JSI Tip 8746. Security configuration guidance support.

Jerold Schulman

December 1, 2004

1 Min Read
ITPro Today logo in a gray background | ITPro Today


Microsoft Knowledge Base Article 885409 contains the following summary:

Microsoft, the Center for Internet Security (CIS), the National Security Agency (NSA), the Defense Information Systems Agency (DISA), and the National Institute of Standards and Technology (NIST) have published “security configuration guidance” for Microsoft Windows.

The high security levels that are specified in some of these guides may significantly restrict functionality of a system. Therefore, you should perform significant testing before you deploy these recommendations. We recommend that you take additional precautions when you do the following:

Edit access control lists (ACLs) for files and registry keys

Enable Microsoft network client: Digitally sign communications (always)

Enable Network Security: Do Not Store LAN Manager hash value on next password change

Enable System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

Disable Automatic Update Service or Background Intelligent Transfer Service (BITS)

Disable NetLogon Service

Enable NoNameReleaseOnDemand

Microsoft strongly supports industry efforts to provide security guidance for deployments in high security areas. However, you must thoroughly test the guidance in the target environment. If you require additional security settings beyond the default settings, we highly recommend that you see the Microsoft-issued guides. These guides can serve as a starting point for your organization's requirements. For support or questions regarding third-party guides, contact the organization that issued the guidance.



About the Author

Jerold Schulman

Jerold Schulman

See more from Jerold Schulman
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

a digital shield icon with a keyhole next to text that says linux kernel security
Vulnerabilities & Threats
Linux Kernel Exploits: How Attackers Gain Root Access and How To Defend Against It
Linux Kernel Exploits: Common Threats and How To Prevent Them

Oct 8, 2024

DevOps warning sign in front of gray sky
DevOps
How to Avoid Hidden DevOps Costs and Optimize for Efficiency
How to Avoid Hidden DevOps Costs and Optimize for Efficiency

Oct 9, 2024

a phone call between two business people reveals that one of them is a deepfake scammer
Vulnerabilities & Threats
We’re Worried About Deepfake Voice Scams. How Do We Protect Employees?
We’re Worried About Deepfake Voice Scams. How Do We Protect Employees?

Oct 4, 2024

Exclusive ITPro Resources
See all ITPro Resources

Featured Technical Explainers

MLOps
Ops and More
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?
multicloud concept
Cloud Computing
Cross-Cloud: The Next Evolution in Cloud Computing?
Cross-Cloud: The Next Evolution in Cloud Computing?
Wi-Fi 6 speed logo glowing on virtual screen while businessperson points hand and using laptop computer.
IT Operations
Wi-Fi 6: A Step Forward, But Wired LAN Still Holds the Crown
Wi-Fi 6: A Step Forward, But Wired LAN Still Holds the Crown
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

Recent What Is

cartoon shows a person next to a checklist and several icons that represent disaster scenarios
Disaster Recovery
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster RecoveryBCDR Basics: A Quick Reference Guide for IT Pros
technology interface with a person's hand drawing gears and cogs
PowerShell
Introduction To PowerShell Environment VariablesIntroduction To PowerShell Environment Variables