Windows Small Business Server 2011 is heavy duty, coming pre-packaged with Exchange 2010, SQL Server 2008 and all kinds of other memory hogging goodies for your network.
As far as small to mid-sized company server solutions go, Windows Small Business Server 2011 and its predecessors are some of the only solutions that exist, and are therefore widely used. While out-of-the-box security has improved over the years, there are some basic things that every system admin should be able to put in place to ensure security of their network, as it relates to the server.
In a lot of ways, Windows Small Business Server 2011 does a good job of simplifying security best practices for the admin and even to some degree, end users.
The Windows Windows Small Business Server Console allows you to do pretty much all the basic admin tasks from one location (though more seasoned Windows Small Business Server veterans might prefer to deal with the active directory), which is nice, and does a good job of keeping all of the features compact and easy to keep track of.
But in addition to the Windows Small Business Server Console, there are a few other items that should be on your initial to-do list when you’re working on securing a new system. Start with these 5 Basic Steps to Secure Windows Small Business Server 2011.
Secure Windows Small Business Server 2011
1) Set user accounts to “Standard User”
If you don’t intend for a user to be an admin, make sure that their user roles are set to “Standard User.”
This can be easily done from within the Windows Small Business Server Console by clicking the “Users and Groups” tab, right-clicking on the user, clicking on “Change Group Membership” and then selecting the “Windows Windows Small Business Server Administrators” group and clicking “Remove.”
If “Windows Windows Small Business Server Administrators” isn’t already in the list of the user’s groups, then that user is already just a Standard User, and you won’t have to make any changes.
2. Install and run the Best Practices Analyzer
To use the Windows Small Business Server 2011 Best Practices Analyzer, you’ll need to download two things:
- Baseline configuration analyzer
- Best Practices Analyzer
Once you have both installed, you’ll be able to run the BPA which will automatically check for things that need to be changed on your server. If you get a clean BPA scan, you know that you’ve at least covered the basics and that you haven’t overlooked anything.
3) Install Windows Server 2008 Service Pack 1
Oddly enough, the service pack for Windows Server 2008 works with Windows Small Business Server 2011 and should be installed.
4) Set folder permissions on sensitive file shares
Whatever file shares you have on your server, make sure you set permissions for the folders that contain them.
How you have them set up will depend on your network data and what information you’re trying to keep private, but just be sure to spend some time planning out how you want those permissions to look and applying them as security settings.
5) Disable Internet Explorer browsing features
Any plugins, add-ons or scripts that Internet Explorer might run should be turned off via the browser’s security settings. As a general rule, browsing the internet via the server should be avoided entirely because of the risk of intrusion or a viral attack.
Covering the Basics
The good news is that Windows Small Business Server 2011 does a good job of securing itself out of the box. Even still, these are all necessary measures and precautions that should be taken to make sure that you don’t end up compromising your network data.
Once you have these foundational security matters dealt with, you can fine-tune your system based on your company’s unique situation and the type of data that’s stored on your server.
Since everyone’s system and situation is different, the time you spend making the detailed adjustments to your security settings is vitally important, so be sure to keep this list in perspective: It’s a good place to start, but not the end all.