Deploying Windows NT 4.0 in a C2 Evaluated Configuration
Windows NT 4.0 has been evaluated at the C2 level in six different configurations:
Server operating as a primary domain controller
Server operating as a backup domain controller
Server operating as a member server
Server operating as a non-member server
Workstation as a domain member
Workstation as a non-domain member
The C2 Administrator's and User's Security Guide is the authoritative guide for configuring Windows NT 4.0 in one of the evaluated configurations. However, at a high level, the following tasks need to be performed:
Install Service Pack 6a for Windows NT 4.0 Server or Workstation, as appropriate. (Service Pack 6a can be downloaded from the Microsoft web site.)
Install one post-SP6a hotfix (see Microsoft Knowledge Base article 244599).
Use the Hardware System Integrity Tool to ensure that the hardware and firmware elements are operating correctly. See Microsoft Knowledge Base article 240049 for information on obtaining this tool).
Configure Windows NT according to Chapter 4 of the C2 Administrator's and User's Security Guide.
Please keep in mind that there is a difference between deploying a system in a C2-evaluated configuration and having a C2-certified system. A C2 evaluation considers whether a particular product (in this case, Windows NT) can be part of a C2 certification, when configured appropriately. A C2 certification indicates the degree of security that an actual deployment provides, and considers physical security, administrative procedures and other factors in addition to how Windows NT is configured. There can be considerable value in deploying Windows NT in one of the evaluated configurations, not the least of which is that doing so makes it eligible for certification. However, only an accredited certification facility can grant certification.