Embedded Files
The content from this site has moved! Please check this link for up-to-date policies.
1.0 Overview
This standard defines terms and procedures for properly setting up and securing a Murray State University Windows server. The configurations discussed are specific to the Murray State University environment and may not work on all machines.
2.0 Purpose
The purpose of this standard is to provide all system administrators, IT staff, or other approved personnel the appropriate information to abide by the Server Security Policy and to configure a Windows server for safe and reliable use.
3.0 Scope
This standard addresses Murray State University Windows servers only.
4.0 Standard
4.1 Server Request
Prior to any server installation, the administrator must first fill out a server request form found here. Once the server has been approved, the administrator can then start the process of ordering and installing the server.
4.2 Configuration Guidelines
The following Windows specific configurations must be made.
Install only Windows 2003 Server or newer.
Rename local Administrator account to something other than Administrator, and ensure it has a strong password
Join the local Murray State domain, unless otherwise authorized by Information Systems
Only use NTFS
Do not use FTP, use SFTP (e.g., FreeFTPD)
Any database server installations need to be cleared through Murray State Application Development Support Services
Any application that needs to run it's own SMTP server, must be cleared through Information Systems
Contact the Security Analyst for centralized logging
4.3 Security Tools
The following tools must be installed, properly configured, and actively running on each server:
Anti-virus and anti-spyware that abides by the Anti-Virus Policy
4.4 Department Notification
Alert the appropriate departments/technicians if the server has additional needs.
Contact the Backup Operators on what needs to be included in the backup routine.
Contact the Network Analyst to add the server to the appropriate update reboot group in Active Directory
Contact the Network Technician if the server needs any type of system monitoring.
5.0 Definitions
Server
For purposes of this policy, a Server is defined as an internal Murray State University Server. Desktop machines and Lab equipment are not relevant to the scope of this policy.
6.0 Revision History
Report abuse