FOCUS on Microsoft: Securing NT - Installing and Securing Part 2

FOCUS on Microsoft: Securing NT - Installing and Securing Part 2
SecurityFocus 2001-08-16

Installing and Securing Windows NT 4.0

Getting Started
Installing NT
Installing Service Packs and Hotfixes
Installing Drivers, Applications, and Services
Test the Server
Update Repair Information
Modify ACLs on Files and Directories

Create and Modify Registry Keys
Modify Registry Key ACLs
Enable Auditing
Set Account Policies
User Rights
Password Selection and Management

CAUTION: The information contained below is aimed towards securing the NT Operating System. This information represents a "high security" posture and may break or disrupt performance on your own machine. The suggestions listed on this page may not be suitable for your environment. Test all changes on a non-production host before applying them to your production machine. Security-Focus is not responsible for any damage that may result from applying these suggestions.

Getting Started

1	Download and read Microsoft's document Securing Windows NT Installation This is a self extracting Word document (75k). Though slightly outdated, Microsoft's document contains a wealth of background information on NT's security features. All of the technical data in this paper, plus updated information, will be discussed in the sections below.
2	Will this host be an IIS Server? See Securing IIS

Installing NT

3	Install NT from original installation media (via CD or network share)
4	Install Operating System on NTFS partition Installing the OS on an NTFS permission will allow us to further secure critical files and directories using Access Control Lists (ACLs). NT can be installed on a FAT partition and this partition can later be "converted" to NTFS, however, the default ACLs are not applied during the conversion process. If this is the case, the scripts discussed below can assist in setting proper file and directory permissions.
5	DO NOT set a password for the administrator account during installation This will be set later
6	DO NOT install IIS 2.0
7	Install necessary protocols If you don't need NetBEUI or IPS/SPX, don't install them.
8	Configure network cards and video adapters as needed (many video drivers must be installed after updating the system with Service Pack 3 or above.)
9	Unbind NetBios from TCP/IP If this server is directly connected to an outside network, disable the TCPIP <-> NETBIOS binding on the outbound NIC, unless it is required for your environment

<< PREVIOUS INDEX NEXT >>

Download Links

Securing Windows NT Installation
Self Extracting Word Document (75k)
Microsoft

SecurityFocus Shell Script for Securing NT
by Security Focus

Microsoft Security Advisories
Microsoft

SecurityFocus accepts Infocus article submissions from members of the security community. Articles are published based on outstanding merit and level of technical detail. Full submission guidelines can be found at http://www.securityfocus.com/static/submissions.html.