The Systems Administration Guidance for Windows 2000 Professional publication is intended to assist the users and system administrators of Windows 2000 Professional systems in configuring their hosts by providing configuration templates and security checklists. The guide provides detailed information about the security features of Win2K Pro, security configuration guidelines for popular applications, and security configuration guidelines for the Win2K Pro operating system. The guide documents the methods that the system administrators can use to implement each security setting. The principal goal of the document is to recommend and explain tested secure settings for Win2K Pro workstations with the objective of simplifying the administrative burden of improving the security of Win2K Pro systems.
This guidance document also includes recommendations for testing and configuring common Windows applications. The application types include electronic mail (e-mail) clients, Web browsers, productivity applications, and antivirus scanners. This list is not intended to be a complete list of applications to install on Windows 2000 Professional, nor does it imply NISTs endorsement of particular commercial off-the-shelf (COTS) products. Many of the configuration recommendations for the tested Windows applications focus on deterring viruses, worms, Trojan horses, and other types of malicious code. The guide presents recommendations to protect the Windows 2000 Professional system from malicious code when the tested applications are being used.
- Client Desktop and Mobile Host
Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. These recommendations should be applied only to the Windows 2000 Systems and will not work on Windows 9X/ME, Windows NT, Windows XP, Windows Server 2000 or Windows Server 2003. The security templates have been tested on 2000 Professional systems and will not work on Windows 9X/ME, Windows NT, Windows XP, Windows Server 2000 or Windows Server 2003. The security templates should not be used by home users and should be used with caution since it will restrict the functionality and reduce the usability of the system.
This checklist has been created for IT professionals, particularly Windows 2000 system administrators and information security personnel. The document assumes that the reader has experience installing and administering Windows-based systems in domain or standalone configurations.
- Specialized Security-Limited Functionality (SSLF)
The security templates have been tested on Windows 2000 Professional systems and will not work on Windows 9X/ME, Windows NT, Windows XP, Windows Server 2000 or Windows Server 2003. The recommended settings have been tested with the suite of applications described in section 10 of the NIST SP 800-43.
Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guarantees, expressed or implied, about its quality, reliability, or any other characteristic. NIST would appreciate acknowledgement if the document and template are used.
Microsoft will provide best efforts support, in line with the customerÃ???Ã??Ã?Â¢??s support contract, to assist in removing the worst results of such file and registry permissions, but Microsoft can only guarantee returning to the recommended out-of-the-box settings by reformatting and reinstalling the operating system.
This document was developed at the National Institute of Standards and Technology, which collaborated with NSA, DISA, CIS, and Microsoft to produce the Windows XP security templates. Pursuant to title 17 Section 105 of the United States Code this document and template are not subject to copyright protection and is in the public domain.
Security Templates (.inf files)
2002-11-19 - Release Version R1.2.3.
2002-01-28 - Draft Release Systems Administration
Guidance for Windows 2000 Professional document
2002-11-19 - Final version.
2002-01-28 - Draft version.
NIST checklist record last modified on 09/12/2014