【正文】 ..............................................................13 Specialized Security – Limited Functionality Environment ....................................14 Specialized Security .....................................................................................15 Limited Functionality ....................................................................................15 ii Windows Server 2020 Security Guide Security Design ..................................................................................................17 OU Design for Security Policies .....................................................................17 GPO Design for Security Policies ...................................................................19 More Information ...............................................................................................22 Chapter 2: Reducing the Attack Surface by Server Role................................... 23 Securing Server Roles ........................................................................................23 Server Manager............................................................................................23 Server Core..................................................................................................25 Security Configuration Wizard.......................................................................26 Using SCW and Group Policy to Improve Security ...............................................28 Using the SCW to Create Role Policies...........................................................28 Common Security Configuration Assumptions .....................................................30 More Information ...............................................................................................32 Chapter 3: Hardening Active Directory Domain Services ................................. 33 Active Directory Domain Controller Role Service .................................................34 Attack Surface..............................................................................................34 Security Measures ........................................................................................35 Configuration Checklist .................................................................................35 Relevant Group Policy Settings .....................................................................51 More Information .........................................................................................51 Identity Management for UNIX Role Service........................................................52 Server for Network Information Services ............................................................52 Attack Surface..............................................................................................52 Security Measures ........................................................................................53 Configuration Checklist .................................................................................53 Relevant Group Policy Settings .....................................................................54 More Information .........................................................................................54 Password Synchronization ..................................................................................54 Attack Surface..............................................................................................54 Security Measures ........................................................................................55 Configuration Checklist .................................................................................55 Relevant Group Policy Settings .....................................................................58 More Information ...............................................................................................58 Windows Server 2020 Security Guide iii Chapter 4: Hardening DHCP Services ................................................................. 61 Attack Surface....................................................................................................61 Security Measures ..............................................................................................62 Configuration Checklist .................................................................................62 Relevant Group Policy Settings .....................................................................66 More Information ...............................................................................................67 Chapter 5: Hardening DNS Services ................................................................... 69 Attack Surface....................................................................................................69 Security Measures ..............................................................................................70 Configuration Checklist .................................................................................70 Relevant Group Policy Settings .....................................................................74 More Information ...............................................................................................74 Chapter 6: Hardening Web Services ................................................................... 75 Secure By Default ..............................................................................................76 Attack Surface....................................................................................................78 Security Measures ..............................................................................................78 Configuration Checklist .................................................................................79 More Information ...................