RE: Lock down Win2K Box on a LAN?

From: Tom Che [MSFT] (v-tomche_at_online.microsoft.com)
Date: 07/11/05

  • Next message: Steve Duff [MVP]: "Re: [FATAL] Kerberos does not have a ticket for "SERVER"$ Error -" 
    Date: Mon, 11 Jul 2005 01:54:28 GMT

    Hi Geoff,

    Thank you for posting here!

    I notice that you have posted the same question in our
    microsoft.public.win2000.networking newsgroup, to which I have already
    responded. Please check my answer there, and if you need any further
    assistance on this particular issue please reply to me in that thread so I
    can follow up with you. In the future, please don't cross-post the same
    question in multiple newsgroups. This will help our engineers work on your
    question more efficiently. Your understanding and cooperation is
    appreciated.

    For your convenience, I have included my reply as follows:

    ------------------
    Hi Geoff,

    Thanks for posting here. Also thanks for all guys' wonderful replies.

    Geoff, from your post, my understanding of this issue is: You want to know
    how to lock down a computer in a LAN, and it needs to be on the LAN to
    connect to the Internet, but it doesn't access any network resources and it
    doesn't provide any. If this is not correct, please feel free to let me
    know.

    If all you need is just you mentioned, I think both your approach (disable
    Server service) and unbinding 'File and Printer Sharing' as Dave mentioned
    are simple and acceptable ideas. Of course, other guys' suggestions may
    make this machine safer. However, I would remind you to avoid the security
    risk from Internet. A set of effective and strong Firewall software or
    settings on the server side or the client side may be helpful.

    Hope this helps!
    ------------------

    Thank you and have a nice day!

    Sincerely,
    Tom Che
    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    >From: "Geoff Glave" <nospam@nospam.com>
    >Newsgroups:
    microsoft.public.win2000.general,microsoft.public.win2000.networking,microso
    ft.public.win2000.security
    >Subject: Lock down Win2K Box on a LAN?
    >Lines: 22
    >X-Priority: 3
    >X-MSMail-Priority: Normal
    >X-Newsreader: Microsoft Outlook Express 6.00.2800.1506
    >X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
    >Message-ID: <L9Zze.144358$on1.16483@clgrps13>
    >Date: Sat, 09 Jul 2005 23:34:03 GMT
    >NNTP-Posting-Host: 206.116.210.17
    >X-Trace: clgrps13 1120952043 206.116.210.17 (Sat, 09 Jul 2005 17:34:03 MDT)
    >NNTP-Posting-Date: Sat, 09 Jul 2005 17:34:03 MDT
    >Path:
    TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
    ne.de!border2.nntp.dca.giganews.com!nntp.giganews.com!atl-c02.usenetserver.c
    om!newsfeed.telusplanet.net!newsfeed.telus.net!clgrps13.POSTED!53ab2750!not-
    for-mail
    >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.networking:25363
    microsoft.public.win2000.security:14428
    microsoft.public.win2000.general:58593
    >X-Tomcat-NG: microsoft.public.win2000.security
    >
    >Hi Everyone,
    >
    >I'd like to lock down a Windows 2000 Pro box on a LAN. It needs to be on
    >the LAN to connect to the Internet, but that's it - It doesn't access any
    >network resources and it doesn't provide any.
    >
    >I'd like no one else on the LAN to be able to connect to it, or ideally
    even
    >see it.
    >
    >It strikes me that a simple way to do this would be to disable the SERVER
    >service. Is this a good approach? Are there any other services I could /
    >should disable? Or is my approach a bad one. The computer itself is
    >physically secure in a locked office.
    >
    >Thanks in advance.
    >
    >Cheers,
    >Geoff Glave
    >geoff at glave dot org
    >Vancouver, Canada
    >
    >
    >

  • Next message: Steve Duff [MVP]: "Re: [FATAL] Kerberos does not have a ticket for "SERVER"$ Error -"

    Relevant Pages

    • RE: Can I block user from installing the .NET Framework
      ... microsoft.public.win2000.group_policy newsgroup, to which my colleague ... Microsoft Online Partner Support ... When responding to posts, please "Reply to Group" via your newsreader so ... This posting is provided "AS IS" with no warranties, ...
      (microsoft.public.windows.group_policy)
    • RE: Object crypt32LogoffEvent, EventID 560
      ... microsoft.public.win2000.general newsgroup, ... When responding to posts, please "Reply to Group" via your newsreader so ... This posting is provided "AS IS" with no warranties, ... >Thread-Topic: Object crypt32LogoffEvent, EventID 560 ...
      (microsoft.public.windowsxp.help_and_support)
    • RE: SBS2003 Rebuild
      ... microsoft.public.backoffice.smallbiz2000 newsgroup, ... When responding to posts, please "Reply to Group" via your newsreader so ... This posting is provided "AS IS" with no warranties, ... >I do not have the SP1 cd which includes ISA 2004. ...
      (microsoft.public.backoffice.smallbiz)
    • Re: atl.dll
      ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... This posting is provided "AS IS" with no warranties, ... When responding to posts, please "Reply to Group" via your newsreader so ...
      (microsoft.public.windows.server.sbs)
    • RE: mirgation?
      ... newsgroup, to which Danny has already responded. ... When responding to posts, please "Reply to Group" via your newsreader so ... This posting is provided "AS IS" with no warranties, ...
      (microsoft.public.windows.server.migration)