Knowing How Much Security You Need on a Windows 2000 Network
People gain access to a Windows 2000 network through user accounts. Each person should be assigned a unique user account. That way, the network sees each person as a distinct individual. This distinctiveness also grants you the capability to control who has access to what based on those user accounts. User accounts can be collected into groups so that multiple users can be assigned or restricted access at once. In fact, this way is the Microsoft-preferred method of assigning access permissions: Users are made members of groups, and groups are assigned access to resources.
As a user account logs on, it's authenticated to the network. This authentication process builds an access token from the user's group memberships and other security settings on the account. An access token can be thought of as a key ring with lots of keys. Most resources within Windows 2000 are behind locked doors. If you have the right key on your key ring, you can open the door. Otherwise, all you can do is knock.
By setting the correct permissions on files and folders, you can control which users can read, edit, and delete data on your network. With the right permissions, you can prevent users from modifying or even seeing data. Protecting users from each other is just as important as providing valid access. NT file system's (NTFS) file-level security gives you the versatility to do just that.
But how much security do you really want or need? You need an answer to this question before you perform too many security alterations on your system. No matter what size your network is, if you have any data that's essential to your continued existence as a valid "bees knees" (that's business for the squares), you need at least reasonable security. A network without security indicates that its managers are either lazy or uneducated. Although you can't do anything about the former problem, you can fight the latter right here, right now.
Securing built-in user accounts
Windows 2000 creates two accounts by default — Administrator and Guest. Thus, everyone in the world already knows about these two accounts. Fortunately, the Guest account is disabled by default, and it has limited access anyway. But the Guest account has a blank password by default, and it's a member of the Everyone group. The bigger issue is the Administrator account. This account is the most privileged user account in the Windows 2000 environment. The Administrator account has full, unrestricted access to every aspect of the operating system.
Such freedom includes the following capabilities:
- Installing new drivers
- Creating and deleting user accounts
- Shutting down a server
- Formatting drives
- Reinstalling the OS
- Disabling services
- Deleting any file
- Changing auditing
- Editing system logs
- And more, more, more
Following are some very important actions that you should take immediately on installing Windows 2000:
- Give the Guest account a difficult-to-guess password, but leave the account disabled.
- Give the Administrator account an impossible-to-guess password. Write this password down on a slip of paper, seal it in an envelope, and then store it at the bottom of a bank vault.
- Rename the Administrator account something not so obvious.
- Create a new account named Administrator, give it a reasonable password, and restrict its every access. Now you have a decoy for would-be attackers.
To go along with this basic protection for these default user accounts, you should also seriously consider not using the default Administrator account, even after renaming it. Create a unique user account for each person who needs administrative-level access and add that user account to the Administrators group. You need to create a normal user account for each of these people as well. They must use their administrative level user account only in performing administrative tasks; at all other times, they should log on as normal users. Make this edict a company rule; then enforce it.
Yanking up the red carpet
If you need to grant users temporary and/or limited access to your network, don't automatically grant them access to the Guest account. Although this account may seem initially convenient, it does introduce a potential security hazard. Consider leaving the Guest account tied down and creating your own temporary user accounts. This approach gives you greater control over these users, and you can assign a unique user account for each person. You should also create your own Visitors user group instead of using the default Domain Guests user group.
You should restrict access for these visiting user accounts. Make sure that you define a specific termination date for these accounts. You can define such an expiration date through the user account's Properties.