previous  next  Title  Contents  Index        Previous     Next      Top   Detailed TOC  


Securing Windows NT (3.5 - 4): Part 1

Automatic screen locking with password protection should enabled after (say) 5 minutes (Control Panel --> Desktop). 

Several utilities allow remote configuration of a system: Registry editor, User manager, server manager, Event Viewer etc. There doesn't seem to be anyway to prevent remote access, except by removing the users access rights in the domain, or disable the "Access this computer from the network" right for all users.
If you don't trust your domain admins, then don't log into the doamin, just log on locally and authenticate for individual resources, otherwise the Domain Admins will be added to the Local Admin group and hence have full access. One reason to log onto the domain is to change passwords, this can now be done without logging onto the domain, thanks to a tool from Alexander Frink wwwthep.physik.uni-mainz.de/~frink/nt.html.

If NFS is used, ensure that the pcnfsd has been securely installed on the server (UNIX) side. See the "Securing UNIX" chapter.  Don't rely on NFS for high security.