The Microsoft Windows 2000 SRR targets conditions that undermine the integrity of security, contribute to inefficient security operations and administration, or may lead to interruption of production operations. Sites are required to secure the Microsoft Windows 2000 operating system in accordance with DOD Directive 8500.1, Section 4.18. The checks in this document were developed from DISA and NSA guidelines. Additionally, the review ensures the site has properly installed and implemented the Windows 2000 operating system and that it is being managed in a way that is secure, efficient, and effective. The items reviewed are based on standards and requirements published by DISA in the Security Handbook and other DoD Policy and regulations.
This document is designed to instruct the reviewer on how to assess both the Professional and Member Server configurations in a mixed Windows NT 4/2000 domain. In addition, the security settings recommended can also be used to configure Group Policy in a Windows 2000 Active Directory environment.
- Desktop and Server Operating System
- The vulnerabilities discussed in Sections 3 and 5 of this document are applicable to all versions of Windows 2000. To reduce the complexity of the manual procedures, however, these sections are designed around the Windows 2000 desktop.
- The Access Control Lists (ACLs) on a system under review may differ from the recommendations specified in Appendix A. If the reviewed ACL is more restrictive, or if an equivalent user group is identified, there is no problem. If a specific application requires less restrictive settings, these must be documented with the site ISSO.
Developed for the DOD.
This document is intended for IAOs, SAs, IAMs, NSOs, and others who are responsible for the configuration, management, or support of information systems. It assumes that the reader has knowledge of the Windows 2000 operating system and is familiar with common computer terminology.
- Specialized Security-Limited Functionality (SSLF)
DOD Directive 8500.
It should be noted that FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers.
Added point of contact
moved to archive status - 4/15/19
NIST checklist record last modified on 04/15/2019