Review the security measures described in this section when configuring single computers running Windows NT Workstation.
Review the User Rights policies in User Manager. You should remove the following groups from each user right. By default, the group Everyone is granted access to your computer from the network and the group Guests is permitted to log on locally. You should remove these default settings.
User Right | Remove Group | |
| ||
Access this computer from the network | Everyone | |
Log on locally | Guests | |
Disable any services not absolutely necessary on your computer by clearing them in the Services option in Control Panel. Specifically, you should disable the Server service; this prevents any access to your computer through this service.
The FTP Server service included with Windows NT versions 3.1 through 3.51 should also be disabled or configured to ensure adequate security.
You should review all other network services that you use, and remove or disable unused network services. The fewer services you run on your system, the less likely it is that a mistake in administration can occur and be exploited.
You should remove all unnecessary user accounts. You should also remove any unnecessary accounts from the Administrator group. By limiting user accounts and the members of the Administrator group, you limit the number of users who might choose passwords that could expose your system.
Also, the password for the Administrator account should always be difficult to duplicate and should never be left empty.
Check the properties of shared directories available on your computer. Shared resources on your computer might be available to other remote computers, depending on your Internet service provider. Disable sharing or change the sharing properties of any resources you do not want remote computers to use. In the Shared Directory Properties dialog box, select the Not Shared check box to disable sharing of a resource, as shown in Figure 35.1.
Figure 35.1 The Shared Directory Properties dialog box