Securing Windows Server 2003 tasks
Cisco TMS Secure Server Configuration Guide 13.0
Page 13 of 34
1.
Open a command prompt and navigate to the .NET 2 installation folder. This normally is
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
2.
Use the aspnet_regiis tool to register the service user to access the required IIS elements with
aspnet_regiis –ga <username>
aspnet_regiis –ga tmsserviceuser
3.
Open Windows Start > Control Panel > Administrative Tools > Internet Information
Services (IIS) Manager
4.
Under the name of the local server, expand the Application Pools folder.
5.
Right- click TMSNet20AppPool and select Properties.
6.
Select the Identity tab.
7.
In Application Pool identity select Configurable
8.
Browse or enter the tmsserviceuser for User Name and the password of this user.
9.
Click OK to close the window
10.
Right-Click the Server in the IIS Manager, go to All Tasks and select Restart IIS to restart the
IIS Server
Open Windows Start > Control Panel > Administrative Tools > Services
Locate the services whose names start with ‘TMS’. For each of these service do the following:
1. Double-click the service to open the properties window.
2. Select the Log On tab and select This Account.
3. Enter the account details for the tmsserviceuser account
4. Click OK.
5. Right-click the service
6. Select Restart to have the changes take effect.
Note: These steps must be repeated after any future Cisco TMS installations or upgrades as the
installer will default these services back to the default settings.
Remove unnecessary user accounts
To remove unnecessary user accounts go to Windows Start > Control Panel > Administrative Tools
> Computer Management> System Tools > Local Users and Groups.
Disable all accounts except
Your renamed Administrator account
IWAM_<machinename>
ASPNET
Sqlserviceuser
Your administrator account
IUSR_<machine-name>
tmsserviceuser
At the very least the ‘Guest’ account (disabled by default) should not be active.
Disabling an account is done by:
1. Right-click the account name.
2. Selecting Properties .
3. Under the General tab check the checkbox Account is disabled.