Windows NT Server has powerful security features that protect server files against external attack. However, before setting up Internet Information Server, the Windows NT Server administrator should take these security steps:
Disable floppy disk booting.
Stipulate that users cannot share logons and passwords.
Follow proper password creation guidelines.
Rename the Administrator account and use the account lockout feature.
Keep the Guest account disabled.
Review user permission levels.
Implement a logon screen with a notice prohibiting unauthorized access and use.
You always need to explain to your users that they have security responsibilities. Users must have passwords and renew them at a set interval. You must make it known that users are not permitted to share user IDs and passwords. At the same time, you must also state that your network is meant for your company to conduct its business, and that any other use of its software and hardware is discouraged. Users should then acknowledge their responsibilities, either in a written or an electronic form. By doing this, you clearly demonstrate that your company is protecting its information assets. This acknowledgment helps you protect your company's right to legal recourse against anyone who causes malicious damage to its data resources. Legal notices on logon screens are a way that you can gain this important acknowledgment from external users. You should also post legal notices for Internet users on your Web page.
For more information on displaying legal notices for a user of Windows NT, see the section "Displaying a Legal Notice Before Logon" in Chapter 6, "Windows NT Security," in the Windows NT Workstation Resource Kit: Windows NT Workstation Resource Guide.