High Security W2k setup

[Pluto]

Hi,
i´m looking for site that tells how to build a high secure windows 2000
setup for one pc.

im not confident to my yet my setup what im have now.
1. install os
2. get updates from ms.update
3. check with mbsa tool
4. change default admininistrator name and disable it,
create new admin login
5. run pc foo login that has only minmal restricted user rights else that
needs to run, run under admin run as prompt login screen (games etc)
6. use and run firewall
7. use and run virus protect
8. turn on auditing
9. use long passwords 8 or more...
10. be paranoid while sitting behind screen ....

anything else that i have missed or forgot?
is it still possible to hack in thru email[www or etc] script
and take over pc ?

Pluto

 

[Steven L Umbach]

Well it kind of depends what you need it for and how you want to tilt
functionality versus security. You may also want to consider using passprop
to allow admin account to be locked out to network logon, enable account
lockout with a threshold of no less than ten, disable storing of lm hashes
for passwords, disable file and print sharing if it is not needed -
especially on external adapter, secure ntfs permissions on drive/root folder
for users and everyone, disable posix, harden Internet Explorer settings to
the same as Windows 2003 Server, also consider tcp/ip and/or ipsec
filtering, and insure physical security to prevent console access to
unathorized users for starts. The links below may also be of help. ---
Steve

http://www.microsoft.com/technet/security/prodtech/win2000/win2khg/default.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;815141
http://labmice.techtarget.com/articles/securingwin2000.htm -- you may not
want to do everything here, but some good tips