【正文】 e trademarks of their respective owners. You have no obligation to give Microsoft any suggestions, ments or other feedback (Feedback) relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and mercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them. Contents Overview ................................................................................................................. 1 Executive Summary .............................................................................................1 Who Should Read This Guide ................................................................................3 Skills and Readiness .......................................................................................3 Guide Purpose ................................................................................................4 Guide Scope ...................................................................................................4 Guidance and Tool Requirements ....................................................................5 Chapter Summary ................................................................................................6 Overview........................................................................................................7 Chapter 1: Implementing a Security Baseline .................................................7 Chapter 2: Reducing the Attack Surface by Server Role ..................................7 Chapter 3: Hardening Active Directory Domain Services .................................7 Chapter 4: Hardening DHCP Services..............................................................8 Chapter 5: Hardening DNS Services ...............................................................8 Chapter 6: Hardening Web Services ...............................................................8 Chapter 7: Hardening File Services .................................................................8 Chapter 8: Hardening Print Services ...............................................................8 Chapter 9: Hardening Active Directory Certificate Services..............................8 Chapter 10: Hardening Network Policy and Access Services ............................9 Chapter 11: Hardening Terminal Services .......................................................9 Appendix A: Security Group Policy Settings ....................................................9 Style Conventions ................................................................................................9 More Information ...............................................................................................10 Support and Feedback ..................................................................................11 Acknowledgments ..............................................................................................11 Development Team ......................................................................................11 Contributors and Reviewers ..........................................................................12 Chapter 1: Implementing a Security Baseline ................................................... 13 Enterprise Client Environment ............................................................................13 Specialized Security – Limited Functionality Environment ....................................14 Specialized Security .....................................................................................15 Limited Functionality ....................................................................................15 ii Windows Server 2020 Security Guide Security Design ..................................................................................................17 OU Design for Security Policies .....................................................................17 GPO Design for Security Policies ...................................................................19 More Information ...............................................................................................22 Chapter 2: Reducing the Attack Surface by Server Role................................... 23 Securing Server Roles ........................................................................................23 Server Manager............................................................................................23 Server Core..................................................................................................25 Security Configuration Wizard.......................................................................26 Using SCW and Group Policy to Improve Security ...............................................28 Using the SCW to Create Role Policies...........................................................28 Common Security Configuration Assumptions .....................................................30 More Information ...............................................................................................32 Chapter 3: Hardening Active Directory Domain Services ................................. 33 Active Directory Domain Controller Role Service .................................................34 Attack Surface..............................................................................................34 Security Measures ..............................