Audit Policy Settings; User Rights Assignments - HP StorageWorks X5000 Technical Manual

Nas security: technical guide to nsa, c2, e3-fc2, and cc security compliancy

Hide thumbs Also See for StorageWorks X5000:

Release note (39 pages)

Limited warranty (76 pages)

Support manual (17 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

page of 156

/ 156
Contents
Table of Contents
Bookmarks

Table of Contents

2.9.1

Audit Policy Settings

The Audit Policy settings for file servers in the three environments defined in this guide are configured

via the MSBP. For more information on the MSBP, see section 2.8. The MSBP settings ensure that all

the relevant security audit information is logged on all file servers.

2.9.2

2.9.2 User Rights Assignments

Most User Rights Assignments for file servers in the three environments defined in this guide are

configured via the MSBP. For more information on the MSBP, see section 2.8. Differences between

the MSBP and the Incremental file server Group Policy are described in the following section.

Member Server Default

SUPPORT_388945a0

Important: For all HP NAS server systems, administrators should only deny the Support_388945a0

account within multi-protocol environments involving NFS, AFTP, NCP, HTTP, or FTP.

Note: ANONOYMOUS LOGON, Built-in Administrator, Support_388945a0, Guest, and all NON-

operating system service accounts are not included in the security template. These accounts and

groups have unique security identifiers (SIDs) for each domain on the network. Therefore, they must be

added manually.

The Deny access to this computer from the network setting determines which users are prevented from

accessing a computer over the network. This setting will deny a number of network protocols,

including server message block (SMB)-based protocols, network basic input/output system (NetBIOS),

Common Internet File System (CIFS), Hypertext Transfer Protocol (HTTP), and Component Object

Model Plus (COM+). This setting overrides the Access this computer from the network setting when a

user account is subject to both policies. Configuring this user right for other groups could limit the

ability of users to perform delegated administrative tasks on the network. In section 2.8, this guide

recommends including the Guests group in the list of users and groups assigned this right to provide

the highest level of security possible. Nevertheless, the IUSR account used for anonymous access to IIS

is by default a member of the Guests group. This guide recommends removing the Guests group from

the Incremental IIS Group Policy to ensure anonymous access to IIS servers can be configured when

necessary. For these reasons, the Deny access to this computer from the network setting is configured

to include ANONOYMOUS LOGON; Built-in Administrator; Support_388945a0; Guest; all NON-

Operating System service accounts for IIS servers in all three environments defined in this guide.

Deny access to this computer from the network

Legacy Client

ANONOYMOUS

LOGON; Built-in

Administrator, Guest;

Support_388945a0; all

NONOperating System

service accounts

112

Enterprise Client

ANONOYMOUS

LOGON; Built-in

Administrator, Guest;

Support_388945a0; all

NONOperating System

service accounts

High Security Client

ANONOYMOUS

LOGON; Built-in

Administrator, Guest;

Support_388945a0; all

NONOperating System

service accounts

Table of Contents

This manual is also suitable for:

Nsa security compliancy C2 security compliancy E3-fc2 security compliancy Cc security compliancy

Audit Policy Settings; User Rights Assignments - HP StorageWorks X5000 Technical Manual

Audit Policy Settings

2.9.2 User Rights Assignments

Related Manuals for HP StorageWorks X5000

Related Content for HP StorageWorks X5000

This manual is also suitable for:

Table of Contents