The aim of the Microsoft Security Tool Kit is to help customers protect their systems from common and dangerous threats that they are likely to encounter on the Internet. The Security Tool Kit includes tools that provide a baseline level of security for servers that are connected to the Internet. It also includes security patches for vulnerabilities that the Microsoft Security Response Center has determined to be of potentially high severity for systems that are connected to the Internet.

Customers who are concerned about the threat from users internal to their organization—users who may be "inside" the organization's firewall? need to take additional steps in configuring their systems and might need to install additional security patches. Such organizations' choices will be guided by their own security policies.

You can order The Security Tool Kit CD at no charge for US customers. It includes automation scripts to quickly install all the security hotfixes recommended in the kit. It also includes all the content available in this online version of the kit.

The guides that follow are the first steps you can take toward securing your systems, whether they are already in operation or if you are building new systems.

Guides

This section includes guides, checklists, and other important documentation.

Updates

This section includes released service packs, other released software, security rollup packages, and other critical updates.

Tools

This section includes security management and deployment tools.

On This Page

Guides
Deployment and Management Tools
Online Resources

Guides

• Guides to Baseline Security

  Windows 2000 - New installation

  Windows 2000 - Existing installation

  Windows NT 4.0 - New installation

  Windows NT 4.0 - Existing installation

  Windows NT 4.0 Terminal Server Edition - New installation

  Windows NT 4.0 Terminal Server Edition - Existing installation

  These guides are the first steps you can take toward securing your systems, whether they are already in operation or if you are building new systems.

  Baseline Security Checklists

  Windows NT Workstation 4.0

  Windows NT Server 4.0

  Windows 2000 Server

  Internet Information Server 4.0

  Internet Information Services 5.0

  Windows XP

  Internet Explorer 5.01 Service Pack 2 or greater

  These checklists outline some of the steps you should take to configure your platforms with a baseline level of security.

• Fast Path Guides

  Make Your Desktop Secure

  Make Your Windows Servers Secure

  Fast Path to Systems Architectures and Network Designs

  Fast Path to Security and Locking Down Systems

• Windows 2000 Service Pack Installation and Deployment Guide

  View Document

  This document outlines procedures and options for installing Windows 2000 service packs in a corporate environment.

• Windows 2000 Hotfix Installation and Deployment Guide

  View Document

  This document outlines procedures and recommendations for installing Windows hotfixes on multiple computers in a small business or corporate environment.

• Windows NT Hotfix Installation and Deployment Guide

  View Document

  This document outlines procedures and recommendations for installing Windows hotfixes on multiple computers in a small business or corporate environment.

• Internet Explorer Deployment Guides

  Internet Explorer 5.01 Guide

  Internet Explorer 5.5 Guide

  Internet Explorer 6.0 Resource Kit: Planning for Deployment

• Using Systems Management Server (SMS) 2.0 to Deploy Security Tool Kit Fixes

  View Document

  To automate the distribution and installation of the recommended security fixes to Windows 2000 Professional; Windows 2000 Server; Windows 2000 Advanced Server; Windows NT Workstation 4.0; Windows NT Server 4.0; and Windows NT Server 4.0, Enterprise Edition, Microsoft has supplied a set of queries and package definition files in the SMS directory of the Security Tool Kit compact disc. SMS will help you determine which computers need the security fixes, and then deploy the fixes to the appropriate resources. The objects that the SMS team has built can be imported into an existing SMS 2.0 hierarchy to help facilitate the deployment of these security fixes and ensure that your environment complies with the baseline level recommended by Microsoft.

Deployment and Management Tools

• Microsoft Baseline Security Advisor

  The Microsoft Baseline Security Analyzer (MBSA) analyzes Windows systems for common security misconfigurations. Version 1.1 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and XP. MBSA includes the HFNetChk Command Line Hot Fix Check Tool.

• Internet Information Services Lockdown Wizard

  This tool lets you configure an IIS 4.0 or IIS 5.0 Web server for secure operation. It allows the administrator to choose a template to select the technologies that the server will support. The tool provides an undo feature that allows the effects of the most recent lockdown to be reversed. This tool includes the URLScan Security Tool, which is an ISAPI filter that screens and analyzes HTTP requests as IIS receives them. URLScan can, and should be, manually configured after installation for optimal security.

• Automatic Update and Critical Update Notifications

  Automatic Updates for Windows XP

  Automatic Updates for Windows 2000

  Automatic Updates for Windows ME

  Critical Update Notifications for Windows 98

• QChain.exe

  Details

  You can use QChain.exe to safely chain hotfixes together. Hotfix chaining involves installing multiple hotfixes without rebooting between each installation. Without this tool, the only supported method is to reboot after each hotfix installation.

Online Resources

• Microsoft Windows Update Sites

  Corporate Windows Update site

  The Microsoft Windows Update site provides an easy mechanism for obtaining current updates for the operating system, including critical security updates. The first link above will identify the current critical updates for the current system. The second link provides an easy way to download those same updates for deployment on multiple systems.

• Microsoft TechNet Security Web Site

  View Site

  This site provides security information and tools for anyone who deploys, maintains, or supports Microsoft products.

• Sign up to receive security bulletins

  View Site

  This is a free email notification service that Microsoft uses to send information to subscribers about the security of Microsoft products. Anyone can subscribe to the service, and you can unsubscribe at any time.

• Security bulletin search site

  View Site

  This site lists, in a searchable format, all released security bulletins affecting Microsoft products.

• Other Security Tools and Checklists

  Security Tools

  Security Checklists

© 2003 Microsoft Corporation. All rights reserved.