JSI Tip 8746. Security configuration guidance support.

Jerold Schulman

December 1, 2004

1 Min Read
ITPro Today logo in a gray background | ITPro Today


Microsoft Knowledge Base Article 885409 contains the following summary:

Microsoft, the Center for Internet Security (CIS), the National Security Agency (NSA), the Defense Information Systems Agency (DISA), and the National Institute of Standards and Technology (NIST) have published “security configuration guidance” for Microsoft Windows.

The high security levels that are specified in some of these guides may significantly restrict functionality of a system. Therefore, you should perform significant testing before you deploy these recommendations. We recommend that you take additional precautions when you do the following:

Edit access control lists (ACLs) for files and registry keys

Enable Microsoft network client: Digitally sign communications (always)

Enable Network Security: Do Not Store LAN Manager hash value on next password change

Enable System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

Disable Automatic Update Service or Background Intelligent Transfer Service (BITS)

Disable NetLogon Service

Enable NoNameReleaseOnDemand

Microsoft strongly supports industry efforts to provide security guidance for deployments in high security areas. However, you must thoroughly test the guidance in the target environment. If you require additional security settings beyond the default settings, we highly recommend that you see the Microsoft-issued guides. These guides can serve as a starting point for your organization's requirements. For support or questions regarding third-party guides, contact the organization that issued the guidance.



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like