【正文】 ers ............................................157 Securing the TS Gateway ...........................................................................198 More Information .............................................................................................200 Index ................................................................................................................... 203 Overview Wele to the Windows Server 2020 Security Guide. This guide provides instructions and remendations to help strengthen the security of puters running Windows Server174。 Windows Server174。 2020 Security Guide Version Published: February 2020 For the latest information, please see Copyright 169。 2020 that are members of an Active Directory174。 Domain Services (AD176。s business. Every day, adversaries are attempting to invade your works and access your servers to bring them down, infect them with viruses, or steal information about your customers or employees. Attacks e from all directions: from onsite employee visits to Web sites infected with malware, to offsite employee connections through virtual private works (VPNs), branch office work connections to corporate servers, or direct assaults on vulnerable puters or servers in your 2 Windows Server 2020 Security Guide work. Organizations of all sizes now also face more plex and demanding audit requirements. You know firsthand how essential your servers are to keeping your anization up and running. The data they house and the services they provide are your anization’s lifeblood. It is your job to stand guard over these essential assets, prevent them from going down or falling victim to attacks from outside and inside your anization, and to prove to auditors that you have taken all reasonable steps to secure your servers. Windows Server 2020 is engineered from the ground up with security in mind, delivering an array of new and improved security technologies and features that provide a solid foundation for running and building your business. The Windows Server 2020 Security Guide is designed to further enhance the security of the servers in your anization by taking full advantage of the security features and options in Windows Server 2020. This guide builds on the Windows Server 2020 Security Guide, which provides specific remendations about how to harden servers running Windows Server 2020 with Service Pack 2 (SP2). The Windows Server 2020 Security Guide provides remendations to harden servers that use security baselines for the following two environments: ?? Enterprise Client (EC). Servers in this environment are located in a domain that uses AD DS and municate with other servers running Windows Server 2020 or Windows Server 2020 SP2 or later. The client puters in this environment include a mixture: some run Windows Vista174。 3 about how to use the tool to acplish these tasks, see How to Use the GPOAccelerator. This guide is designed primarily for enterprise customers. To obtain the most value from this material, you will need to read the entire guide. However, it is possible to read individual portions of the guide to achieve specific aims. The Chapter Summary section in this overview briefly introduces the information in the guide. For further information about security topics and settings related to Windows Server 2020, see the Windows Server 2020 Security Guide Settings workbook and the panion guide, Threats and Countermeasures. Who Should Read This Guide The Windows Server 2020 Security Guide is primarily for IT professionals, security specialists, work architects, puter engineers, and other IT consultants who plan application or infrastructure development and deployments of Windows Server 2020 for servers in an enterprise environment. The guide is not intended for home users. This guide is for individuals whose jobs may include one for more of the following roles: ?? Security specialist. Users in this role focus on how to provide security across puting platforms within an anization. Security specialists require a reliable reference guide that addresses the security needs of every level of the anization and also offers proven methods to implement security countermeasures. Security specialists identify security features and settings, and then provide remendations on how their customers can most effectively use them in high risk environments. ?? IT operations, help desk, and deployment staff. Users in IT operations focus on integrating security and controlling change in the deployment process, whereas deployment staff focuses on administering security updates quickly. Staff in these roles also troubleshoot security issues related to applications that involve how to install, configure, and improve the usability and manageability of software. They monitor these types of issues to define measurable security improvements and a minimum of impact on critical business applications. ?? Network architect and planner. Users in this role drive the work architecture efforts for puters in their anizations. ?? Consultant. Users in this role are aware of security scenarios that span all the business levels of an anization. IT consultants from both Microsoft Services and partners take advantage of knowledge transfer tools for enterprise customers and partners. Note Users who want to apply the prescriptive guidance in this guide must, at a minimum, read and plete the steps to establish the EC environment in How to Use the GPOAccelerator. Skills and Readiness The following knowledge and skills are required for consultants, operations, help desk and deployment staff, and security specialists who develop, deploy, and secure server systems running Windows Server 2020 in an enterprise anization: ?? MCSE on Microsoft Windows Server 2020 or a later certification and tw