Lock down WinNT
Scott Lowe
Published: 27 Feb 2003 10:27 GMT
Windows 2000 has not yet completely supplanted Windows NT in the enterprise. Windows NT's enduring vitality is evidenced by the fact that Microsoft has extended support for the operating system for an additional year. As a result, admins who are responsible for Windows NT servers still need to keep them safe and secure.
One tool that can be of great assistance in this endeavor is the Security Configuration Manager (SCM), which was originally introduced in Windows NT Service Pack 4. If you run NT systems and have not yet taken a look at this tool, it's time to break it out and get it running.
What is it for?
Windows NT includes a number of utilities that let you secure portions of the system. Unfortunately, the more utilities it takes to lock down a system, the more likely it is that you will either miss something or simply not have the time to do the job the way it needs to be done. The NT SCM provides a centralised interface to many of these security parameters, eliminating the need to use a host of other utilities.
How is it run?
Assuming that you have installed at least Service Pack 4 for Windows NT (and by this time, I sincerely hope that you have), the SCM is already available for your use. To run it, start the Microsoft Management Console by choosing Start | Run, typing the command mmc, and pressing [Enter]. With the MMC running, choose Console | Add/Remove Snap-in. Click the Add button, choose Security Configuration Manager from the list of available snap-ins, and then click OK twice.
If the SCM option does not appear on the list of available snap-ins, it's possible that you installed an NT server and may have installed the option pack after installing SP6. In this case, you'll need to download the SCM files from Microsoft. Once you do so, run the installer using the instructions provided and try these steps again. When successful, you'll get a screen similar to the one in Figure A.
| Figure A |
 |
| Security Configuration Manager MMC |
Using the utility
The SCM consists of a number of templates that match the role the server plays on the network. For example, if you are running a Windows NT 4 server as a domain controller, you may want to consider using the basicdc4 security template. We'll take a closer look at templates in a minute.
Scanning the system
The SCM can help you determine the current security parameters of the system. Just select the item that begins Database, right-click on it, and choose the Analyze System Now option. You will be asked for a location in which to save the error log. In most cases, you can simply use the default. After you've completed this step, a number of parameters will be added underneath the Database option. Each parameter corresponds with a specific security area. See Figure B for a sample of this on my testing system.
| Figure B |
 |
| Sample output from a system analysis |
Previous
Did you find this article useful?
46 out of 78 people found this useful
- Share this article:
