Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.

Windows NT automatically logs in an administrator upon rebooting.

A system-critical Windows NT file or directory has inappropriate permissions.

Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.

A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.

A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.

A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.

The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.

The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.

There is a one-way or two-way trust relationship between Windows NT domains.

A Windows NT file system is not NTFS.

A system-critical Windows NT registry key has inappropriate permissions.

An event log in Windows NT has inappropriate access permissions.

The Logon box of a Windows NT system displays the name of the last user who logged in.

The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.

A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive.

A Windows NT log file has an inappropriate maximum size or retention period.

A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire.

In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc.

A system-critical Windows NT registry key has an inappropriate value.