Â鶹´«Ã½

Windows Server Configuration Standards

1.0 Overview

This standard defines terms and procedures for properly setting up and securing a Â鶹´«Ã½ State University Windows server. The configurations discussed are specific to the Â鶹´«Ã½ State University environment and may not work on all machines.

2.0 Purpose

The purpose of this standard is to provide all system administrators, IT staff or other approved personnel the appropriate information to abide by the Server Security Policy and to configure a Windows server for safe and reliable use.

3.0 Scope

This standard addresses Â鶹´«Ã½ State University Windows servers only.

4.0 Standard

4.1 Server Request

Prior to any server installation, the administrator must first fill out a . Once the server has been approved, the administrator can then start the process of ordering and installing the server.

4.2 Configuration Guidelines

The following Windows-specific configurations must be made.

  • Install only Windows 2003 Server or newer.
  • Rename local Administrator account to something other than Administrator, and ensure it has a strong password
  • Join the local Â鶹´«Ã½ State domain, unless otherwise authorized by Information Systems
  • Only use NTFS
  • Do not use FTP, use SFTP (e.g., FreeFTPD)
  • Any database server installations need to be cleared through Â鶹´«Ã½ State Application Development Support Services
  • Any application that needs to run it's own SMTP server must be cleared through Information Systems
  • Contact the Security Analyst for centralized logging

4.3 Security Tools

The following tools must be installed, properly configured and actively running on each server:

4.4 Department Notification

Alert the appropriate departments/technicians if the server has additional needs.

  • Contact the Backup Operators on what needs to be included in the backup routine.
  • Contact the Network Analyst to add the server to the appropriate update reboot group in Active Directory.
  • Contact the Network Technician if the server needs any type of system monitoring.

5.0 Definitions

Server

For purposes of this policy, a Server is defined as an internal Â鶹´«Ã½ State University Server. Desktop machines and Lab equipment are not relevant to the scope of this policy.

6.0 Revision History

Take the next step

© Â鶹´«Ã½ State University Department of Web ManagementWe are Racers.