Microsoft's Windows 2000 and XP operating systems have a lot of useful security features. One of these is the concept of a template, which you can apply to a machine that will configure a large number of security settings all at once.
These templates can be found in the 'securitytemplates' subdirectories of your %SystemRoot% and you apply them from a snap-in called "Security Configuration and Analysis." Of course, Microsoft has about a dozen of templates that come standard with your machine they're probably appropriate for a lot of situations.
But setting those templates up can be a daunting task. If you don't think so, just add one to a management console (the help file will tell you how, if you don't know) and look at all the settings you can use.
Help is at hand. You may not know that your tax dollars have been hard at work analyzing Microsoft Windows security features and, as a result, the National Security Agency (NSA, better known for inspiring bad TV spy dramas) has published a set of security-related recommendations for configuring a Windows machine. The recommendations are developed specifically for the Department of Defense, so they may not all apply. But they could help.
Better yet, they have a template that you can download that more or less automatically configures your computer. You can download it at nsa1.www.conxion.com for free (if you don't count your taxes). Included in the download are two .inf files to apply to your system, and a .pdf file that is a multi-chapter hands-on guide to applying security templates to your systems and networks. One of the nice things about the templates is that they're updated regularly, which is, as you know, very important in the world of security.
And as usual, you should test these and other settings on a test machine before implementing it on production systems, however, if something does go wrong, in theory, you can return your settings to the defaults by applying the "setup security.inf" template.
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.