This week we continued our break from GPOs by following up on the research into SCCM. We’ve decided to postpone implementation of SCCM for the time being. During our research we watched a few videos on the implementation of SCCM and found some trial versions available from Microsoft for the 2016 version. While implementation doesn’t appear to be prohibitively difficult, we will revisit implementation of SCCM later on in the project if time allows.
The main focus of this week was the process of server hardening via disabling of un-needed services. Proper practice when running a server involves shutting down any Windows services that you do not need.
Services we shut down on Cumulus
- Windows audio
- Windows Font Cache
- Themes
- Remote Registry services
- We determined that in our fictional organiation, remote configuration of registry is a bigger security risk than it’s worth.
- Portable devices enumerator
- All Smart card services
- Our fictional organization does not utilize smart cards for authentication.