The Threats and Countermeasures Guide page contains:

Topics on this Page
downGuide Overview
downDownloads and Resources
downGive Us Your Feedback

Threats and Countermeasures Guide Overview


Feedback for this Guide

Updated April 23rd, 2003

The purpose of this guide is to provide a reference to many of the security settings available in the current versions of the Microsoft® Windows® operating systems. This is a companion guide for The Windows Server 2003 Security Guide, available at and the Windows XP Security Guide available at

The chapters of this guide are split up to reflect the major sections that appear in the group policy editing user interface. Each chapter begins with a brief explanation of what will be covered, followed by a list of subsection headers, each one of these corresponds to a setting or group of settings. Each of these, in turn, has a brief explanation of what the countermeasure does.

Within the subsection for each setting there are three additional subsections: Vulnerability, Countermeasure, and Potential Impact. The Vulnerability subsection explains how the countermeasure could be exploited by an attacker if it is configured in a less secure manner. The Countermeasure subsection explains how to implement the countermeasure. The Potential Impact subsection explains the possible negative consequences of putting the countermeasure in place.

While many of the settings available in group policy are documented in this guide, not all of them are. That is because many of the group policy settings are intended to help organizations manage their environments but they aren't necessary directly related to security. This guide only examines the settings and features available in Microsoft® Windows Server 2003™ and Windows XP® that can help an organization secure their enterprises.

The information provided within this guide should help you and your organization decide which specific countermeasures need to be put in place and how to prioritize that list.

Guide Overview Back to Top

Chapter 1: Introduction to the Threats and Countermeasures Guide

This chapter introduces the Threats and Countermeasures Guide, and includes a brief overview of the contents.

Chapter 2: Domain Level Policies

This chapter discusses the domain level policies, including Account Policies, Account Lockout Policies, and Kerberos Policies.

Chapter 3: Audit Policy

This chapter covers the different settings that apply to auditing and provides an example of audit events created by several common tasks.

Chapter 4: User Rights Assignment

This chapter details the logon rights and privileges that make up the User Rights Assignment section of the Group Policy editor.

Chapter 5: Security Options

This chapter discusses computer security settings such as digital data signing, renaming Administrator and Guest accounts, , driver installation behavior, and logon prompts.

Chapter 6: Event Log

This chapter discusses the settings in Group Policy that can be used to define attributes related to the application, security, and system event logs.

Chapter 7: System Services

This chapter provides an overview of the system services included with Windows Server 2003 and Windows XP.

Chapter 8: Software Restriction Policies

This chapter is dedicated to software restriction policies, which are a new feature in Windows® XP and Windows Server 2003. Software Restriction Policies provide a system for specifying which programs are allowed to execute and which are not.

Chapter 9: Windows XP, Office XP, and Windows Server 2003 Administrative Templates

This chapter discusses the administrative template sections of group policy which include registry – based settings that govern the behavior and appearance of the computers in an environment.

Chapter 10: Additional Registry Settings

This chapter provides additional registry keys and registry value entries for the baseline security template file that are not defined within the Administrative Template (.adm) file.

Chapter 11: Additional Member Server Hardening Procedures

This chapter describes how to implement additional countermeasures, such as securing accounts and implementing IPSec filters.

Chapter 12: Conclusion

This chapter of the guide recaps the important points of the material in a brief overview of everything discussed in the previous chapters.

Downloads and Resources Back to Top