Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Advice on Secureing a Windows Server 2003 Network....

  1. #11
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default

    Alright...sorry I could not post back faster...been having a lot going on. Iv learned a little more about the company...all the employees files are mostly in the My Docs folder on ALL the computers. I talked to the manager about "regulations" and he says he does not know of any. None of the HDs are encrypted I found out...the company seems like it was put together slapdash....but im working with what I can. I made each person a account on the server and assigned them there own share with a users group share for collaboration, like some of you suggested. Works great. Also I dont think they can pay even one person $20,000 a year...the company works hard to save a cent I found out.

    I had my first Disaster on Thursday. Well after determining that they did not need AD (I think) I rolled it back to give the server more resources....I got a call back a on Friday saying the server was randomly shutting down....? I went back to the office and looked a the event logs and it said something like "Is not a domain controller thus voiding the EULA, Server shutting down in 30 minutes." What the heck?

    Well I solved it by reinstalling AD...well just leave the workstations/laptops as a Workgroup...bad news is the broke Sharepoint and crashed the Embedded SQL thing that it was running off of....By playing with service permissions I got the SQL service to start back up but Sharepoint still threw out errors. I did some MS reserach and found that it was a documented bug...and tried there workaround but as I thought it failed miserably....I had to do a reformat.

    A day later were back up and running. Sharepoint gave me a ton load of errors during the install...worked fine the first time and it took most of the time getting that up and going...had to find a hotfix on MS website. I got rid of the shares...I made one backup Share and made a batch file to copy the documents and desktop folders to a corresponding folder for the employee and then a batch script to copy that backup folder to a pen drive for the manager. Thats what they can use for backup. The manager installed a Time Clock program on the server and the only things its used for is Sharepoint, Time Clock, and Backup...and now the server is not rebooting.

    I got the manager to sign up for 3 months for Godaddy....He wants to host it himself to save $$$ But im realllly trying to get him to host it somewhere else...but I looked at IIS lockdown, a DMZ support and VMWare and encrypting HDs (Depends how it will impact the backup setup). Also ill make him buy like Norton 360 or something for the web server.

    So theres a update...
    QUOTE=cybrsnpr;118082]I think you have the right idea, but I also think you are really trying to kill a gnat with a small nuclear device!

  2. #12
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by >Dart> View Post
    Is not a domain controller thus voiding the EULA, Server shutting down in 30 minutes.
    Have to love Microsoft licensing. It bites paying customers in the ass without causing much of an issue for the pirates.


    Quote Originally Posted by >Dart> View Post
    Well I solved it by reinstalling AD...
    If you have to have AD you may as well use it, it will give benefits in terms of easier system management.


    Quote Originally Posted by >Dart> View Post
    I made one backup Share and made a batch file to copy the documents and desktop folders to a corresponding folder for the employee and then a batch script to copy that backup folder to a pen drive for the manager. Thats what they can use for backup.
    Do they take the USB off site so it wont burn up in an office fire? Is the USB encrypted so it cant be read when it gets lost or stolen? Do the backups get tested on a regular basis? Backups are the one thing you do NOT want to get wrong.

    Quote Originally Posted by >Dart> View Post
    The manager installed a Time Clock program on the server
    Installing random bits of software on your server is not a great move.

    Quote Originally Posted by >Dart> View Post
    I got the manager to sign up for 3 months for Godaddy....He wants to host it himself to save $$$ But im realllly trying to get him to host it somewhere else...
    Ask him what the impact of any of the following would be on his business:
    • Malware is distributed to clients from the companies website
    • Website is defaced, the content deleted or website otherwise make unavailable for extended period
    • The website experiences a DOS attack, potentially affecting access to the website, Internet and email access for the company and/or affecting the performance of their file server (because its installed on the same physical machine)
    • Data stored on the company file server is stolen and provided to a competitor, leaked or deleted


    If any of those will cause a significant impact to the business, the he should host the website at a hosting provider. Judging by the description you've given, these systems are just waiting to get owned, so minimise risk by outsourcing high risk activities like Internet facing websites.

    The only time that a website should be hosted under the conditions you have described is when the website doesn't matter and nothing on the server or the machines it can directly access is important.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #13
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    18

    Default

    Yeah, SBS isnt a fan of having itself demoted from DC to workgroups. Thank GOD I did a little research on that before doing the exact same thing. Usually I just do it, and pay for it later. Glad im moving past that!

    If your boss does the Domain deal in house, he can surely start using Exchange which I find has a bunch of cool features for small to Medium Business. Even more so now that everyone and their uncles have a damn iPhone. Though I do agree with Lupin, hosting a site in house under the same Static IP, on the same server as EVERYTHING else, is just begging to have someone kick you to the curb. I wouldnt do it. Besides, there are plenty of places you can find stupid cheap web hosting deals.

    As for Norton 360, I personally would stay away from it on a server environment! This is just my personal belief, however Ive seen that program create alllll kinds of havoc, by slowing down resources. And no telling what it would do with a server actively using SQL. I myself would recommend something like AVG business, either network or internet on the server.

    Just my 2cents.

    -Chrisso

  4. #14
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by chrisso View Post
    ...

    As for Norton 360, I personally would stay away from it on a server environment! This is just my personal belief, however Ive seen that program create alllll kinds of havoc, by slowing down resources. And no telling what it would do with a server actively using SQL. I myself would recommend something like AVG business, either network or internet on the server.
    If you want a Symantec product, you really want Symantec Enterprise on an SBS server; not Norton 360.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #15
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Thorn View Post
    If you want a Symantec product, you really want Symantec Enterprise on an SBS server; not Norton 360.
    I ran Norton enterprise 8 for a long time. I never had a problem with it on any of my servers. It was easy to setup and maintain.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #16
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    18

    Default

    Symantec Enterprise worked great on a sbs server in Dallas I manage. However, the dang thing didnt uninstall very easy when we moved on past it.

    But it did infact run great. Used very few resources, and never bothered you unless you managed to really foul up your system. I can say that it had the beset server management console I have seen yet on a server, regarding Antivirus, etc.

    -Chrisso

  7. #17
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by chrisso View Post
    Symantec Enterprise worked great on a sbs server in Dallas I manage. However, the dang thing didnt uninstall very easy when we moved on past it.

    But it did infact run great. Used very few resources, and never bothered you unless you managed to really foul up your system. I can say that it had the beset server management console I have seen yet on a server, regarding Antivirus, etc.

    -Chrisso
    McAfee's enterprise level AV isn't bad either. I have it running on a client's SBS setup. The management console is pretty easy to use, although I prefer Symantec's.
    Thorn
    Stop the TSA now! Boycott the airlines.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •