In depth security has become a requirement for every company. Your network boundaries, firewalls, VPNs, mobile computers, desktops, servers, domain controllers, etc., all need to be considered when you are designing for a secure environment. It is important to know what you get out of the box, as well as what options you have at your disposal to secure these environments. When you consider a new installation of a Windows server, 2000 or Server 2003, you might not be getting the security settings that you anticipate. Both of these operating systems' security will not be configured to meet your expectations or company security requirements.



There are many reasons for the security of these servers to be set for weaker security. First, with so many other operating systems that might need to communicate with them, they need to be set for the ?lowest common denominator? of security to ensure compatibility. The security options that come with Windows Server 2003 are not available on your Windows NT 4.0 Workstations, for example. Second, the servers might be running applications or services that can't run with the heightened security. Your financial servers might be running a third-party accounting application that can't handle encrypted network communication, for example. Third, it is my opinion that many network administrators and companies have been trained to use servers in this state and any form of heightened security at initial installation could render the server useless. I have seen more than my fair share of network administrators become confused when some computers

There are no default installed Windows servers that will meet your security needs completely. Therefore, you need to consider the most economical and efficient methods for configuring these servers. Since security is not a narrow set of configurations, you need to use some mechanism that can handle a wide variety of settings. The security templates provide a broad, yet deep, capability of configuring security settings for your servers. With the variety of security configurations that come standard with the security templates, coupled with the ability to customize them, you can get the majority of the security settings accomplished using only this one solution. Finally, by using any one of three methods to deploy your security templates, GPOs being the most efficient, you can have your servers functioning in a secure manner quickly.