NIST Checklist Logo
NIST Security Configuration Checklists Repository
BETA
Browse Repository by
   Product Category
   Vendor
   Submitting
Organization

Our Sponsor
white space white space

Windows 2000 Level 1 Benchmark

Name Windows 2000 Level 1 Benchmark
Version 1.2.2
Status Final
Creation Date 2001-11-06
Revision Date 2004-07-27
Product Category

Operating System

Vendor

Microsoft Corporation

Product Microsoft Windows 2000 Pro/Server
Product Version Microsoft Windows 2000 Pro/Server
Product Role Desktop and Server Operating System
Checklist Summary This document is a first generation Level I Benchmark for the Microsoft Windows 2000 operating system.  It is a combination of best practices published by The SANS Institute, the National Security Agency, and the United States Department of Defense, plus advice from members of the Center for Internet Security (CIS).

CIS Level I Benchmarks define minimum standards for securing various operating systems including Windows, and variations of Unix.  These standards should be used to improve the “out of the box” security of common operating system software to a prudent “due care” minimum level.  By definition, the security actions included in CIS Level I Benchmarks satisfy three conditions: (1) they can be safely implemented by a system administrator of any level of technical security skill, (2) they will generally “do no harm” to functionality commonly required by everyday users, and (3) they can be scored by an associated software tool.  This document is an example of a Level I Benchmark.
Known Issues  
Target Audience  
Target Operational Environment Enterprise
Checklist Installation Tools Not Available
Rollback Capability Not Available
Testing Information Not Available
NIAP/CMVP Status  
Regulatory Compliance  
Comments, Warnings, Disclaimer, Miscellaneous
  
Disclaimer Differs for Public and Private consumers, please read disclaimer information from the CIS web site located at:
http://www.cisecurity.org/sub_form.html
Product Support  
Submitting Organization/Authors The Center for Internet Security (CIS)
Point of Contact cis-feedback@cisecurity.org
Sponsor  
Licensing

Differs for Public and Private consumers, please read licensing information from the CIS web site located at:
http://www.cisecurity.org/sub_form.html
Checklist Homepage http://www.cisecurity.org/
Download Package

http://www.cisecurity.org/sub_form.html
Integrity sha1 (CIS-W2KL1-v1.2.2.pdf) = 842dfd8d8c987a9db45ae78f4ba3e0cccd0b7f6b

sha256 (CIS-W2KL1-v1.2.2.pdf) = 0209abee1fc1aa56b3259b706cdfbdf2930a395e4
676ce1d020a2cc4b4bb69c2
Change History

November 6, 2001 – Version 1.0 released.

January 24, 2002 – Version 1.1.0 released.

Increased minimum password length from 7 to 8.

Added chapter on Available Services.

Added chapter on Other System Requirements.

Updated scoring to reflect new chapters.

Added service permissions to requirements.

Changed references to reflect that Major Hotfix and Service Pack requirement is to install the current service pack, rather than explicitly stating SP2.

April 1, 2002 – Version 1.1.6 released.

Added link in Appendix A

April 22, 2002 – Version 1.1.7 release.

Removed reference to NoLMHash because it is irreversible.

August 13, 2003 – Version 1.18 Released.

Modified to reflect new Terms of Use.

October 10, 2003 – Version 1.2.0 released. 

Lowered RestrictAnonymous requirement to 1 (minimum) because 2 is unsupported.

Relaxed account lockout settings due to user feedback.

October 15, 2003 – Version 1.2.1 released.

Removed requirements to restrict CD and Floppy drives to the locally logged-on user.

Removed service permission requirements.

July 27, 2004 – Version 1.2.2 released.

Reworded “Additional Restrictions for Anonymous Connections” description.

 
Dependency/Requirement  
References

The Center for Internet Security – http://www.cisecurity.org

The SANS Institute – http://www.sans.org

National Security Agency Security Recommendation Guides – http://nsa1.www.conxion.com

Department of Defense recommendations – not currently available online. Microsoft Windows Security – http://www.microsoft.com/security

Service Pack 2 Information - http://www.microsoft.com/windows2000/downloads/
servicepacks/sp2/

Current Critical Hotfixes - http://www.microsoft.com/windows2000/downloads/
critical/

Microsoft DirectoryServices Client for Windows 9x/Me - http://www.microsoft.com/TechNet/prodtechnol/
ntwrkstn/ downloads/ utils/dsclient.asp?frame=true

The CIS Scoring Tool that accompanies this document uses the Microsoft Network Security Hotfix Checker (HfNetChk), which is licensed to Microsoft by Shavlik Technologies – http://www.shavlik.com/

Windows NT Magazine article regarding editing the Registry - http://www.microsoft.com/technet/treeview/
default.asp?url=/ technet/prodtechnol/winntas/tips/
winntmag/inreg.asp

NIST Windows 2000 Security Guidelines - http://csrc.nist.gov/itsec/guidance_W2Kpro.html

NIST Identifier 1101


NIST and the checklist submitter do not guarantee or warrant the checklist's accuracy or completeness. NIST is not responsible for loss, damage, or problems that may be caused by using the checklist.

Last updated: August 24, 2006
Page created: October 28, 2004
Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to checklists@nist.gov
NIST is an Agency of the U.S. Commerce Department's Technology Administration