing. Some of the topics that will be covered include IPSec NAT Traversal, Passport technology, Windows Server 2003 certificates, and wireless security using 802.1X in a Windows Server 2003 environment.
- TechNet webcast: Windows Server 2003 Security Guide
- Date - Apr 20, 2004
- 63 mins - webcast will examine the recently released guide called Windows Server 2003 Security Guide and its companion guide, Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP . The new guides provide customers with detailed security guidance on Microsoft Windows Server 2003™ that is authoritative, proven, and tested. The guides are designed to empower users to assess and mitigate a wide range of significant security issues that may exist in their environment.
- MSDN Webcast: Using Authorization Manager on Windows Server 2003
- Date - Apr 20, 2004
- 83 mins - In this advanced session, we will learn how to leverage the Authorization Manager API that’s built into Windows Server 2003 to control access to resources and limit the tasks that a user can perform. We’ll write code to perform dynamic access checks on specific tasks. We’ll compare and contrast controlling authorization via a custom-built SQL scheme and using the Active Directory and Authorization Manager in Windows Server 2003. Finally, we’ll explore how roles can be inherited and integrate auditing.
- MSDN Webcast: Windows Server 2003 Internet Explorer Security Setting Functionality
- Date - Apr 20, 2004
- 36 minutes - look at the changes made to Internet Explorer in Windows Server 2003 and how these changes will affect the ISV or developer when developing applications. This short webcast will cover the background of why the default settings for Internet Explorer will be set at the highest level of security, how the user's experience will be affected and what an ISV or developer can do to ensure their customer has a productive experience on Windows Server 2003.
Article not looking right or info is missing? Let us know so that we can fix it: .
Featured Links*
Become a WindowsNetworking.com member!
Discuss your network issues with thousands of other network administrators. Click here to join!