58
Retention method for application log
Member Server Default
Legacy Client
Enterprise Client
High Security Client
As needed
As needed
As needed
As needed
The
Retention method for application log
security setting determines the "wrapping" method for the
application log. It is imperative that the application log is archived regularly if historical events are
desirable for either forensics or troubleshooting purposes. Overwriting events as needed ensures that
the log always stores the most recent events, although this could result in a loss of historical data.
Retention method for security log
Member Server Default
Legacy Client
Enterprise Client
High Security Client
As needed
As needed
As needed
As needed
The
Retention method for security log
security setting determines the "wrapping" method for the
security log. It is imperative that the security log is archived regularly if historical events are desirable
for either forensics or troubleshooting purposes. Overwriting events as needed ensures that the log
always stores the most recent events, although this could result in a loss of historical data.
Retention method for system log
Member Server Default
Legacy Client
Enterprise Client
High Security Client
As needed
As needed
As needed
As needed
The
Retention method for system log
security setting determines the "wrapping" method for the system
log. It is imperative that the logs are archived regularly if historical events are desirable for either
forensics or troubleshooting purposes. Overwriting events as needed ensures that the log always
stores the most recent events, although this could result in a loss of historical data.
2.8.5
System Services
When Windows Server 2003 and Windows Storage Server 2003 are first installed, default system
services are created and are configured to run when the system starts. Many of these system services
do not need to run in the three environments defined in this guide. There are additional optional
services available with Windows 2003, such as Certificate Services, that are not installed during the
default installation of Windows Server 2003. The optional services can be added to an existing
system by using
Add/Remove Programs,
or the Windows Server 2003 Configure Your Server
Wizard, or by creating a customized automated installation of Windows Server 2003. Any service
or application is a potential point of attack. Therefore, any unneeded services or executable files are
disabled or removed in the target environment. The MSBP only enables the services required for a
Windows Server 2003 member server to participate in a Windows Server 2003 domain to provide
basic management services. Specific services required for each server role are also enabled. Specific
group policies will be described in other sections of this guide, which will detail the specific steps
required to harden each server role. Depending upon the NAS appliance’s server roles,
administrators may need to consolidate the security lockdown information within the later sections.
For example, administrators who have NAS appliances that function as file servers, printer servers,
and IIS servers need to merge the security templates for each of the corresponding server roles as well
as consolidate and complete the security lockdown steps within each server role.
Specific services required for each server role are enabled on a per server role basis-the specific
Group Policies for these server roles as described in the sections to follow this one. If additional server
roles were needed in the environments detailed in this guide, it would have been necessary to enable
additional services for them. For example, if Microsoft SQL Server was going to be used for storing
customer data on the back end of a Web application, then SQL Server would need to be installed. A