Windows Server Configuration Standards

1.0 Overview

This standard defines terms and procedures for properly setting up and securing a Murray State University Windows server. The configurations discussed are specific to the Murray State University environment and may not work on all machines.

2.0 Purpose

The purpose of this standard is to provide all system administrators, IT staff, or other approved personnel the appropriate information to abide by the Server Security Policy and to configure a Windows server for safe and reliable use.

3.0 Scope

This standard addresses Murray State University Windows servers only.

4.0 Standard

4.1 Server Request

Prior to any server installation, the administrator must first  fill out a server request form found here. Once the server has been approved, the administrator can then start the process of ordering and installing the server.

4.2 Configuration Guidelines

The following Windows specific configurations must be made.

• Install only Windows 2003 Server or newer.

• Rename local Administrator account to something other than Administrator, and ensure it has a strong password

• Join the local Murray State domain, unless otherwise authorized by Information Systems

• Only use NTFS

• Do not use FTP, use SFTP (e.g., FreeFTPD)

• Any database server installations need to be cleared through Murray State Application Development Support Services

• Any application that needs to run it's own SMTP server, must be cleared through Information Systems

• Contact the Security Analyst for centralized logging

4.3 Security Tools

The following tools must be installed, properly configured, and actively running on each server:

• Anti-virus and anti-spyware that abides by the Anti-Virus Policy

4.4 Department Notification

Alert the appropriate departments/technicians if the server has additional needs.

• Contact the Backup Operators on what needs to be included in the backup routine.

• Contact the Network Analyst to add the server to the appropriate update reboot group in Active Directory

• Contact the Network Technician if the server needs any type of system monitoring.

5.0 Definitions

Server

For purposes of this policy, a Server is defined as an internal Murray State University Server. Desktop machines and Lab equipment are not relevant to the scope of this policy.

6.0 Revision History