Welcome to the Microsoft Windows 2000 Security Hardening Guide. This document provides administrator guidance for how to set up and configure secure Windows 2000 systems in several scenarios. This document is a baseline for other hardening guides published by Microsoft, such as the Microsoft Solutions for Security.

This document is not meant as a replacement for the Windows 2000 Common Criteria Security Configuration Guide or the Microsoft Solution for Securing Windows 2000 Server, but rather as a more generally applicable hardening guide, which applies to a much broader range of specific systems which may include or exclude services specified in the other resources.

The Common Criteria guide is designed for general purpose systems that specifically need to be compliant with the Common Criteria evaluation requirements and sacrifices some usability to do so. The document you are currently reading is designed to provide more generic guidance for a wider range of specific system classes, without necessarily trading off basic operating system functionality.

The Solution for Securing Windows 2000 Server is designed for a more specific set of systems than the Security Hardening Guide. To start off, it only applies to the Windows 2000 Server family, not to Windows 2000 Professional. It also describes a very specific set of configurations, whereas the settings in the Windows 2000 Security Hardening Guide are much more general.

One way to visualize the differences between the various guides is to use an organization chart.


The recommendations in this guide were generally chosen to safely allow Microsoft customers to deploy the recommended settings on existing Windows 2000 systems, not just on newly-built systems. We have also reviewed the default permissions on Windows Server 2003 and recommended those permissions here where they did not break existing Windows 2000 Server services.

Solution Content

The Windows 2000 Security Hardening Guide contains 6 chapters plus three appendices. The entire guide, along with several security templates, allowing automatic configuration of the settings in this guide, are available in the download package on the Microsoft Download Center.

The guide contains the following sections:

Chapter 1: Introduction

Introduces the purpose and structure of the document and the assumptions of the audience.

Chapter 2: System Configurations

Identifies Windows 2000 configurations for which the document provides guidance.

Chapter 3: Operating System Installation

Describes how to securely install Windows 2000.

Chapter 4: Secure Configuration

Describes how to make security changes on Windows 2000.

Chapter 5: Security Configuration

Describes recommended configuration changes.

Chapter 6: Security Configuration Templates

Describes automating security configuration using security editor templates

Chapter 7: References

Appendix A: Windows 2000 Default Security Policy Settings

Identifies the Windows 2000 default security policy settings.

Appendix B: User Rights and Privileges

Identifies the default user rights assignments on Windows 2000, and summarizes recommended changes.

Appendix C: Windows 2000 Security Configuration Checklist

Presents a configuration checklist to ensure all necessary installation and configuration steps are taken.


Related Resources

Read other security solutions from the Microsoft Solutions for Security and Compliance (MSSC) team.

Give Us Your Feedback

The Microsoft Solutions for Security and Compliance (MSSC) team would appreciate your thoughts about this and other security solutions.

Have an opinion? Let us know on the Security Solutions Blog for the IT Professional.

Or e-mail your feedback to the following address: SecWish@microsoft.com. We respond often to feedback that is sent to this mailbox.

We look forward to hearing from you.