• google adwords-a strategy tutorial
  
• making your own desktop videos on linux
  
• spiffing up ubuntu 6.06
  
• for solaris 10 6/06 admin-zfs pools and containers
  
• ad blocking w/o third party software
  

• linux for primers
  
• optimizing your site for search engines
  
• apache and ssl for win32
  
• nt4 server lockdown
  
• install cistron radius on linux
  

• c-programming 1
  
• c-programming 2
  
• c-programming 3
  
• c-programming 4
  
• c-programming 5

• getting started with counter strike-source
  
• setting permissions in linux
  
• brief bf2 tactics
  
• business 102
  
• how to achieve top ranking in search engines
  

• advanced loader      ( flash mx )
  
• tooltips ( flash mx )
  
• displaying date/time in flash mx
  
• create an old style movie in flash
  
• find the mouse location in flash ( 5 and mx )
  

• securitytutorials
  
• computertutorials
  
• securitytutorials2
  
• computertutorials3
  
• computertutorials4
  

NT4 SERVER LOCKDOWN

This paper is the work of The Master Jedi Pimpsor AKA thehorse13, who has kindly consented to it being hosted here on the TAZ.

The original post can be found here:
http://www.antionline.com/showthread.php?s=&threadid=239462

I have used this to lock down NT4 servers for a while now. I wrote it about two years ago. From what I've seen out there, this how to is still very good to use. Hope someone else can use it. Keep in mind that Windows shares will no longer work if you implement this giude. It is meant for a server that has a single specific purpose, like a bastion host or the like.

1. Install NT as a Stand-alone server - DO NOT JOIN A DOMAIN
2. Apply all current Service Packs and hot fixes
3. Ensure no other network applications are running on the machine (e.g.
IIS)
4. Implement strong passwords for admin account
5. Disable Guest account and DO NOT create any user accounts
6. Set password protection on screen saver - don't choose a screen saver
that's graphically intense
7. In Network Control Panel:
- uninstall all services
- uninstall all protocols except tcp/ip
- disable the WINS tcp/ip client ('all protocols' view on Bindings tab)
(These steps can be avoided if you skip networking install during NT setup
and manually install the adapter driver and tcp/ip afterwards - just double
check to make sure the WINS client doesn't appear)
8. Disable the "TCP/IP NetBIOS Helper" in the Services control panel
9. Disable the "WINS Client (TCP/IP) in the Devices Control panel
10. Remove the OS/2 and POSIX sub-systems (see below for details)
11. Ensure NTFS is in use for all partitions
12. Set permissions such that only the Administrator, Creator Owner, and
System accounts have any rights to any files (in other words, remove the
'Everyone' rights).

To disable and remove the OS/2 and POSIX subsystems, do the following:
To manually remove OS2 and POSIX completely:
• Delete the winnt\system32\os2 directory and all sub-directories.
• HKLM\SOFTWARE\Microsoft\OS/2 Subsystem for NT - Delete all sub-keys
• HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment\Os2LibPath - Delete
• HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\SubSystems\Optional - Delete OS2 Values
• HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems - Delete
all entries for OS/2 (and POSIX if you wish)
The OS/2 and POSIX sub-system will be gone after reboot. And it goes without
saying that registry hacking is dangerous.

Here are some other registry hacks that are useful:

Display legal Notices at logon by editing the following keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cu
rrentVersion\Winlogon
Key name: LegalNoticeCaption
Data Type: REG_SZ
Value: Legal Notice!
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cu
rrentVersion\Winlogon
Key name: LegalNoticeText
Data Type: REG_SZ
Value: This system is for authorized users only! Unauthorized use is subject
to prosecution.
All activity on this machine is being logged.

Hide the name of the last user to logon:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cu
rrentVersion\Winlogon
Key name: DontDisplayLastUserName
Data Type: REG_SZ
Value: 1

Original Tutorial Submitted by Nokia for TheTAZZone-TAZForum

Originally posted on March 4th, 2006 here

Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post...we do not sell, publish, transmit, or have the right to give permission for such...TheTAZZone merely retains the right to use, retain, and publish submitted work within it's Network.