Microsoft has made security the focal point of its Windows Server 2003 publicity, especially the publicity that's targeted toward IT professionals. Windows 2003 marketing materials tout Bill Gates's challenge to Microsoft employees in January 2002 to develop a Trustworthy Computing initiative, and product managers and developers from the Windows 2003 security team are taking center stage to convince IT audiences that Microsoft has radically changed the security philosophy of its Windows OSs.
Some of the changes announced with Windows 2003 are completely new functions, such as the Software Restriction Policy (SRP), which can prevent the execution of unapproved applications on any member of a domain. Just as important, though, are changes to existing security mechanisms and OS configuration standards. A key goal in the Trustworthy Computing initiative is to be secure by default. In other words, you shouldn't have to manually harden the OS by tweaking applications and the registry before you can safely deploy the system.
Windows 2000 took an overly innocent approach to object permissions, or ACLs. Although Win2K lets you set ACLs for files, directories, print queues, registry hives, directory shares, and other objects, Microsoft set lenient default permissions for all these objects. In Windows 2003, Microsoft has revised many of those too-lenient default permissions. These changes not only go a long way toward the secure-by-default goal, but they also change what you might have grown to expect as Windows OS defaults. Here are 10 major changes you should know about before installing Windows 2003.
1. New Default ACL for Directory Shares
When you created a new directory share in Win2K or Windows NT, you didn't need to enter any permission options. You simply clicked OK, and all authenticated users had full read/write permissions. Microsoft's reasoning for full-access share permissions was that administrators would restrict access through complementary NTFS file permissions.
That reasoning is contrary to Microsoft's new secure-by-default goal. When you create a share in Windows 2003, permissions are still granted to the Everyone group (i.e., all authenticated users) but only for read access. In other words, Microsoft changed the default ACL for directory shares from Everyone:F to Everyone:R. (This change doesn't alter the default ACL of Administrators:F for administrative shares.) If you upgrade a system from Win2K to Windows 2003, permissions for existing directory shares aren't altered, but all new directory shares created after you upgrade receive the new default ACL. Although administrators will have to take an extra step to assign permissions to specific users when setting up shares, the shares will be more secure as a result.
2. New System Root ACL Option
In preWindows 2003 OSs, the ACLs for files and directories had weak default settings. Although the \winnt directory and its subdirectories were restricted to administrators, the root of system partitions (usually C:\) was set at the same default NTFS permissions—Everyone:F—as the other directories. To remedy this situation, Windows 2003 includes a new option that, by default, sets the ACLs for these files and directories to full access for administrators and no access for every other user.
Windows 2003 administrators who are in the habit of storing data in the C:\ partition will have to move the data or not use the System Root ACL option. If you're one of these administrators, plan to do the former because using the System Root ACL is a good security measure. You can select the System Root ACL option from within the installation or upgrade process.