The best practice is to avoid “manual by document OS
hardening” at all cost, especially with the latest Windows 2012 and 2012 R2
OSs. From
my experience each company usually creates its own hardening
guidance/procedures in accordance with Microsoft’s Baseline Server Hardening: https://technet.microsoft.com/en-us/library/cc526440.aspx.
However, I personally do not recommend manual
Server hardening, because IT could follow to non-standard (and sometimes
unsupported) settings which are picked from outdated hardening guides, and it
can cause the server to misbehave, result into breakdown of various operating
system related components and failure of critical applications. I always advice
my customers to use these two tools (urls are below) for ‘hardening’ Windows
Server 2012/2012-R2. Any other method to harden the server might result in
unforeseen results.
· Security Compliance Manager (https://technet.microsoft.com/en-in/solutionaccelerators/cc835245.aspx)
The
SCW tool has server roles templates, but some templates for
some server roles would need to be downloaded and configured separately.
Example: By default, the SCW does not include support for the TMG 2010 role nor
TMG Enterprise Management Server (EMS) role. To support these roles,
download and install TMGRolesForSCW.exe included in the TMG 2010
Tools and Software Development Kit (SDK), available here.
Sincerely,
Andrei
Vassiliev
Systems
Integration Consultant – “Microsoft Infrastructure Services Team”
Dell | Consulting &
Systems Integration
lync +1 512 723-8974
lync +1 512 723-8974
Customer
feedback | How am I doing? Please contact my manager Tim_Alvey@Dell.com
No comments:
Post a Comment