3.安装最新的服务包:SP6a
安装最新的热补丁:
q241041 Enabling NetBT to Open IP Ports Exclusively
q243404 WINOBJ.EXE May Let You View Securable Objects
Created/Opened by JET500.DLL
q243405 Device Drivers Create their Corresponding
DeviceObject with FILE_DEVICE_SECURE_OPEN Device
Characteristics
q244599 Fixes Required in TCSEC C2 Security Evaluation
Configuration for Windows NT 4.0 Service Pack 6a.
Windows NT Appears to Hang When You Log Off After
Installing Service Pack 6.
q188806 NTFS Alternate Data Stream Name of a File May
Return Source
q252463 Security Update, April 13, 2000
q267559 Security Update, July 17, 2000
q269862 Security Update, August 15, 2000
q271652 Security Update, September 8, 2000
4.安装option pack:
选择自定义安装:
只安装如下组件:
[_] Internet Information Server
[_] Internet Service Manager
[_] World Wide Web Server
[_] Microsoft Data Access Components 1.5
[_] Data Sources
[_] MDAC: ADO, OBDC, and OLE DB
[_] Remote Data Service 1.5
[_] RDS Core Files
[_] Microsoft Management Console
[_] NT Option Pack Common Files
[_] Transaction Server
[_] Transaction Server Core Components
将www安装在和操作系统不同的分区上
安装transaction server时选择default/local administration
5.安装最新的MDAC (2.6 RTM as of 10/30/00)
二、配置NT
1.设置权限:
使用用户管理器在所有分区上的根目录上设置如下:
* Administrators::FULL CONTROL
* System::FULL CONTROL
2.设置屏幕保护
在控制面板中选择显示
选择屏幕保护程序
选中密码保护,点击确定
3.设置服务:
禁止如下的服务:
Alerter (disable)
ClipBook Server (disable)
Computer Browser (disable)
DHCP Client (disable)
Directory Replicator (disable)
FTP publishing service (disable)
License Logging Service (disable)
Messenger (disable)
Netlogon (disable)
Network DDE (disable)
Network DDE DSDM (disable)
Network Monitor (disable)
Plug and Play (disable after all hardware configuration)
Remote Access Server (disable)
Remote Procedure Call (RPC) locater (disable)
Schedule (disable)
Server (disable)
Simple Services (disable)
Spooler (disable)
TCP/IP Netbios Helper (disable)
Telephone Service (disable)
在必要时禁止如下服务:
SNMP service (optional)
SNMP trap (optional)
UPS (optional
设置如下服务为自动启动:
Eventlog ( required )
NT LM Security Provider (required)
RPC service (required)
WWW (required)
Workstation (leave service on: will be disabled later in
the document)
MSDTC (required)
Protected Storage (required)
3.用户权限分配:
从网络中访问这台计算机:No one
将工作站添加到域:No one
备份文件和目录:Administrators
更改系统时间:Administrators
强制从远程系统关机:No one
加载和下载设备驱动程序:Administrators
本地登录:Administrators
管理审核和安全日志:Administrators
恢复文件和目录:Administrators
关闭系统:Administrators
获得文件或对象的所属权:Administrators
忽略遍历检查(高级权力):Everyone
作为服务登录(高级权力):No one
内存中锁定页:No one
替换进程级记号:No one
产生安全审核:No one
创建页面文件:Administrators
配置系统性能:No one
创建记号对象:No one
调试程序:No one
增加进度优先级:Administrators
添加配额:Administrators
配置单一进程:Administrators
修改固件环境值:Administrators
生成系统策略: Administrators
以批处理作业登录:No one
