Security precautions to take while installing windows 2000

I am planning to re-install Windows 2000 professional in an office
network environment. Can somebody advise me precautions to take
while installation that can better the security of the system.

For example, I think I need to install, antivirus, spyware removal
programs and also some firewall and then update the system as soon as
the installation of the windows is complete.

What order should I follow for the above tasks?
Is there anything else that I should do?

Thanks in advance for any help!!!

Karl
Tue Nov 01 05:44:19 CST 2005


"Anonymous" <call_ret@yahoo.com> wrote in message
news:1130841640.634469.17730@g49g2000cwa.googlegroups.com...
> I am planning to re-install Windows 2000 professional in an office
> network environment. Can somebody advise me precautions to take
> while installation that can better the security of the system.

Windows 2000 hardening and security guides can be found at
www.microsoft.com/technet/security and www.nsa.gov/snac and
http://securityadmin.info/faq.asp#harden

> For example, I think I need to install, antivirus, spyware removal
> programs and also some firewall and then update the system as soon as
> the installation of the windows is complete.
>
> What order should I follow for the above tasks?
> Is there anything else that I should do?

Keep the system off the network / Internet until it is necessary to get on
the Internet. For example, configure the system securely via one or more of
the checklists above, then install a firewall before you get on the
Internet. The first thing you should do on the Internet is download all
missing Microsoft service packs and patches, e.g. start with Windows 2000
Service Pack 4, reboot, then Windows 2000 post-SP4 SRP rollup 1, reboot, any
missing patches after that, reboot. Antivirus can be installed and updated
at any time in those instructions, preferably as soon as possible.

Roger
Tue Nov 01 06:47:24 CST 2005

"Anonymous" <call_ret@yahoo.com> wrote in message
news:1130841640.634469.17730@g49g2000cwa.googlegroups.com...
>I am planning to re-install Windows 2000 professional in an office
> network environment. Can somebody advise me precautions to take
> while installation that can better the security of the system.
>
> For example, I think I need to install, antivirus, spyware removal
> programs and also some firewall and then update the system as soon as
> the installation of the windows is complete.
>
> What order should I follow for the above tasks?
> Is there anything else that I should do?
>
> Thanks in advance for any help!!!
>

Opinions differ, but here is how I would do it.
First, I would pre-download the likely needed service (which is
more simple for me as I would know what that is and already do
have it locally) that is service pack 4 and the post SP4 update
rollup 1, and the few post rollup security patches.
I would have the component updates desired also availalbe
with all of the above burned onto a cd (optionals are such as IE 6.1,
WMediaPlayer 9, DirectX 9.0c, WSH 5.6 update, MBSA 2,
if IIS was installed IISlockdown 2.1 and URLscan 2.5 update,
and there are some others, msxml, etc. )
(Looking at that list one gets the idea installing XP is more simple)

So, with downloaded stuff in hand on CD, I install with no network
wire connected. Then following install I update as far as I can with
the downloaded. Then, still with no network wire I configure some
initial sanity settings in local policy (if machine is not to join domain)
and define alternative admin access account.

OK, just about getting ready to visit Microsoft Update but first
I define an IPsec policy that allows no communications inbound,
but has rules that weaken that total inbound block, which start by
allowing ports tcp 80 and 443. OK, that is sufficient for visiting
Mircosoft Update. Others might say at this point instead of using
IPsec install a third-party firewall product and configure it (if so,
have its updates downloaded ahead of time also). For XP or
W2k3 I at this point just make sure the built-in firewall is on and
configured without exceptions other than for web access.

OK - so far only MS base system and perhaps a third-party firewall
product are installed, and now, for the first time the network wire
is attached (and tcp/ip configured for use if needed) and the box is
taken right into the hands of Microsoft Update.

Next, if MS Office is to be installed this is done and then the box is
taken to Microsoft Update (if Windows Update was used above,
then at this step box is taken to Office Update).

No wonder I do not like doing this, as I just got partly exhasuted
in writing it. I just did this the other week with W2k server to get
a new base virtual machine image (with no Office or VS or SQL)
and it took forever.

PA
Tue Nov 01 13:48:47 CST 2005

Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html

Protect Your PC
http://www.microsoft.com/athome/security/protect/

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

Anonymous wrote:
> I am planning to re-install Windows 2000 professional in an office
> network environment. Can somebody advise me precautions to take
> while installation that can better the security of the system.
>
> For example, I think I need to install, antivirus, spyware removal
> programs and also some firewall and then update the system as soon as
> the installation of the windows is complete.
>
> What order should I follow for the above tasks?
> Is there anything else that I should do?
>
> Thanks in advance for any help!!!

Anonymous
Wed Nov 02 02:42:18 CST 2005


PA Bear wrote:
> Before You Connect a New Computer to the Internet
> http://www.cert.org/tech_tips/before_you_plug_in.html
>
> Protect Your PC
> http://www.microsoft.com/athome/security/protect/
>
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
>
> Anonymous wrote:
> > I am planning to re-install Windows 2000 professional in an office
> > network environment. Can somebody advise me precautions to take
> > while installation that can better the security of the system.
> >
> > For example, I think I need to install, antivirus, spyware removal
> > programs and also some firewall and then update the system as soon as
> > the installation of the windows is complete.
> >
> > What order should I follow for the above tasks?
> > Is there anything else that I should do?
> >
> > Thanks in advance for any help!!!

This is valuable information that I have had here. Let me read the
pointers and then I may ask again when I need to.

Thanks all for your help.

PA
Wed Nov 02 11:49:30 CST 2005

Anonymous wrote:
> PA Bear wrote:
> > Before You Connect a New Computer to the Internet
> > http://www.cert.org/tech_tips/before_you_plug_in.html
> >
> > Protect Your PC
> > http://www.microsoft.com/athome/security/protect/
> >
> > Anonymous wrote:
> > > I am planning to re-install Windows 2000 professional in an office
> > > network environment. Can somebody advise me precautions to take
> > > while installation that can better the security of the system.
> > >
> > > For example, I think I need to install, antivirus, spyware removal
> > > programs and also some firewall and then update the system as soon as
> > > the installation of the windows is complete.
> > >
> > > What order should I follow for the above tasks?
> > > Is there anything else that I should do?
> > >
> > > Thanks in advance for any help!!!
>
> This is valuable information that I have had here. Let me read the
> pointers and then I may ask again when I need to.
>
> Thanks all for your help.

YW. Ask away!
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP