Microsoft KB Archive/298449

= Security Issue Considerations When You Configure Windows 2000 and Windows NT 4.0 =

Article ID: 298449

Article Last Modified on 9/12/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows NT 4.0

-



This article was previously published under Q298449



SUMMARY
When you configure Windows 2000 and Windows NT 4.0-based computers, there are various security issues to consider. This article describes some of the general issues and the different levels of security that can be applied. This article is informational only and includes few direct recommendations.

Note The information contained in this article represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, the contents of this article should not be interpreted as a commitment on the part of Microsoft. Additionally, Microsoft cannot guarantee the accuracy of this information after the date of publication.



Establish Computer Security
The system security requirements of one computer may differ significantly from another. You must evaluate your particular environment before you implement a security configuration. Careful security consideration is important because when you implement security settings, this may affect system usability. Some programs installed on Windows 2000 and Windows NT 4.0-based systems may require lower security settings to function correctly because of product design issues. Customers are advised to carefully evaluate recommendations in the context of their own system configuration and usage requirements.

Physical Security Considerations
Physical security can include protection against the risk of theft, tampering or environmental damage. Take the precautions that you would with any piece of valuable equipment to protect against casual theft. This may include locking the room where the computer is stored when nobody is present, or using a locked cable to attach the computer to a wall. You may also want to establish procedures for scenarios where a computer is repaired or moved so that the computer or its components cannot be removed from the premises under false pretenses. To protect against power spikes, use a surge protector or power conditioner to protect the computer and its peripherals.

Determine Your Optimal Level of Security
Windows 2000 and Windows NT 4.0 permit you to establish many levels of security that range from little or none to the C2 level of security that many government agencies require. Generally, there are three levels of security: minimal, standard, and high-level C2. These levels are arbitrary, and you will probably want to blend characteristics from each level to customize your own level of security.

When you determine the optimal security level to implement in your environment, consider that some of the restrictions that you set (concerning access to computer resources) may actually make it more difficult for people to perform their work. If security is too restrictive, users will try to circumvent security to perform their work. For example, if you set the password policy so that passwords are difficult to remember, users will write them down. If you restrict file and folder permissions, some users may be blocked from files that they want to use, and therefore their colleagues may share their own passwords to work around these perceived obstacles.

The first step to establish optimal security involves an accurate assessment of your requirements. After you do this, select the elements of security that you want, and then implement them.

Minimal Security Considerations
For minimal security, none of the Windows 2000 or Windows NT 4.0 security features are used. You can even permit automatic log on to the administrator account (or any other user account). This permits anyone with physical access to the computer to turn it on and immediately gain full access to the computer's resources. For additional information about how to configure automatic logon of a Windows account, click the following article number to view the article in the Microsoft Knowledge Base:

310584 HOW TO: Enable Automatic Logon in Windows

By default, access to certain operating system files is limited. For minimal security, you must grant the Everyone group full access to all files. Microsoft recommends that you still take precautions against viruses because they can disable program functionality. Viruses can also use the minimally secure computer as a means to infect other computer systems.

Standard Security Considerations
Apply standard security when computers are used to store sensitive or valuable data. Microsoft also recommends that you implement security measures when you want to protect your computer against accidental or deliberate changes to the system configuration. Generally, users can perform their work with minimal barriers to the resources that they require on a computer using standard security. Standard security permits users to access required programs and files but permits the administrator to restrict user access to other users' files. Standard security also restricts the user's ability to make changes to the computer's hardware and software configuration.

Additionally, standard security may include the display of a legal notice before a user logs on. You can configure Windows 2000 and Windows NT to display a message box with the caption and text of your choice before a user logs on. Many organizations use this message box to warn potential users that they can be held legally liable if they try to use the computer without proper authorization. The absence of such a notice may be seen as an invitation to enter and browse the system. The logon notice can also be used in certain situations (such as an information kiosk) where users may require instructions about how to enter a user name and password for the appropriate account.

For additional information about how to display a warning message before log on, click the following article number to view the article in the Microsoft Knowledge Base:

101063 How to Enable a Warning Message During Windows Logon Welcome

Also make sure that your users understand their role in maintaining security. Educate them about how important it is to log off at the end of the work day, and to memorize (instead of writing down) their passwords.

Finally, monitor your system and make adjustments as required.

High-Level Security Considerations (C2)
C2 refers to a set of security policies that define how a secure system operates. The security policy in C2 is known as Discretionary Access Control (DAC). On Windows 2000 and Windows NT-based systems, this means that users of the system:
 * Own objects.
 * Have control over the protection of the objects that they own.
 * Are accountable for all their access-related actions.

C2 classification does not define a substantive security system in the sense of classified or unclassified data. For example, in Windows 2000 and Windows NT, every object (for example, file, Clipboard, or window) has an owner, and any owner can grant or not grant other users access to these objects. The system tracks (audits) user actions for the administrators (that is, the system administrator can track the objects a user accesses -- both successes and failures). In a C2 (DAC) system, owners have absolute discretion about whether others gain access to their objects.

