How to Secure a Computer:
Windows 2000

Introduction

Note: These procedures are designed for system administrators.

Windows 2000 was designed to be a more robust operating system than Windows 9x. This results in a more complex system to manage and more loopholes to protect. To help secure a Windows 2000 system, follow the guidelines below:

Specifics

1. Assign a secure password to all accounts.
Passwords are your first, best, line of defense in protecting any computer system. Select a secure password on all accounts, especially the Administrator and administrator-class accounts. Memorize these passwords. Do not write them down.

2. Install Symantec Antivirus.
Temple University provides a site-license for Symantec antivirus software which allows all students, faculty and staff to use it free on computers connected to Temple's network. The software must be set to auto-update in order to keep the virus definition files current.

3. Keep up with Microsoft security patches.
As new vulnerabilities are discovered, Microsoft may release patches that must be applied to protect your systems.

4. Disable any unnecessary services.
This might include IIS (web server), FTP, and others.

5. Disable the Guest account.

6. Set account lock out policy.
An account lock out policy will prevent a malicious user from repeatedly trying to guess passwords for your accounts.

7. Disable the Windows Default Shares.
By default, Windows 2000 creates shares that are hidden, but still exist. One way to disable these is to stop the "Server" service. If you do go this route, please note that Network Neighborhood functionality will cease.