Guide to Securing Microsoft Windows NT Networks v4.2

v4.2

Final

Not available.

2001-09-18

Operating System

Microsoft Corporation

Microsoft Windows

Windows NT 4.0

Server operating system, desktop operating system

The purpose of this document is to inform the reader about the Windows NT 4.0 security mechanisms that are available and how these security mechanisms can be implemented in a network environment. It is intended to provide a solid security foundation for any Windows NT 4.0 network by providing step-by-step instructions on how to utilize the operating system’s built-in security features, additional add-on service packs and hotfixes to eliminate known security vulnerabilities. While networks will vary in purpose and scope, this document outlines security recommendations and procedures that can be adapted for any Windows NT 4.0 network.

The Guide to Securing Microsoft Windows NT Networks presents detailed information on how to secure a network based Windows NT 4.0 operating system in coordination with Microsoft’s current service pack (SP6a). Specifically, this document addresses the built-in security features and shortfalls of the default Windows NT 4.0 operating system.

This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore, this guide does not address site-specific configuration issues. Care must be taken when implementing this guide to address these issues, such as the use of products like Microsoft Exchange, IIS, and SMS. The security changes described in this document only apply to Microsoft Windows NT 4.0 Service Pack 6a systems and should not be applied to any other Windows NT versions or operating systems.

Microsoft Exchange security is tightly coupled to the operating system. File permissions, registry settings, password usage, user rights and other issues associated with Windows NT security have a direct impact on Exchange security. It is recommended that you implement the recommendations contained in this guide prior to installing Microsoft Exchange Server or the Exchange or Outlook clients.

You can severely impair or disable a Windows NT system with incorrect changes or accidental deletions when using programs (examples: Security Configuration Manager, Regedt32.exe, and Regedit.exe) to change the system configuration. Therefore, it is extremely important to test all settings recommended in this guide before installing them on an operational network.

Developped for the DOD.
Users of this guide should have a working knowledge of Windows NT installation and basic system administration skills.

Enterprise and Specialized Security-Limited Functionality.

Not available.

Currently, no Undo function exists for deletions made within the Windows NT registry. The registry editor (Regedt32.exe or Regedit.exe) prompts you to confirm the deletions if Confirm On Delete is selected from the options menu. When you delete a registry key, the message does not include the name of the key you are deleting. Therefore, check your selection carefully before proceeding with any deletion.

Not available.

Not available.

DOD Directive 8500.

Refer to Known Issues.

Not available.

It should be noted that FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers.

Defense Information Systems Agency

Not available.

Not available.

Not available.

http://iase.disa.mil/stigs/stig/index.html

http://iase.disa.mil/stigs/stig/nsawinnt-stig.zip

SHA1 Digest (nsawinnt-stig.zip) =
1ed44993668e1bdab245970c5863c8eb7aa46af5

SHA256 Digest (nsawinnt-stig.zip) =
f70971ac188bae950820fe9e5c26a446374bc8da
c10dfa61e0a9ebe90b61ea21

v4.2: 2001-09-18

Addendum to the NSA Guide to Securing Windows NT Networks and NSA Guides to Securing Windows 2000, v3r1

Windows NT Security Checklist, v4r1.13

Coopers & Lybrand L.L.P., Microsoft Windows NT Server: Security Features and Future Direction, July 1997.

Dalton, Wayne, et. al., Windows NT Server 4: Security, Troubleshooting and Optimization, Indianapolis, IN: New Riders Publishing, 1996.

Microsoft TechNet, December 1999.

Microsoft’s Web page.  http://www.microsoft.com/

National Computer Security Center, Microsoft Windows NT Version 3.5 Final Evaluation Report, June 1995.

Russel, Charlie and Sharon Crawford, Running Microsoft Windows NT Server 4.0, Redmond, Washington: Microsoft Press, 1997.

Rutstein, Charles B., Windows NT Security: A Practical Guide to Securing Windows NT Servers & Workstations, New York: McGraw-Hill, 1997.

Sheldon, Tom, Windows NT Security Handbook: Everything You Need to Know to Protect Your Network, Berkeley, California: McGraw-Hill, 1997

Stuple, Stuart J., ed., Microsoft Windows NT Workstation Resource Kit: Comprehensive Resource Guide and Utilities for Windows NT Workstation Version 4.0, Redmond, Washington: Microsoft Press, 1996.

Stuple, Stuart J., ed., Microsoft Windows NT Server Networking Guide: Technical Information and Tools for the Support Professional, Redmond, Washington: Microsoft Press, 1996.

Stuple, Stuart J., ed., Microsoft Windows NT Server Resource Guide: Technical Information and Tools for the Support Professional, Redmond, Washington: Microsoft Press, 1996.

Thomas, Steven B., Windows NT 4.0 Registry: A Professional Reference, New York: McGraw-Hill, 1998.

1066