Help and Support
 

powered byLive Search

Top 10 Potential Problematic Security Settings for Microsoft Windows XP Professional Edition and Microsoft Windows Server 2003.

View products that this article applies to.
Author: Kerry Steele MVP
Community Solutions ContentCommunity Solutions Content Disclaimer
Article ID:555069
Last Review:March 5, 2004
Revision:1.0

SUMMARY

When implementing the Microsoft Windows XP or Server 2003 High Security templates included with the Windows XP and Server 2003 Security Guides, various enterprise applications may lose functionality, or fail to operate properly or as expected. In many cases it will appear that communication is broken between the client and the enterprise management console. In other cases a service may fail to start properly, or an access denied or cannot connect error from within the enterprise management software. Enterprise management applications include network backup software, patch management software, software distribution and inventory applications.

Back to the top

Tips

Top 10 Potential Problematic Security Settings

Many enterprise management tools rely on several of these features of the operating system:
 
Enterprise and other applications may require:
Administrative Shares (C$, ADMIN$) - AutoShareWks or AutoShareServer
Remote Registry Service
Task Scheduler
RestrictAnonymous (Null User Sessions)
NTFS/Registry Permissions
NetBIOS over TCP/IP
LM VS. NTLM VS. NTLMv2 Authentication - LmCompatibilityLevel
File/Printer Sharing Bindings
Workstation Service
Server Service

To troubleshoot most of these settings, it is either:
 - Turn it on
 - Turn it off
 - Tweak the value
 
For an application to function properly, it may require tuning several of the settings listed above.
 
The settings that are more difficult to troubleshoot are NTFS and Registry permissions. 
There are two ways to troubleshoot these issues:
 - Enable auditing of Failed Object Access, and watch for Failure events in the Event Viewer.
 - Use third party tools such as FileMon and RegMon from SysInternals – http://www.sysinternals.com.  Look for “Access Denied” alerts.

Back to the top

APPLIES TO
Microsoft Windows XP Professional
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Home Edition
Microsoft Windows XP Media Center Edition 2002
Microsoft Windows XP Tablet PC Edition

Back to the top

Community Solutions ContentCOMMUNITY SOLUTIONS CONTENT DISCLAIMER
MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

Back to the top

Article Translations

 

Related Support Centers

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.