Introduction

Welcome to the Microsoft Windows 2000 Security Configuration Guide. This document provides guidance to allow for the secure installation and configuration of Windows 2000 in accordance with the Windows 2000 Common Criteria Security Target (ST).

The Windows 2000 Common Criteria Security Target, henceforth referred to as the Windows 2000 ST, provides a set of security requirements taken from the Common Criteria (CC) for Information Technology Security Evaluation. The Windows 2000 product was evaluated against the Windows 2000 ST and found to satisfy the ST requirements.

This document is targeted at those responsible for ensuring the installation and configuration process results in a secure configuration. For the purposes of this document, a secure configuration is one that enforces the requirements presented in the Windows 2000 ST, henceforth referred to the Evaluated Configuration.

Audience Assumptions

This document assumes the audience is familiar with the general installation process of Windows 2000 and the configuration tools provided by Windows 2000 to adjust the configuration settings.

Document Overview

This document has the following chapters:

"Introduction", introduces the purpose and structure of the document and the assumptions of the audience.

Chapter 1, "Hardware and Software Overview", identifies the hardware and software included in the Evaluated Configuration.

Chapter 2, "Operating System Installation", describes how to install the Evaluated Configuration of Windows 2000.

Chapter 3, "Secure Configuration", describes how to configure Windows 2000 into the Evaluated Configuration of Windows 2000.

Chapter 4, "Windows 2000 Common Criteria Secure Configuration Templates" describes how to partially automate the configuration of the Evaluated Configuration of Windows 2000 with the application of configuration templates.

"References" provides the references used to develop this document.

Appendix A, "Windows 2000 Default Security Policy Settings", identifies the Windows 2000 default security policy settings (prior to the application of the procedures that result in the Evaluated Configuration of Windows 2000).

Appendix B, "Audit Categories and Events", presents the Windows 2000 system audit events that correspond to the events required to be auditable by the Windows 2000 ST.

Appendix C, "User Rights and Privileges", identifies the default user rights assignments on Windows 2000, defines their applicability to the Windows 2000 ST, and provides change requirements and recommendations necessary to comply with the Windows 2000 ST.

Appendix D, "User and Group Accounts", identifies the default user and group accounts on Windows 2000, defines their applicability to the Windows 2000 ST, and presents changes to the accounts necessary to comply with the Windows 2000 ST.

Appendix E, "Windows 2000 Security Configuration Checklist for the Evaluated Configuration" presents a configuration checklist to ensure all necessary installation and configuration steps are taken to result in the Evaluated Configuration of Windows 2000.

Appendix F, "Windows 2000 Security Configuration Templates for the Evaluated Configuration" presents the configuration templates to support the automation of the required changes to the default settings to allow for the configuration of the Evaluated Configuration of Windows 2000. Additionally, the appendix presents the configuration templates to support the automation of the required and recommended changes to the default settings.

Terminology and Conventions

Throughout the document, the following terminology and conventions are followed:

Evaluated Configuration: used to refer to the configuration of Windows 2000 that was evaluated and determined to meet the Windows 2000 ST.

Warning: warnings are provided to highlight text that is critical to consider in ensuring the system is secure. Warnings are identified with the bolded word Warning (e.g."Warning")

Notes: text that is important to take notice of is identified with a bolded word "Note" or "Notes" (e.g. Note).

Mandatory settings when referring to setting policy or security options, if a policy or option must be set to a specific value to meet the Windows 2000 ST the setting is identified as a "Required" setting.

Recommended settings: when referring to setting policy or security options, if it is not necessary for a policy or option to be set to a specific value to meet the Windows 2000 ST, however, a specific value represents good security practice, then the setting is identified as a "Recommended" setting.