Re: Lock down Win2K Box on a LAN?

From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: 07/11/05

• Next message: Karl Levinson, mvp: "Re: Email administrator when error occurs in event viewer"
• Previous message: NickN: "Re: [FATAL] Kerberos does not have a ticket for "SERVER"$ Error -"
• In reply to: Geoff Glave: "Lock down Win2K Box on a LAN?"
• Next in thread: Tom Che [MSFT]: "RE: Lock down Win2K Box on a LAN?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 10 Jul 2005 18:13:02 -0400

That's one possible step, but there are a lot of other steps I would
recommend as well. See the hardening checklists and Security Guides for
Windows 2000 Server at

www.microsoft.com/technet/security and
www.nsa.gov/snac

Note that disabling the server service would probably prevent you from
accessing Windows file shares like \\servername\c$ from other computers on
your network for administrative purposes, and may have other effects as well
If that's a problem for you, it's probably as effective to leave the Server
service running but use a firewall, IPSec or some other form of TCP/IP
filtering to control what IP addresses can connect to the Netbios ports on
your server.

"Geoff Glave" <nospam@nospam.com> wrote in message
news:L9Zze.144358$on1.16483@clgrps13...
> Hi Everyone,
>
> I'd like to lock down a Windows 2000 Pro box on a LAN. It needs to be on
> the LAN to connect to the Internet, but that's it - It doesn't access any
> network resources and it doesn't provide any.
>
> I'd like no one else on the LAN to be able to connect to it, or ideally
even
> see it.
>
> It strikes me that a simple way to do this would be to disable the SERVER
> service. Is this a good approach? Are there any other services I could /
> should disable? Or is my approach a bad one. The computer itself is
> physically secure in a locked office.
>
> Thanks in advance.
>
> Cheers,
> Geoff Glave
> geoff at glave dot org
> Vancouver, Canada
>
>

• Next message: Karl Levinson, mvp: "Re: Email administrator when error occurs in event viewer"
• Previous message: NickN: "Re: [FATAL] Kerberos does not have a ticket for "SERVER"$ Error -"
• In reply to: Geoff Glave: "Lock down Win2K Box on a LAN?"
• Next in thread: Tom Che [MSFT]: "RE: Lock down Win2K Box on a LAN?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Alternatives to using a Personal Firewall ... In the past I've tried disabling ... Windows Media Player, Windows Genuine Advantage Notification (every time ... When malware is already run, ... If running TCP/IP on Your LAN, ... (comp.security.firewalls) Re: warum PnP Dienst =?ISO-8859-15?Q?=FCber?= Netzwerk? ... >> Ich habe noch keinen Dienstleister gefunden, der ein sicheres LAN durch ... >> Windows Terminal-Server, z.B. in ein eigenes Netz und ein OpenVPN Server ... > Windows Remote Desktop Protocol Denial of Service Vulnerability ... (microsoft.public.de.german.win2000.networking) Re: GPO error no appropriate rights ... > message when you try to edit a GPO while logged on as the system admin. ... Install the Windows Small Business Server 2003 Update for Windows XP ... > from disabling the ISA Firewall client. ... (microsoft.public.windows.server.sbs) Re: failed admin pak installation - w2k3 ... Please try disabling WFP on a production machine, ... Microsoft MVP: Windows Server ... I can install this admin pak in my test environment w/o any issue. ... (microsoft.public.windows.server.setup) Re: REQ: Help Setting Up A Workgroup ... There four machines presantly on the lan (WinBlowz Work Group and All ... Recognized In Windows) ... (Workstation even though I Do plan on using is as a server in SuSE 10.1) ... apache though I do want to get apache running on machine 1 in SuSe 10.1 as ... (alt.os.linux.suse)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint