HP StorageWorks X5000 Technical Manual page 80

Nas security: technical guide to nsa, c2, e3-fc2, and cc security compliancy

Hide thumbs Also See for StorageWorks X5000:

Release note (39 pages)

Limited warranty (76 pages)

Support manual (17 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

page of 156

/ 156
Contents
Table of Contents
Bookmarks

Table of Contents

Service Name

Member Server

seclogon

Important: The Secondary Logon system service should be set to Automatic on HP NAS server systems

having 3

party applications that execute functions using a secondary user or group account.

The Secondary Logon system service allows the user to create processes in the context of different

security principals. Restricted users commonly use this service to log on as a user with elevated

privileges for temporarily running administrative programs. This service enables users to start

processes under alternate credentials. These features are not required in the baseline server

environment. While this service is beneficial on client computers, it is not appropriate on most servers

because users logging onto them interactively will be members of the IT team performing some sort of

maintenance tasks that typically require administrative privileges. Therefore, this service is configured

to Disabled in the three environments defined in this guide.

Service

Member Server

Name

Default

SamSs

Automatic

The Security Accounts Manager (SAM) system service is a protected subsystem that manages user and

group account information. In Windows 2000 and the Windows Server 2003 family, the SAM in the

local computer registry stores workstation security accounts and domain controller accounts are stored

in Active Directory. This service should not be disabled.

Service

Member Server

Name

Default

lanmanserver

Automatic

The Server system service provides RPC support, file, print, and named pipe sharing over the network.

For these reasons, it is recommended to set the value for this service to Automatic in the three

environments defined in this guide.

Service Name

Member Server

ShellHWDetection

Automatic

The Shell Hardware Detection system service monitors and provides notification for AutoPlay

hardware events. This service is not a requirement for the baseline server policy. Therefore, this

service is configured to Disabled in the three environments defined in this guide.

Secondary Logon

Legacy Client

Default

Automatic

Disabled

Security Accounts Manager

Legacy Client

Automatic

Server

Legacy Client

Automatic

Shell Hardware Detection

Legacy Client

Default

Disabled

Enterprise Client

High Security Client

Disabled

Enterprise Client

High Security Client

Automatic

Enterprise Client

High Security Client

Automatic

Enterprise Client

High Security Client

Disabled

Automatic

Table of Contents

This manual is also suitable for:

Nsa security compliancy C2 security compliancy E3-fc2 security compliancy Cc security compliancy

HP StorageWorks X5000 Technical Manual page 80

Related Manuals for HP StorageWorks X5000

Related Products for HP StorageWorks X5000

This manual is also suitable for:

Table of Contents