Re: High Security W2k setup

• Previous message: Pluto: "High Security W2k setup"
• In reply to: Pluto: "High Security W2k setup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 28 May 2004 05:25:07 -0500

Well it kind of depends what you need it for and how you want to tilt
functionality versus security. You may also want to consider using passprop
to allow admin account to be locked out to network logon, enable account
lockout with a threshold of no less than ten, disable storing of lm hashes
for passwords, disable file and print sharing if it is not needed -
especially on external adapter, secure ntfs permissions on drive/root folder
for users and everyone, disable posix, harden Internet Explorer settings to
the same as Windows 2003 Server, also consider tcp/ip and/or ipsec
filtering, and insure physical security to prevent console access to
unathorized users for starts. The links below may also be of help. ---
Steve

http://www.microsoft.com/technet/security/prodtech/win2000/win2khg/default.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;815141
http://labmice.techtarget.com/articles/securingwin2000.htm -- you may not
want to do everything here, but some good tips

"Pluto" <noemail@email.fi> wrote in message
news:u4Etc.129$wU2.78@read3.inet.fi...
> Hi,
> i´m looking for site that tells how to build a high secure windows 2000
> setup for one pc.
>
> im not confident to my yet my setup what im have now.
> 1. install os
> 2. get updates from ms.update
> 3. check with mbsa tool
> 4. change default admininistrator name and disable it,
> create new admin login
> 5. run pc foo login that has only minmal restricted user rights else that
> needs to run, run under admin run as prompt login screen (games etc)
> 6. use and run firewall
> 7. use and run virus protect
> 8. turn on auditing
> 9. use long passwords 8 or more...
> 10. be paranoid while sitting behind screen ....
>
> anything else that i have missed or forgot?
> is it still possible to hack in thru email[www or etc] script
> and take over pc ?
>
> Pluto
>
>
>
>

• Previous message: Pluto: "High Security W2k setup"
• In reply to: Pluto: "High Security W2k setup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Help;using apps across user accounts? ... i have recently dont some work on stepping up my XP pro security. ... not all the software which was installed in my admin account is ... settings,next time i login i have to set it up again,it doesnt seem to ... (microsoft.public.windowsxp.help_and_support) RE: Logon as different user, without needing a password? ... It's not recommended to login as a particular user due to the security ... As a professional admin, you must alwasys keep security in mind. ... The purpose of RunAs command is to give you a chance to run command with ... (microsoft.public.windowsxp.security_admin) Re: User Permissions ... I hope that you have followed the necessary steps to secure your database. ... You don't just go into the security menu and start adding users/groups. ... You need to set a password for the Admin user to get the login back. ... (microsoft.public.access.security) Re: hacking into my computer at work ... My question is in regards to a fellow employee at work, ... As long as they have physical access to your computer and use an admin ... Turn on auditing of login events to see when it is happening. ... You not going through the security admins provided by the ... (microsoft.public.security) User.IsInRole ... I have the following setup: ... -IIS Security = NT Authentication ... I am an admin on the machine. ... (microsoft.public.dotnet.framework.aspnet.security)