Windows NT has features designed to make it easy to give permissions to some groups of users while denying those permissions to others. These features are discussed in detail in the documentation for Windows NT Workstation or Windows NT Server, and elsewhere in the Windows NT Resource Kit. You'll need to become familiar with this information in order to plan and implement the security configuration of your choice.
The following table lists documents that are referred to in this discussion of computer security.
For information on | See | ||
audit policy | "User Manager" chapter in the Windows NT Workstation or Windows NT Server System Guide. | ||
auditing | "User Manager" chapter of the Windows NT Workstation or Windows NT Server System Guide; "Event Viewer" chapter of the Windows NT Workstation or Windows NT Server System Guide; "Auditing Security Events" in Chapter 2, "Windows NT Security Model," of the Windows NT Resource Guide. | ||
automatic logon | Chapter 12, "Configuration Management and the Registry," of the Windows NT Resource Guide. | ||
Backup utility | "Backup" chapter of the Windows NT Workstation or Windows NT Server System Guide. | ||
file and directory protections | "File Manager" chapter of the Windows NT Workstation or Windows NT Server System Guide. | ||
file protection inheritance | Chapter 2, "Windows NT Security Model," in the Windows NT Resource Guide. | ||
Guest account | "User Manager" chapter of the Windows NT Workstation or Windows NT Server System Guide. | ||
Internet security issues | Chapter 20, "Using Windows NT on the Internet," in the Windows NT Networking Guide (part of the Windows NT Resource Kit for Windows NT version 3.5). | ||
password enforcement options | "User Manager" chapter in the Windows NT Workstation or Windows NT Server System Guide. | ||
Performance Monitor | "Performance Monitor" chapter in the Windows NT Server System Guide; Optimizing Windows NT, in the Windows NT Resource Kit. | ||
printer access settings | "Print Manager" chapter of the Windows NT Workstation or Windows NT Server System Guide. | ||
programming calls that affect security settings | Appendix D, "Security In a Software Development Environment," of this Windows NT Update 1 book . | ||
Registry and the Registry Editor; protecting keys in the Registry | Part IV, "Windows NT Registry," of the Windows NT Resource Guide. | ||
screen savers and how to set (including lock) them | "Control Panel" chapter of the Windows NT Workstation or Windows NT Server System Guide. | ||
security log | "Event Viewer" chapter of the Windows NT Workstation or Windows NT Server System Guide;. Chapter 2, "Windows NT Security Model," of the Windows NT Resource Guide; Appendix D, "Security In a Software Development Environment," of this Windows NT Update 1 book. | ||
user accounts | "User Manager" chapter in the Windows NT Workstation or Windows NT Server System Guide. | ||
User Manager features | "User Manager" chapter of the Windows NT Workstation or Windows NT Server System Guide. | ||
The key to Windows NT security is the user accounts. You can create as many accounts as are needed, and you can include any user account in as many groups of accounts as are appropriate. You can then permit or limit access to any computer resource to individual accounts or to groups. User accounts are discussed in detail in the "User Manager" chapter in the Windows NT Workstation or Windows NT Server System Guide.
In the "User Manager" chapter in the Windows NT Workstation or Windows NT Server System Guide you'll also find a description of the password enforcement options, such as minimum password length, minimum and maximum password age, password "uniqueness" (how often a password can be reused), and controls over whether a user can — or must — change his or her password.
A range of file protections can be set on a per-file or per-directory basis. The protections can be on a per-user or per-group basis. This feature is described in the "Securing Directories and Files" section of the "File Manager" chapter of the Windows NT Workstation or Windows NT Server System Guide and in Chapter 2, "Windows NT Security Model," in the Windows NT Resource Guide. Note particularly the section on "Access Control Inheritance" in Chapter 2 of the Windows NT Resource Guide. Specific files to protect are discussed later in this manual, in the section "Protecting Files and Directories" under "High-Level Security."
Since the Registry is the repository of all system configuration information, it is important to protect it from unauthorized changes. At the same time, individuals and programs that need to access or alter information in the Registry must be allowed to do so. Part IV, "Windows NT Registry," of the Windows NT Resource Guide discusses the Registry and the Registry Editor, including information on protecting keys in the Registry. Specific keys to protect are discussed later in this manual, in the "Protecting the Registry" sections under "Standard Security" and "High-Level Security."
You can prevent specific users from printing to a system printer for all or part of the day. This feature is described in the "Print Manager" chapter of the Windows NT Workstation or Windows NT Server System Guide.
Auditing is built into Windows NT. This allows you to track which user account was used to attempt what kind of access to files or other objects. Auditing also can be used to track logon attempts, system shutdowns or restarts, and similar events. Auditing is described in the "Event Viewer" chapter of the Windows NT Workstation or Windows NT Server System Guide and in Chapter 2, "Windows NT Security Model," in the Windows NT Resource Guide.