NIST Checklist Logo
NIST Security Configuration Checklists Repository
BETA
Browse Repository by
   Product Category
   Vendor
   Submitting
Organization

Our Sponsor
white space white space

Windows 2000 Server Level 2 Benchmark

Name Windows 2000 Sever Level 2 Benchmark
Version 2.2.1
Status Final
Creation Date 2003-01-01
Revision Date 2004-12-17
Product Category

Operating System

Vendor

Microsoft Corporation

Product Microsoft Windows 2000 Server
Product Version Microsoft Windows 2000 Server
Product Role Server Operating System
Checklist Summary This document is a security benchmark for the Microsoft Windows 2000 operating system for servers.  It reflects the content of the Consensus Baseline Security Settings document developed by the National Security Agency (NSA), the Defense Information Systems Agency (DISA), The National Institute of Standards and Technology (NIST), the General Services Administration (GSA), The SANS Institute, and the staff and members of the Center for Internet Security (CIS).
Known Issues  
Target Audience  
Target Operational Environment Enterprise/SOHO
Checklist Installation Tools Not Available
Rollback Capability Not Available
Testing Information Not Available
NIAP/CMVP Status  
Regulatory Compliance  
Comments, Warnings, Disclaimer, Miscellaneous
  
Disclaimer Differs for Public and Private consumers, please read disclaimer information from the CIS web site located at:
http://www.cisecurity.org/sub_form.html
Product Support  
Submitting Organization/Authors The Center for Internet Security (CIS)
Point of Contact cis-feedback@cisecurity.org
Sponsor  
Licensing

Differs for Public and Private consumers, please read licensing information from the CIS web site located at:
http://www.cisecurity.org/sub_form.html
Checklist Homepage http://www.cisecurity.org/
Download Package

http://www.cisecurity.org/sub_form.html
Integrity sha1 (w2k-srv-v2.2.1.pdf) =
407e073503fc5b60f07ec6d4cc2fb6de51ff78fd


sha256 (w2k-srv-v2.2.1.pdf) = f4ef942703927fa515b51a259a212f03afd1a57b
9be02554f74a6e7b1f20cb8b
Change History

January 1, 2003 – Version 1.0 released to public.

August 13, 2003 – Version 1.01 Released.
 - Modified to reflect new Terms of Use.

September 2, 2003 – Version 1.02 Released.
- Fixed description of 4.1.6 IIS Admin service.
- Changed value of entry at 3.2.2.14 as per http://support.microsoft.com/?kbid=315669.
- Corrected accompanying template to reflect proper service security.
- Corrected several file and registry permissions in accompanying security template.

April 2, 2004 – Version 2.1 Released.
- Changed setting 4.4.2.1 from HKCU to its synonymous setting HKLM\Software\Classes
- Changed setting 4.2.15 to “Not Applicable”
- Changed setting 4.2.33 to “Not Applicable”
- Settings 4.2.12, 4.2.13, and 4.2.14 changed to “Not Defined” to allow users to customize.
- Changed setting 3.2.2.3.2 to “Not Defined”

April 16, 2004 – Version 2.1.1 Released.
Updated to reflect Service Pack 4 as current.

October 5, 2004 – Version 2.1.1 Released.
Fixed spelling of references to TCPMaxHalfOpenRetried.
Fixed reference to section 3.2.2.5.
Changed 4.2.15 to “Not Defined”.
Dependency/Requirement  
References

The Center for Internet Security – http://www.cisecurity.org

August 24, 2006ca, sans-serif" size="2">The SANS Institute – http://www.sans.org

National Security Agency Security Recommendation Guides –

Department of Defense recommendations – not currently available online.

Microsoft Windows Security –
http://www.microsoft.com/security

Current Critical Hotfixes -
http://www.microsoft.com/windows2000/
downloads/critical/

Microsoft Directory Services Client for Windows 9x/Me - http://www.microsoft.com/TechNet/
prodtechnol/ ntwrkstn/downloads/ tils/dsclient.asp?frame=true

The CIS Scoring Tool that accompanies this document uses the Microsoft Network Security Hotfix Checker (HfNetChk), which is licensed to Microsoft by Shavlik Technologies – http://www.shavlik.com/

Windows NT Magazine article regarding editing the Registry - http://www.microsoft.com/technet/treeview/
default.asp?url=/technet/prodtechnol/winntas/
tips/ winntmag/inreg.asp

NIST Windows 2000

Security Guidelines - http://csrc.nist.gov/itsec/guidance_W2Kpro.html
NIST Identifier 1103


NIST and the checklist submitter do not guarantee or warrant the checklist's accuracy or completeness. NIST is not responsible for loss, damage, or problems that may be caused by using the checklist.

Last updated: August 4, 2006
Page created: October 28, 2004
Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to checklists@nist.gov
NIST is an Agency of the U.S. Commerce Department's Technology Administration