Chapter 1. Introduction

Click here to download the PDF of this document. (W2kCCAdm.pdf)

On This Page

Introduction
Audience Assumptions
Document Overview
Conventions
Document Links

Introduction

Welcome to the Microsoft Windows 2000 Evaluated Configuration Administrator's Guide. This document provides sufficient guidance to allow an administrator to securely operate Windows 2000 in accordance with the requirements stated in the Windows 2000 Common Criteria Security Target (ST).

The Windows 2000 Common Criteria Security Target, henceforth referred to as the Windows 2000 ST, provides a set of security requirements taken from the Common Criteria (CC) for Information Technology Security Evaluation. The Windows 2000 product was evaluated against the Windows 2000 ST and found to satisfy the ST requirements.

This document is targeted at the administrator and provides a description of how to perform the administrative security functions needed to securely operate Windows 2000 in accordance with the ST requirements.

Audience Assumptions

This document assumes the administrator is familiar with the security features of the Windows 2000 product. To administer a Windows 2000 computer or system, one should be familiar with the product documentation for the operating system such as the Microsoft Windows 2000 Resource Kit.

Document Overview

This document has the following chapters:

Chapter 1, "Introduction", introduces the purpose and structure of the document and the assumptions of the audience.

Chapter 2, "Security Administration", describes the Evaluated Configuration and provides an overview of the security functionality.

Chapter 3, "Administering Windows 2000 in a Secure Manner", provides a description of each of the security functions that must be performed by the administrator to securely operate the system in accordance with the requirements stated in the Security Target.

Chapter 4, "External Security Measures", describes any measures that should be addressed by the Windows 2000 environment which require the administrator's attention.

Chapter 5, "Acronyms"

Chapter 6, "References"

Conventions

Throughout the document, the following conventions are followed:

Warnings: warnings are provided to make the administrator aware of cautions they should take to ensure the system is secure. Warnings are identified with the bolded word Warning (e.g. Warning: ").

Note: Text that is important for the administrator to take notice of is identified with a bolded word "Note" (e.g. Note).

Evaluated Configuration: used to refer to the configuration of Windows 2000 that was evaluated and determined to meet the Windows 2000 ST.

Document Links

Chapter 2. Security Administration

Chapter 3. Administering Windows 2000 Security

• Security Functions Overview

• Windows 2000 Security Policies

  • Overview

  • Local Security Policy

  • Domain Security Policy

  • Domain Controller Security Policy

• Account Policies

  • Overview

  • Configuring Password Policies

  • Configuring Account Lockout Policies

  • Configuring Kerberos Policies

• Local Policies

  • Overview

  • Configuring Audit Policies

  • Configuring User Rights

  • Configuring Security Options

• Creating and Maintaining User and Group Accounts

  • Overview

  • Computer Accounts

  • Group Accounts

  • User Accounts

• Data Protection

  • Overview

  • Setting Access Controls

  • Administering IPSec

  • Implementing the Encrypting File System

• Audit Management

  • Overview

  • Viewing the Security Log

  • Configuring the Event Logs

  • Archiving an Event Log

  • Change the Default Event Viewer Log File Location

• Domains and Trust Relationships

  • Overview

  • Primary and Trusted Domains

• Routine Operations

  • Setting IP Address Information and Host Security

  • Joining a Computer to a Domain or Workgroup

  • Remove a Computer from a Domain

  • Disable Unnecessary System Services on Domain Computers

  • Disable Unnecessary System Services Locally

  • Locking and Unlocking a User Desktop

  • Managing Disk Quotas

• Active Directory Sites and Services

  • Overview

  • Active Directory Replication

  • Sites Container Hierarchy in Active Directory

• Protection of TSF

  • Set the Date and Time

  • Error Checking Tool

• Defining and Managing Security Templates

  • Overview

  • Starting Security Templates

  • Deleting a Security Template

  • Refreshing the Security Template List

  • Setting a Description for a Security Template

  • Applying a Security Template to a Local Computer

  • Importing a Security Template to a Group Policy Object

  • Viewing Effective Security Settings

Chapter 4. External Security Measures

Chapter 5. Acronyms

Chapter 6. References

Version 1.0

October 4, 2002

Prepared For:
Microsoft Corporation
Corporate Headquarters
One Microsoft Way
Redmond, WA 98052-6399

Prepared By:
Science Applications International Corporation
7125 Gateway Drive
Columbia, MD 21046

With special acknowledgement to the Windows 2000 Resource Kit, Microsoft Press