Planning for Security

It is important to minimize the possibility of human error or deliberate sabotage. If anyone can access a computer running Windows 2000 and restart it, security software cannot protect your data from being damaged or stolen.

You can implement procedures that restrict physical access to your entire facility or to certain areas to which various personnel need access. Some ways to protect data include keeping computers in secure offices and password-protecting screen savers. Run virus checks on floppy disks before using them or disable floppy disk drives, which can sometimes be done by using Basic Input/Output System (BIOS) options. You can also run virus checks on a computer or physically disconnect it.

Windows 2000 allows you to create a profile for each user and restrict user access to files and servers, but no amount of planning can anticipate all the ways that data or computers can be damaged. Therefore, backup is a crucial part of your security and storage procedures. For more information about planning backup and storage procedures, see "Backup" in this book.

Windows 2000 includes auditing software that writes information to a security log whenever there is an attempt to breach security. You can log access to files and all logon attempts, valid or invalid. Your audit policy determines the types of events that are recorded in the security log. For more information, see Windows 2000 Server Help.

© 1985-2000 Microsoft Corporation. All rights reserved.