Windows 2000 Security
Step 1 – Passwords
If you have not set your passwords yet, do it now. You must select a strong password that you can remember. If your password is too short it will not be effective. In order to have a long password that you will be able to remember use passphrases instead of passwords.
Example 1: bigbear
Example 2: affjh5f4jy5d87
Example 3: thebearisbigandbad
Example #1 is too short to be a secure password. Example #2 is too hard to remember to be a practical password. Example #3 is long enough to be secure and easy enough to remember. This is the reason you should use passphrases instead of passwords.
Step 2 – Firewall
Outpost, ZoneAlarm, etc. There are many different software firewalls out there. Be sure to use one.
Step 3 – Authenticated Users
Right-click on one of your drives and select Properties. Click on the Security tab. You will want to add the Authenticated Users group and remove the Everyone group. Do this on all of your drives.
Step 4 – Accounts
Browse to My Computer > Control Panel > Users and Passwords. Click on the Advanced tab and then on the Advanced button. Click on the Users folder in the left-hand pane.
Administrator
Right-click on Administrator in the right-hand pane and select Rename. Rename this account to something else.
Guest
Right click on Guest in the right hand pane and click Rename. Rename this account to something else. Next double-click on the account and check the box Account is disabled.
Step 5 – Misc. Settings
Password Protect the Screensaver
Right-click on the desktop and select Properties. Click on the Screensavers tab and choose a screensaver from the dropdown box. Next make sure there is a check next to Password protected.
Disable Default Shares
Open regedit and browse to HKey_Local_Machine\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters. Next edit or add value AutoShareWks and set it to 0.
Unhide File Extensions
In explorer click on Tools > Folder Options. Next click on the View tab and make sure there is NOT a check next to Hide file extensiosn for known file types.
Disable CD Autorun
Open regedit and browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom. Next edit or add value Autorun and set it to 0.