The following resource on Microsoft.com can provide you with further security best practice information about how to design and maintain a server running Windows Server 2008 that performs the Print Server role:
"Point and Print Security in Windows Vista" white paper.
Server Core Installation Option of Windows Server 2008 Step-By-Step Guide.
Windows Management Instrumentation.
Windows Remote Management.
Windows Server 2008: Server Management.
Windows Server 2008 TechNet Library.
Chapter 9: Hardening Active Directory Certificate Services
Active Directory® Certificate Services (AD CS) in Windows Server® 2008 provides services that you can customize to create and manage public key certificates in software security systems that employ public key technologies, including version 3 of X.509 certificates. Organizations can use AD CS to enhance security by binding the identity of a person, device, or service to a corresponding key pair. AD CS also includes features that allow you to manage certificate enrollment and revocation in a variety of scalable environments.
The role services available for the AD CS role are displayed in the following figure.
Figure 9.1 Role services hierarchy for the AD CS role
This chapter can help you harden server computers that perform the AD CS role. This chapter provides prescriptive guidance for hardening each of the role services available for the AD CS role. Because each AD CS role service has a distinct function, identify those that you want to configure on your server computer, and then use the recommendations in this chapter to harden each role service.
Note The AD CS role service is not available on Server Core installations of Windows Server 2008 or Windows Server 2008 for Itanium-Based Systems.
For more information about the AD CS role service, see Active Directory Certificate Services.
Certification Authority Role Service
The Certification Authority role service allows you to install root and subordinate certification authorities (CAs) to issue certificates to users, computers, and services, and to manage certificate validity.
Requirements to install these CAs include the following:
To install a root CA, membership in the local Administrators group, or equivalent, is the minimum requirement to complete this procedure. If you are installing an enterprise CA, membership in Domain Admins, or equivalent, is the minimum requirement to complete this procedure. For more information, see "Implement Role-Based Administration" in the Help and Support for Windows Server 2008.
To install a subordinate CA, membership in the local Administrators group, or equivalent, is the minimum requirement to complete this procedure. If you are installing an enterprise CA, membership in Domain Admins, or equivalent, is the minimum requirement to complete this procedure. For more information, see "Implement Role-Based Administration" in the Help and Support for Windows Server 2008.
|
