Security Templates Define and Enforce the Rules

You know that Windows 2000 has a robust security model. However, to ensure legacy compatibility and interoperability, Win2K Setup activates only a few of the available security features. For example, when you install a fresh copy of Win2K or upgrade a legacy platform to Win2K, default security settings don't implement account lockout controls or enable security auditing. You'll also discover that the default settings permit blank and zero-length passwords and set most services to start automatically with the system account. And although Win2K Setup implements access controls on the system root to limit nonadministrator access, the OS grants Everyone Full Control access to the root of all logical drives.

You'll find many compelling reasons to modify the default security settings, especially if you're configuring systems for a secure environment. For example, to ensure application compatibility when you upgrade a Windows NT 4.0 system to Win2K, Win2K by default adds the local Users group to the local Power Users group. Members of the Power Users group can manage and manipulate local user and group accounts and shared resources—tasks you might not want a typical interactive user to perform. Therefore, if you plan to upgrade many NT 4.0 systems to Win2K, you might want to remove the local Users group from the local Power Users group. Similarly, if you're setting up a VPN server that only manages connections, you might want to disable unnecessary services as a deterrent to unauthorized access and to eliminate potential security vulnerabilities. As you learn more about Win2K's default security settings and how they affect a mixed environment, you're guaranteed to discover new areas of vulnerability that require your attention to eliminate intrusion opportunities. . . .