Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


June 2004

Setting Up Windows Systems Securely


From the June 2004 Edition
of Windows IT Pro
Randy Franklin Smith
Ask the Experts
InstantDoc #42577
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Internet Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

I've heard that you shouldn't connect new Windows systems to the network until you complete the setup. Why?

When you install Windows, it configures itself with default settings, some of which are insecure even in Windows Server 2003. Additionally, a new Windows system usually lacks all security patches released since the OS was released. The only way to make sure new Windows systems are secure is to perform a slipstreamed installation of Windows, in which you copy the contents of the Windows CD-ROM to a server folder, then install service packs and updates on top of the Windows installation files.

To slipstream a service pack, note the folder to which you've copied the Windows CD-ROM, then run the service pack's update program and use the -s parameter to point to the Windows installation files. For example, if you copied your Windows CD-ROM to \\server1\windows, you'd change your current directory to the directory that contains your service pack and run the command

update -s \\server1\windows

The service pack will update the specified installation files.

A new Windows system is initially vulnerable to a host of risks from other systems on the network. If you connect the new system to the Internet, the risks are even higher—sometimes a new Windows system is hacked even before the administrator can lock it down. Consequently, you should install Windows while the system is disconnected from any network that attackers or malicious insiders could access.

For those who don't have an isolated setup-lab network with a server that hosts Windows setup files and application installation files, Microsoft provides a handy tool called the Security Readiness Kit (SRK) 4.1. The SRK contains the most recent service packs for Windows NT 4.0 and later, Microsoft SQL Server 7.0 and later, Microsoft Data Engine (MSDE) 1.0 and later, and SQL Server Desktop Engine 2000. The SRK lets you install service packs directly from the CD-ROM without having a network. The SRK also provides links to all post-service-pack security updates. To use this feature, you need to connect the computer to a network that provides Internet access, then download the updates from the Windows Update site.

—Randy Franklin Smith

End of Article

Reader Comments
The ideas presented were already know to me.

DonJuan64 August 02, 2004 (Article Rating: )

its a really useful article as in the sense, any administrators must know this.

Anonymous User February 04, 2005

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
PsExec

This freeware utility lets you execute processes on a remote system and redirect output to the local system. ...

Microsoft Delivers Service Pack 2 Beta 2 for Vista, Server 2008

Microsoft on Tuesday announced the availability of the Beta 2 version of Service Pack 2 (SP2) for Windows Vista and Windows Server 2008. Since both operating systems were developed from the same code base, they have a common servicing structure and thus ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...
Security Whitepapers The Impact of Messaging and Web Threats

Why SaaS is the Right Solution for Log Management

Protecting (You and) Your Data with Exchange Server 2007
Related Events How IE7 & The New Extended Validation SSL Certificates Impact Your Site

Top 10 Email Security Challenges and Solutions

Introduction to Identity Lifecycle Manager "2"

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Register for Orion NPM v9 - Evaluation
Affordable, easy-to-use network performance management with SolarWinds Orion – Free Trial!

Want a Hardware-Independent Image?
Binary Research, the Ghost people, shows you how to clone with 1!

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Implement a Successful Archiving Solution
View this web seminar to learn the best practices for creating an email archive that is secure, compliant, and searchable.
Protect Your Company’s Digital Assets
Do you know the risks of sending important files over email or FTP? Read this white paper to learn what you can do to safeguard your company’s data.

Prepare Yourself for Exchange Catastrophe
Read this white paper to learn how you can keep Exchange server healthy, as well as predict and respond to server failure.

Boost Customer Confidence and Satisfaction
Read this eBook to learn how faxing can ease communication with less computer-savvy customers while reducing your security, compliance and support woes.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing