Chapter 1 - Hardware and Software Environment

This section defines the hardware and software requirements for the Evaluated Configuration.

General Hardware Configuration
Set Power-On Password
Restrict the Boot Process
Enable Hardware BIOS Protection
Evaluated Hardware Configuration
Evaluated Software Configuration

On many hardware platforms, the system can be protected using a power-on password. A power-on password prevents unauthorized personnel from starting an operating system other than Windows 2000, which would compromise system security. Power-on passwords are a function of the computer hardware, not the operating system software. Therefore the procedure for setting up the power-on password depends on the type of computer, and is available in the vendor's documentation supplied with the system.

Most personal computers support the ability to start a number of different operating systems. For example, even if users normally start Windows 2000 from the C:\ drive, someone could boot another operating system from removable media on another drive, such as a floppy disk drive or a CD-ROM drive. If this happens, any security precautions taken to secure the Windows 2000 operating system might be circumvented.

For a secure system, install only one version of Windows 2000 on the C:\ partition or drive and do not install any other operating systems on the computer (do not make the computer multi-boot capable). The CPU also needs to be physically protected to ensure that no other operating system is loaded. Depending on particular configuration circumstances, the floppy disk drive or drives may be removed. In some computers setting switches or jumpers inside the BIOS can disable booting from the floppy disk drive. If hardware settings are used to disable booting from the floppy drive, the computer case should be locked (if that option is available with the computer) or the machine can be locked in a cabinet with a hole in the front to provide access to the floppy disk drive. If the CPU is in a locked area away from the keyboard and monitor, drives cannot be added or hardware settings changed for the purpose of starting from another operating system.

Protect the BIOS configuration of each Windows 2000 computer with a BIOS setup password. On many hardware platforms, opening the case and clearing the BIOS through a set of jumpers or by removing the motherboard battery can disable the BIOS password. To prevent this, protect the hardware as described above in the "Restrict the boot process" subsection.

The evaluated hardware configuration includes the following platforms configured as shown:

• Dell PE 2500

• Dell PE 6450/550

• Dell PE 2550

• Dell PE 1550

• Dell Optiplex GX400

• Compaq Proliant ML570

• Compaq Professional Workstation AP550

• Compaq Proliant ML330

The Evaluated Configuration of Windows 2000 includes the Windows 2000 Professional, Server, and Advanced Server products configured in any one of the roles shown in the table below and in accordance with the installation and configuration instructions provided in this document. For further information regarding the specific security requirements met by Windows 2000, see the Windows 2000 Security Target.

It is important to understand the difference between a domain and a workgroup environment. The main difference been a domain and a workgroup is that workgroup environments use decentralized administration. This means that every computer must be administrated independently of the others. Domains use centralized administration, in which administrators can create one domain account and assign permissions to all resources within the domain to that one central user or group of users. Centralized administration requires less administration time and provides a more secure environment. In general, workgroup configurations are used in very small environments that do not have security concerns. Larger environments and environments that must have tight security on data should use a domain configuration. Basic definitions are provided below.

• Domain. A collection of computers defined by the administrator of a Windows 2000 Server network that share a common directory database. A domain has a unique name and provides access to the centralized user accounts and group accounts maintained by the domain administrator. Each domain has its own security policies and security relationships with other domains and represents a single security boundary of a Windows 2000 computer network.

• Workgroup. A logical grouping of networked computers that share resources, such as files and printers. A workgroup is sometimes referred to as a peer-to-peer network because all computers in the workgroup can share resources as equals, without a dedicated server. Each Windows 2000 Server and Professional computer in a workgroup maintains a local security database, which contains a list of user accounts and resource security information specific to that computer.

• Domain Controller. For a Windows 2000 Server domain, the server that authenticates domain logons and maintains the security policy and the security accounts master database for a domain. Domain controllers manage user access to a network, which includes logging on, authentication, and access to the directory and shared resources.

• Workgroup Member. A Windows 2000 Server or Professional computer that is a member of a Windows 2000 workgroup, formed as a logical grouping of networked computers for the purpose of sharing resources.

• Domain Member. A Windows 2000 Server or Professional computer that is a member of a Windows 2000 domain environment.

• Stand-Alone. Standard desktop, such as a Windows 2000 Professional computer, or Server computer that is not connected to any network as either a domain or workgroup member.