Common Criteria Supplemental Admin Guidance © 2011 Microsoft
Microsoft Windows
Common Criteria Evaluation
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Document Information
|
|
Version Number
|
0.5
|
Updated On
|
Friday, January 7, 2011
|
|
|
This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs-NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.
© 2011 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Visual Basic, Visual Studio, Windows, the Windows logo, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Table of Contents
1Overview 5
1.1Who Should Read This Guide 5
1.1.1Skills and Readiness 6
1.2Section Summaries 6
1.2.1Overview 7
1.2.2Section 1: Introduction 7
1.2.3Section 2: Specifications and References for a CC-evaluated System 7
1.2.4Section 3: Security Policy Assumptions and Conditions 7
1.2.5Section 4: Configuring Elevated Security Functionality 7
1.3Style Conventions 7
1.4More Information 8
1.5Support and Feedback 8
2Introduction 9
2.1What is Common Criteria? 9
2.2What is a CC compliant System? 10
2.3What This Guide Describes 10
2.4Configuration Roadmap 10
3Specification and References for a CC-evaluated System 11
3.1About the Evaluated Version of Windows 7 and Server 2008 R2 12
3.1.1Detailed Hardware Requirements 13
3.1.1.1Memory 13
3.1.1.2Processors 13
3.1.2Networking 13
3.1.2.1Storage 13
3.1.2.2Peripheral Hardware Components 14
3.2Evaluated Security Functionality 14
3.2.1Security Features 15
4Security Policy Assumptions and Conditions 28
4.1Security Policy Assumptions 28
4.1.1Assumptions on the System Environment 28
4.2Installation and Configuration Constraints 28
4.2.1Installing the TOE (Windows 7) 28
4.2.2Installing the TOE (Server 2008 R2) 28
4.2.3Verifying the TOE version 29
4.3Modes of Operation 29
5Configuring Elevated Security Functionality 30
5.1Hardening Windows 7 30
5.2Hardening Windows Server 2008 R2 31
5.3Additional Configuration 31
5.4Ongoing Maintenance 33
6Evaluated Windows Tools 33
7Administration Scenarios 47
8Evaluated Configuration and Windows Administration Settings 49
9Appendix: User Privileges and Assignments 53
1Overview
Welcome to the Windows 7, Server 2008 R2 Common Criteria Supplemental Administrator’s Guide. This guide describes how to setup Windows 7 and Windows Server 2008 R2 to meet the same security conditions used by the Common Criteria (CC) evaluation.
Microsoft engineering teams, consultants, support engineers, partners, and customers have reviewed and approved this prescriptive guidance to make it:
-
Proven. Based on field experience.
-
Authoritative. Offers the best advice available.
-
Accurate. Technically validated and tested.
-
Actionable. Provides the steps to success.
-
Relevant. Addresses real-world security concerns.
This guide is a supplement to the Windows 7 Security Baseline and the Windows Server 2008 R2 Security Baseline published by Microsoft. It provides the additional installation, configuration, and security information required to reproduce the security level of a Common Criteria-evaluated system.
Important If configuration recommendations in the general technical documentation or Windows 7, Windows Server 2008 are not consistent with the instructions in the Windows 7, Server 2008 R2 Common Criteria Guide, the information in the Windows 7, Server 2008 R2 Common Criteria Supplemental Administrator’s Guide takes precedence and applies as this was the configuration used during the Common Criteria Evaluation.
Share with your friends: |