I was asked recently to go to a car dealership and do a security analysis on their Windows Server 2000 machine.

This is what I recommend doing to any Windows 2000 machine where applicable.

Make sure that the guest account is disabled. It comes disabled by default.

A problem I notice allot is when I go to companies, lots of accounts are still active for employees who no longer work there. They should be removed when the employee is terminated or leaves on their own accord. Disgruntled employees have been known to wreck havoc.

Group policies can and should be implemented in a Windows 2000 environment and audited to make sure there are no extra accounts or accounts with weak passwords.

Password security is also important; if your password is weak it will be cracked. I have been in companies where your password is your initials. That is to simple. Implement password policies and account lockouts after multiple failed login attempts. WARNING this can create a denial of service attack. Create multiple admin accounts and give them different rights. A strong password policy for administrative tasks.

Run Net Share from the command line to view open shares on your network and shut those down unless needed.

Go into the BIOS and set a user password and disable the ability to boot from a floppy, USB, or CD. People can easily grab the SAM file which is a password hash stored on your system from a Linux boot CD or other tools. Then attempt to crack the hash.

Change the administrator account to a different name. That is usually a crackers first attempt. Rename it to something other than root as well.

Use NTFS on all partitions this gives you more control and security than using the FAT file system.

Make sure that the "Everyone" permission is not allowed on your resources, directories, etc.

Have the last user logged on turned off. This makes it easier for an attacker to guess passwords. There already half way there the have the username.

Apply appropriate access control lists.

Don