First, security policy
It is well known that the Windows 2000 system itself has many security vulnerabilities. Patching is a way to reduce most vulnerabilities, but it does not eliminate small vulnerabilities, which are often important ways to attack or invade. The "Local security policy" that comes with Windows 2000 is a good system security management tool. This tool can be said to be a system of defense tools often some necessary settings can play a preventive role, but do not underestimate this tool. Here are some common settings for you to set up a security policy for the system to play a role in security.
Second, the specific operation
Figure 1
The system's local Security policy tool is in the main interface of the local security policy after clicking start → control panel → administration tools → local security policy. Here you can set various security policies by using the commands on the menu bar, and you can choose how to view, export lists, and import policies.
1. Security log settings: Because the security log is an important means of recording a system, you can view some of the running state of the system through the log, while the default installation of Windows 2000 does not open any security audits, so you need to open the appropriate audit in the local security policy → Audit policy. Click "Start → control Panel → admin tools → local security policy → Left local policy → Audit Policy", see "Audit policy change" in right column ... For 9 items, we double-click each item and then make a selection on the "success, failure" selection box.
2. Account security Settings: Windows 2000, the default installation allows any user through the empty user to get the system all accounts and share lists, resulting in some passwords easy to leak and the computer to attack, so you must use the following security settings. Click "Start → control Panel → admin tools → local security policy → local policy → account policy" and see the right column has "password policy, account lockout policy" 2 items.
Set in Password policy: Enable "Password must meet complexity requirements", "Minimum password Length" is 6 characters, "Mandatory password history" is 5 times, "Maximum password lifetime" is 30 days.
Set in Account lockout policy: "Reset account lockout counter" for 30 minutes, "Account lockout Time" is 30 minutes, "Account lockout value" is 30 minutes.
3. Security option settings: Click "start → control Panel → admin tools → local security policy → local policy → security options" to find the right column "Additional restrictions on anonymous connections." Double-click to set the valid policy, select Do not allow to enumerate SAM accounts and shares (as shown in the figure). This is typically selected because this value allows only non-null users to access SAM account information and share information.
Figure 2
After this setup, your system will be much more secure, especially the security of the account and password, effectively prevent some illegal intrusion. Not only can you view the log to monitor some of the system's operational aspects of important information. Also have a clear grasp of the account login.