Services and Service Accounts Security Planning Guide
Download this Solution Accelerator
Click here for the Services and Service Accounts Security Planning Guide.
About This Solution Accelerator
This guide is an important resource to plan strategies to run services securely under the Microsoft Windows Server 2003 and Windows XP operating systems. The main goal of this guide is to help administrators reduce the effect of a compromised service on a host operating system.
The guide addresses the common problem of Windows services that are set to run with highest possible privileges, which an attacker could compromise to gain full and unrestricted access to the computer, domain, or even to the entire forest. It describes ways to identify services that can run with lesser privileges, and explains how to downgrade those privileges methodically. This guide can help you assess your current services infrastructure and make some important decisions when you plan for future service deployments.
Microsoft has already tested the services included with the Windows Server 2003 and Windows XP operating systems to run with their default logon accounts, to ensure that they run at the lowest possible privilege level and are sufficiently secure. These services should not need modification. The main focus of this guide is to secure the services that are not provided with the operating system, such as those supplied as a component of other Microsoft server products: for example, Microsoft SQL Server or Microsoft Operations Manager (MOM). Services installed with third-party software applications and line-of-business applications developed in-house might need additional security enhancements.
The guidance is based on Microsoft Security Center of Excellence (SCoE) experience in customer environments and represents a Microsoft best practice.
Included in the Download
The Services and Service Accounts Security Planning Guide includes the following component:
- The Services and Accounts Security Planning Guide.pdf
In More Detail
This guide consists of the following chapters:
Chapter 1: Introduction
This chapter provides an executive summary, introduces the business challenges and benefits, suggests the recommended audience for the guide, and provides an overview of the chapters in this guide.
Chapter 2: The Approach to Running Services More Securely
This chapter provides an overview of the account types used to log on to services and describes the principles and strategies to apply when you plan your program to run services more securely.
Chapter 3: How to Run Services More Securely
This chapter describes how to run services more securely with the principles and strategies discussed in the previous chapter. It also covers the new Security Configuration Wizard in Windows Server 2003 Service Pack 1, which is an indispensable resource in your plan to run services more securely.
Chapter 4: Summary
This chapter summarizes the guidance provided and the problems addressed in this guide. It provides links to additional relevant reading materials.
Related Resources
See other Solution Accelerators that focus on security at the Security Solution Accelerators site on Microsoft TechNet.
Community and Feedback
- Want to know what’s coming up next? Check out our Security Guidance Blog.
- E-mail your feedback to the following address: SecWish@microsoft.com
About Solution Accelerators
Solution Accelerators are authoritative resources that help IT professionals plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.
Register to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as
- Communication & Collaboration
- Security, Data Protection, & Recovery
- Deployment
- Operations & Management
Download This Accelerator
Click here for the Services and Service Accounts Security Planning Guide.