Additional Reading

The Windows 2000 Security Resource Kit (Microsoft Press, 2002) is the definitive source for Windows 2000 security information. There’s a lot of material to absorb here, but it makes a terrific reference.

The “Baseline Security Analyzer” white paper (http://www.microsoft.com/technet/security/tools/tools/mbsawp.asp) provides much more detail on what the specific vulnerability checks look for.

Shavlik Technologies licenses its HFNetChk engine to Microsoft, both as a stand-alone tool and as part of MBSA. Other, more powerful, commercial versions of HFNetChk are available directly from Shavlik; see their product comparison at http://www.shavlik.com/security/prod_hf_compare.asp.

Scambray & McClure, Hacking Windows 2000 Exposed (Osborne McGraw- Hill, 2001) is a terrific security reference for hardening your Windows systems. It also has a thorough explanation of the Windows security model and subsystems.

The Security Operations Guide for Windows 2000 Server is a book-length guide of security practices and settings published by Microsoft. It provides much more detail on good policies and practices, and I encourage you to download it from http://www.microsoft.com/technet/security/prodtech/windows/windows2000/staysecure/, read it, and follow it as part of your ordinary security policies.