For the most part, the Windows 2000 registry is secure because only locally logged on users with sufficient permissions can access it, and only Administrators and Backup Operators can access the registry from across the network. At least that's the theory, but without Service Pack 3 you might still be vulnerable.
To be sure that the registry is adequately protected against anonymous network access, and the Local Security Authority (LSA) component of the registry is closed to anonymous users, follow these steps:
If the key and values mentioned here don't exist, see Microsoft Knowledge Base Article Q153183 for information about creating them.
Windows 2000 systems that were upgraded from Windows NT might not have the appropriate registry ACLs, because existing ACLs aren't changed during the upgrade process. If this is the case, you should refer to the "Default Access Control Settings in Windows 2000" white paper for the appropriate ACLs. This document is available at http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/secdefs.asp.
Anonymous access to the Local Security Authority (LSA) should be restricted, making it difficult for anonymous users to obtain security information from a computer. Windows 2000 systems running Service Pack 3 or newer should have anonymous access restricted, but to verify the restriction, use the following steps: