previous  next  Title  Contents  Index     Previous Next Top  


Securing Windows NT: Part 1


Win2k

This document doesn't yet cover Windows 2000, which is very similar to NT. The principles are the same (stop all unneeded sevrices, use good passwords etc.). A draft page on Win2k issues has been started: sp/win2k.html.


Automatic screen locking with password protection should enabled after (say) 5 minutes (Control Panel --> Desktop). 

Several utilities allow remote configuration of a system: Registry editor, User manager, server manager, Event Viewer etc. There doesn't seem to be anyway to prevent remote access, except by removing the users access rights in the domain, or disable the "Access this computer from the network" right for all users.
If you don't trust your domain admins, then don't log into the domain, just log on locally and authenticate for individual resources, otherwise the Domain Admins will be added to the Local Admin group and hence have full access. One reason to log onto the domain is to change passwords, this can now be done without logging onto the domain, thanks to a tool from Alexander Frink wwwthep.physik.uni-mainz.de/~frink/nt.html.

If NFS is used, ensure that the pcnfsd has been securely installed on the server (UNIX) side. See the "Securing UNIX" chapter.  Don't rely on NFS for high security.