You should harden your operating system and applications according to best practices for that specific component.
Securing Application Servers
For applications servers, the operating system and the application should be hardened. For example, a Windows Server 2003 computer dedicated to running Microsoft Internet Security and Acceleration (ISA) Server 2006 should be hardened from the operating system and from the application perspective. Minimizing the number of services running and provided by the server should be a primary goal.
In Windows Server 2003 and Windows Server 2008, Group Policy provides directory-based desktop configuration management. You can use Group Policy to implement security lockdowns by defining Computer and User settings within a Group Policy object (GPO) for the following:
- Registry-based policies
- Software installation
- Folder redirection
- Remote installation services
To provide a user interface for the administrator to configure these settings, administrative templates are shipped with operating system releases, service pack releases, and some applications, including Office Communications Server 2007 R2.
The Communicator.adm file is an administrative template that ships with Office Communications Server 2007 R2, is installed to the %windir%\inf\ directory, and provides an interface for RTC client API and Messenger Group Policy Settings. Each setting in Communicator.adm corresponds to a setting in the registry that affects application behavior.
The settings can be accessed from GPedit.dll, which is accessible from the Active Directory Users and Computers console and the Group Policy Management Console (GPMC).
Group Policy Security Settings
Group Policy contains security settings for a GPO under
Computer Configuration/Windows Settings/Security Settings when
accessed from GPedit.dll. You can import security templates to
configure security settings for the GPO. The Windows
Server 2003 Security Guide at
- Harden all server operating systems and applications.
- Use Group Policy to implement security lockdowns.