Windows Tip Sheet

Lock Down Your Server

Back in your ports, you services!

Whenever I go to a new client, security is almost always a part of the job, and server lockdown is almost always part of the plan. I’ve written before on some of the ports and services required to operate Windows servers in various roles (like domain controller), and you may be aware that Win2003 SP1 will offer a new security wizard that makes the task even easier. The wizard uses an XML file (provided by Microsoft) which details the various services and ports required for different server roles (DNS server, domain controller, mail server, you name it); tell the wizard what role a server is performing and it locks down anything unnecessary.

Until the happy day when that tool arrives on the scene, however, check out Microsoft Knowledge Base article 832017. It lists each system service, along with every port that service uses and what each port does. For example, you can see that the Local Security Authority (LSASS) uses TCP 3269 and 3268 for Global Catalog queries, TCP and UDP 389 for LDAP queries, and so forth. The list of services is exhaustive, and a description is provided for each service to help you figure out if it’s something you need or not. It even tells you if services are disabled by default, such as the nearly obsolete License Logging Service.

Links are provided to other KB articles covering products like Exchange (various versions), making this document a more comprehensive index of all services your machines might be running.

Cool Gadget
Motorola E1060
The Motorola E1060 packs a 1.3 megapixel VGA camera, Bluetooth and everything else except the kitchen sink.
Okay, this isn’t something you (or I) are likely to rush out and get, but it’s neat: Motorola announced their new E1060 3G cell phone. What’s neat about it? It syncs music files with iTunes and other jukebox software, and supports MPEG4, WMV/WMA and MP3 files. It’s a full-on media phone. Sadly, some airlines still make you turn it off in flight.

More Resources:

About the Author

Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at

comments powered by Disqus
Most   Popular