windows-nt/Source/XPSP1/NT/termsrv/admtools/c2config/c2funcs.rtf

253 lines
36 KiB
Plaintext
Raw Permalink Normal View History

2020-09-26 03:20:57 -05:00
{\rtf1\ansi \deff9\deflang1033{\fonttbl{\f3\fmodern\fcharset0\fprq1 Courier;}{\f5\fswiss\fcharset0\fprq2 Arial;}{\f9\fswiss\fcharset0\fprq2 Helvetica;}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;
\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;
\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{\li120\sb80\sl-240\slmult1\nowidctlpar \f9\fs20 \snext0 Normal;}{\s1\li120\sb280\sa120\sl-320\slmult1\nowidctlpar \b\f9 \sbasedon0\snext15 heading 1;}{
\s2\li120\sb120\sa60\sl-240\slmult1\nowidctlpar \b\f9\fs20 \sbasedon0\snext0 heading 2;}{\s3\li120\sb120\sa60\sl-240\slmult1\nowidctlpar \f9\fs20 \sbasedon0\snext0 heading 3;}{\*\cs10 \additive Default Paragraph Font;}{\s15\li120\sl-240\slmult1
\nowidctlpar \f9\fs20 \snext0 Normal 2;}{\*\cs16 \additive\v \sbasedon10 Context String;}{\*\cs17 \additive\fs18\up6 \sbasedon10 footnote reference;}{\s18\li120\sb80\sl-240\slmult1\nowidctlpar \f9\fs20 \sbasedon0\snext0 footnote text;}{
\s19\li360\sb80\sl-240\slmult1\nowidctlpar \f9\fs20 \sbasedon0\snext0 Normal Indent;}{\s20\fi-240\li600\sb60\sl-240\slmult1\nowidctlpar \f9\fs20 \snext20 Jli;}{\s21\li120\sb60\sl-240\slmult1\keep\nowidctlpar\tx520\tx920\tx1320\tx1720\tx2120 \f3\fs16
\snext21 Ex;}{\s22\li120\sb160\sl-240\slmult1\nowidctlpar \f9\fs20 \snext23 Sa1;}{\s23\fi-240\li360\sb60\sl-240\slmult1\nowidctlpar \f9\fs20 \snext23 Jl;}{\s24\fi-240\li360\sl-240\slmult1\nowidctlpar\tx360 \f9\fs20 \snext25 Lb1;}{
\s25\fi-240\li360\sb60\sl-240\slmult1\nowidctlpar\tx360 \f9\fs20 \snext25 Lb2;}{\s26\li360\sb60\sl-240\slmult1\nowidctlpar \f9\fs20 \snext25 Lp1;}{\s27\fi-1800\li1920\sb120\sa40\sl-240\slmult1\nowidctlpar\brdrb\brdrs\brdrw15\brsp20 \brdrbtw
\brdrs\brdrw15\brsp20 \tx1920 \b\f9\fs20 \snext28 Th;}{\s28\fi-1800\li1920\sb60\sl-240\slmult1\nowidctlpar\tx1920 \f9\fs20 \snext28 Tp;}{\s29\li120\sb120\sa120\nowidctlpar \f9\fs20 \snext0 bitmap;}{\s30\li120\sb120\sl-240\slmult1\nowidctlpar \f9\fs20
\snext23 Sa2;}{\s31\li120\sb80\sl-240\slmult1\nowidctlpar \f9\fs20\uldb \sbasedon0\snext31 Jump Text;}{\s32\nowidctlpar \f5\fs20\ul \sbasedon31\snext32 Popup Text;}{\s33\sb240\sa60\nowidctlpar \b\f5\fs28\kerning28 \sbasedon1\snext0 Heading 1p;}}{\info
{\author Bob Watson}{\creatim\yr1994\mo10\dy24\hr9\min8}{\version1}{\edmins29}{\nofpages0}{\nofwords0}{\nofchars0}{\vern49221}}\widowctrl\ftnbj\aenddoc\noextrasprl\prcolbl\cvmme\sprsspbf\brkfrm\swpbdr\hyphcaps0 \fet0\sectd \linex0 {\*\pnseclvl1
\pnucrm\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl2\pnucltr\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang{\pntxta )}}{\*\pnseclvl5
\pndec\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl8\pnlcltr\pnstart1\pnindent720\pnhang
{\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}\pard\plain \s1\li115\sb280\sa120\sl-320\slmult1\keepn\widctlpar \b\f9 {\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
{\cs17\fs18\up6 #} IDH_FILE_SYSTEMS}} {\cs17\up6 ${\footnote \pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\b\fs18\up6 $}{\b File Systems}}} {\cs17\up6 K{\footnote \pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {
\cs17\b\fs18\up6 K}{\b File Systems}}} File Systems
\par \pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
Under Windows NT, only the NT File System (NTFS) supports Discretionary Access Control to the files and directories. Consequently, only NTFS volumes are allowed on the system to provide secure and auditable
access to the files. FAT volumes do not provide the necessary security functions to support C2 Level security.
\par
\par \pard\plain \s32\nowidctlpar \f5\fs20\ul File Systems Dialog{\v IDH_FILE_SYSTEM_DIALOG}
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 \page {\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_OS_CONFIGURATION}} {\cs17\fs18\up6 ${\footnote \pard\plain
\s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} OS Configuration}} {\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} OS Configuration}} OS Configuration
\par \pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
Allowing other operating systems, such as MS-DOS to run on a secure system, can allow users to circumvent Windows NT security. For a system to support C2 level security, Windows NT must be the only operating system on the computer.
\par
\par \pard\plain \s32\nowidctlpar \f5\fs20\ul Operating Systems Dialog{\v IDH_OPERATING_SYSTEM_DIALOG}
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 \page {\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_OS2_SUBSYSTEM}} {\cs17\fs18\up6 ${\footnote \pard\plain
\s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} OS/2 Subsystem}} {\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} OS/2 Subsystem}} OS/2 Subsystem
\par \pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
The OS/2 subsystem was not included in the current NCSC C2 evaluated configuration. For your system to conform to the evaluated configuration, the OS/2 system must be disabled. The C2Configuration manager disables the OS/2 subsystem by deleting the follow
ing files from the SYSTEM32 directory under the systemroot:
\par
\par \tab OS2.EXE
\par \tab OS2SS.EXE
\par
\par To restore the OS/2 subsystem to your computer, these files must be copied from the CD or Floppy disk to the SYSTEM32 directory under the system root using the {\b copy} or {\b expand} command.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 \page {\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_POSIX_SUBSYSTEM}} {\cs17\fs18\up6 ${\footnote \pard\plain
\s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Posix Subsystem}} {\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Posix Subsystem}} Posix Subsystem
\par \pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
The Posix subsystem was not included in the current NCSC C2 evaluated configuration. For your system to conform to the evaluated configuration, the Posix system must be disabled. The C2Configuration manager disables the Posix subsystem by deleting the fol
lowing file from the SYSTEM32 directory under the systemroot:
\par
\par \tab PSXSS.EXE
\par \pard \li120\sb80\sl-240\slmult1\nowidctlpar
\par \pard \li120\sb80\sl-240\slmult1\widctlpar To restore the Posix subsystem to your computer, this file must be copied from the CD or Floppy disk to the SYSTEM32 directory under the system root using the {\b copy} or {\b expand} command.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 \page {\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_SECURITY_LOG}} {\cs17\fs18\up6 ${\footnote \pard\plain
\s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Security Log}} {\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Security Log}} Security Log
\par \pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security}
\par
\par \pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
C2 Level security requires that a security audit log be maintained and events in the log may not be automatically overwritten. For systems that do not require C2 Level security, other logging options may be selected such as to overwrite events that are ol
der than a certain age, or when the log is full.
\par
\par \pard\plain \s32\nowidctlpar \f5\fs20\ul Security Log Settings Dialog {\v IDH_SECURITY_LOG_DIALOG}
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 \page {\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_HALT_ON_AUDIT_FAILURE}} {\cs17\fs18\up6 ${\footnote \pard\plain
\s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Halt on Audit Failure}} {\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Halt on Audit Failure}} Halt on Audit Failure
\par \pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20
If the security log is full, it becomes possible for some events to not get logged. Selecting this option will halt the computer when the log is full to prevent losing any events. If the system halts as a result of a full log, an administrator must restar
t the system and reset the log.
\par \pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
\par \pard\plain \s32\nowidctlpar \f5\fs20\ul Audit Failure Settings Dialog {\v IDH_AUDIT_FAILURE_DIALOG}
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 \page {\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_DISPLAY_LOGON_MESSAGE}} {\cs17\fs18\up6 ${\footnote \pard\plain
\s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Display Logon Message}} {\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Display Logon Message}} Display Logon Message
\par \pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 On a secured system, a warning message may be displayed before the user is allowed to log on. Typically this mess
age will inform the user that the system is for authorized users only and that unauthorized is considered trespass or is unwelcome.
\par \pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
\par On the other hand, if the system is in use in a public forum, this message may be used to inform the user of current events or how to log on to the system.
\par
\par \pard\plain \s32\nowidctlpar \f5\fs20\ul Logon Message Dialog {\v IDH_LOGON_MESSAGE_DIALOG}
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 \page {\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_LAST_USERNAME_DISPLAY}} {\cs17\fs18\up6 ${\footnote \pard\plain
\s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Last Username Display}} {\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Last Username Display}} Last Username Display
\par \pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 Displaying the name of the last user can make logging in more convenient, however, hiding the name of the last user can prevent usernames from bei
ng accidentally discovered and subsequently used to break in to the system. This option allows the last username to be hidden when the logon screen is displayed.
\par \pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
\par \pard\plain \s32\nowidctlpar \f5\fs20\ul Last Username Display Dialog {\v IDH_LAST_USERNAME_DIALOG}
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 \page {\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_SHUTDOWN_BUTTON}}{\cs16 }{\cs17\fs18\up6 ${\footnote \pard\plain
\s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} {\cs16 Shutdown Button}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} {\cs16 Shutdown Button}}}{\cs16
Shutdown Button
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Hiding the \ldblquote Shutdown\rdblquote
button from the logon screen prevents users from shutting the system down without first logging on to the computer. This option should only be selected if the power switch and reset button is not accessible by the user. Even though the shutdown butto
n may be hidden, if the user has access to either the reset button or the power switch, they may still turn the system off without properly shutting down the operating system.
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16
\par }\pard\plain \s32\nowidctlpar \f5\fs20\ul {\cs16 Shutdown Button Dialog} {\v IDH_SHUTDOWN_BUTTON_DIALOG}{\cs16
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_PASSWORD_LENGTH}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} {\cs16 Password Length}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Password Length}}{\cs16
Password Length
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
The longer the password, the less likely it will be discovered randomly, or deliberately by an intruder. C2 Level Security does not allow Blank Passwords. Using this item, the desired password policy can be selected.
\par
\par NOTE: Changing this setting will not affect passwords already defined in the system.
\par
\par \pard\plain \s32\nowidctlpar \f5\fs20\ul Password Length Dialog {\v IDH_PASSWORD_LENGTH_DIALOG}
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_GUEST_ACCOUNT}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} {\cs16 Guest Account}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Guest Account}}{\cs16
Guest Account
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security
\par }
The Guest account allows anonymous and therefore unauditable access to the system and its files. C2 Level security does not allow for anonymous access to the system and therefore requires that Guest accounts be disabled or deleted from the system. When th
is item is selected, the C2 Configuration manager disables all Guest accounts.
\par \pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16
\par }\pard\plain \s32\nowidctlpar \f5\fs20\ul {\cs16 Guest Account Dialog }{\cs16\v IDH_GUEST_ACCOUNT_DIALOG}{\cs16
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_NETWORKING}}{\cs16 }{\cs17\fs18\up6 ${\footnote \pard\plain
\s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} {\cs16 Networking}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Networking}}{\cs16 Networking
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
Windows NT networking services were not included in the NCSC C2 evaluated configuration. For your system to conform to the evaluated configuration, the network services must be removed or disabled.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 \page {\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_DRIVE_LETTER_AND_PRINT}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Drive Letters & Printers}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Drive Letters & Printers}}{
\cs16 Drive Letters & Printers
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 To prevent redirection of data to a device or port that may not be authorized, the assignment of drive letters and printer ports can be restricted to administrators only.
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16
\par }\pard\plain \s32\nowidctlpar \f5\fs20\ul {\cs16 Drives and Printers Dialog} {\v IDH_DRIVES_AND_PRINTERS_DIALOG}{\cs16
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_ALLOCATE_DRIVES}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Removable Media Drives}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Removable Media Drives}}{\cs16
Removable Media Drives
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\cs16
Since Windows NT is a multi-user system and programs run by other users may be running in the background while a user is logged on. It is possible to prevent programs run by other users from accessing disks in removable media drives that may have been ins
erted while a user is logged on by allocating these drives automatically when a user logs on.
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16
\par }\pard\plain \s32\nowidctlpar \f5\fs20\ul {\cs16 Allocate Removable Drives} {\v IDH_ALLOCATE_REMOVABLE_DRIVES_DIALOG}{\cs16
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_OTHER_SECURITY_ITEMS}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Other Security Items}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Other Security Items}}{\cs16
Other Security Items
\par }\pard\plain \s15\li120\sl-240\slmult1\nowidctlpar \f9\fs20 {\cs16
C2Config is not able to detect nor set all aspects of a Windows NT system in order to make it conform to C2 Level Security. This dialog lists the items that C2Config is not able to detect and set and provides references to where additional information may
be found on thc configuration of these items.
\par }\pard\plain \s32\nowidctlpar \f5\fs20\ul {\cs16 Power On Password }{\cs16\v IDH_POWER_ON_PASSWORD}{\cs16
\par Secure System Partition }{\cs16\v IDH_SECURE_SYSTEM_PARTITION}{\cs16
\par Change User Manager Program Item }{\cs16\v IDH_CHANGE_USER_MANAGER_ICON}{\cs16
\par Restrict Use of User Rights }{\cs16\v IDH_RESTRICT_USE_OF_USER_RIGHTS}{\cs16
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_POWER_ON_PASSWORD}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Power On Password}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Power On Password}}{\cs16
Power On Password
\par }\pard\plain \s15\li120\sl-240\slmult1\nowidctlpar \f9\fs20 {\cs16 The Power On password requires the user to enter a password before the system starts. Refer to the computer system\rquote s documentation for information on setting the system\rquote
s power-on password.
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_SECURE_SYSTEM_PARTITION}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Secure System Partition}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Secure System Partition}}{
\cs16 Secure System Partition
\par }\pard\plain \s15\li120\sl-240\slmult1\nowidctlpar \f9\fs20 On a RISC computer, start Disk Administrator and select Secure System Partition from the Partition Menu. This ensures that only users logged on as members of the Administrators g
roup can access files on the system partition.
\par \pard\plain \li120\sb80\sl-240\slmult1\nowidctlpar \f9\fs20 {\cs16
\par }{\cs16\b Note: this is only required on RISC computer systems.
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_CHANGE_USER_MANAGER_ICON}}{\cs16 }{\cs17\fs18\up6 $
{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Change User Manager Program Icon}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K}
Change User Manager Program Icon}}{\cs16 Change User Manager Program Icon
\par }\pard\plain \s15\li120\sl-240\slmult1\nowidctlpar \f9\fs20 If you are setting up Windows\~NT Server, remove the User Manager For Domains program item and add the User Manager program item as described in the \ldblquote Program Manager\rdblquote
chapter of the Windows\~NT Workstation or Windows\~NT Server {\i System} {\i Guide}. The name of the executable file for User Manager is {\b MUSRMGR.EXE.}{\cs16
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_RESTRICT_USE_OF_USER_RIGHTS}}{\cs16 }{\cs17\fs18\up6 $
{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Restrict Use of User Rights}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K}
Restrict Use of User Rights}}{\cs16 Restrict Use of User Rights
\par }\pard\plain \s15\li120\sl-240\slmult1\nowidctlpar \f9\fs20 This is managed and configured by the User Manager program and is described in the \ldblquote User Manager\rdblquote chapter of the Windows\~NT Workstation or Windows\~NT Server {\i System Guide
}. Rights should be limited as described in the {\i Windows NT C2 Security System Administrator\rquote s Guide}.{\cs16
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_FILE_SYSTEM_DIALOG}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} File System {\cs16 Dialog}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} File System Dialog}}{\cs16
File System Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security}
\par \pard \s15\li120\sl-240\slmult1\widctlpar {\cs16
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 The status of the disk volumes on the system is displayed in the list box. For Windows NT to support C2 Level security all disk volumes must use the NTFS file system.
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16 To convert a volume to the NTFS file system, select the volume in the list box (multiple volumes can be selected by holding the shift key while selecting).
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16 Selecting the C2 button will select all non-NTFS volumes for conversion.
\par
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16 NOTE: selecting a non-NTFS disk for conversion will NOT convert the disk immediately, rather it will schedule the disk for conversion the next time the system is shutdown and restarted.
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_OPERATING_SYSTEM_DIALOG}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Operating System {\cs16 Dialog}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Operating System Dialog
}}{\cs16 Operating System Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security}
\par \pard \s15\li120\sl-240\slmult1\widctlpar {\cs16
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16
The non-Windows NT operating systems are listed in the list box. Selecting items displayed in the list box will cause the C2 Configuration Manager to change that item to the value that supports C2 Level Security.
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16 Selecting the C2 button will select all items in the list box.
\par
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16 The changes selected in this list box are made immediately after the OK button is selected, however they will not take effect until the system is restarted.
\par }\pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_SECURITY_LOG_DIALOG}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Security Log Settings {\cs16 Dialog}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K}
Security Log Settings Dialog}}{\cs16 Security Log Settings Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 The characteristics of the security log can be set in this dialog. The options available are:
\par \pard \li120\sb80\sl-240\slmult1\widctlpar {\b Overwrite Events As Needed }which will overwrite the oldest events in the log once the log is full.
\par {\b Overwrite Events Older than ____ days} will overwrite events that are older the specified age regardless of how full the log is.
\par \pard \li120\sb80\sl-240\slmult1\widctlpar {\b Do Not Overwrite Events (Clear Log Manually)}
will prevent the log from automatically destroying any logged events. The administrator must manually reset the log. This option must be selected for C2 compliance.
\par \pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16 Selecting the C2 button will select the }{\b Do Not Overwrite Events (Clear Log Manually)} button.{\cs16
\par }
\par Changes made in this dialog are made immediately after the OK button has been selected.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_AUDIT_FAILURE_DIALOG}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Audit Failure Settings {\cs16 Dialog}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K}
Audit Failure Settings Dialog}}{\cs16 Audit Failure Settings Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Selecting the check box will configure the system to halt when the security log is filled. This setting prevents security events from occurring without an audit trail of them.
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Selecting the Secure button will select the check box.
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar
\par \pard \li120\sb80\sl-240\slmult1\widctlpar Changes made in this dialog are made immediately after the OK button has been selected, however they will not take effect until the system is restarted.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_LOGON_MESSAGE_DIALOG}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Logon Message {\cs16 Dialog}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Logon Message Dialog}}{
\cs16 Logon Message Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 The caption and text of a message box that is displayed prior to logon may be entered in the edit boxes contained in this display. The check
box must be unchecked before the edit boxes are enabled.
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Selecting the Secure button will uncheck the check box and enable the edit boxes. You must then provide the caption and message text before exiting the dialog.
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16
\par }Changes made in this dialog are made immediately after the OK button has been selected.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_LAST_USERNAME_DIALOG}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Last Username Display {\cs16 Dialog}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K}
Last Username Display Dialog}}{\cs16 Last Username Display Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Checking the check box will prevent the last username from being displayed in the logon dialog box.
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Selecting the Secure button will check the check box.
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16
\par }Changes made in this dialog are made immediately after the OK button has been selected.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_SHUTDOWN_BUTTON_DIALOG}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Shutdown Button {\cs16 Dialog}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Shutdown Button Dialog}}
{\cs16 Shutdown Button Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Checking the check box will prevent the Shutdown button from being displayed in the logon dialog box. This will require the user to logon before being able to shutdown Windows NT.
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Selecting the Secure button will check the check box.
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16
\par }Changes made in this dialog are made immediately after the OK button has been selected.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_PASSWORD_LENGTH_DIALOG}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Password Length {\cs16 Dialog}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Password Length Dialog}}
{\cs16 Password Length Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20
\par \pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 The minimum password len
gth for all new accounts and passwords may be specified in this dialog. The top radio button will allow blank passwords, while the bottom radio button will specify a minimum password length.
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Selecting the C2 button will require a minimum password length of 6 characters, however to support C2 Level Security, this value can be as small as 1.
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16
\par }Changes made in this dialog are made immediately after the OK button has been selected.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_GUEST_ACCOUNT_DIALOG}}{\cs16 }{\cs17\fs18\up6 ${\footnote
\pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Guest Account {\cs16 Dialog}}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K} Guest Account Dialog}}{
\cs16 Guest Account Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\b\i Required for C2 Level Security}
\par \pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Checking the check box, will prevent users from logging on using the Guest account.
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16 Selecting the C2 button will disable the Guest account.
\par
\par }Changes made in this dialog are made immediately after the OK button has been selected.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_DRIVES_AND_PRINTERS_DIALOG}}{\cs16 }{\cs17\fs18\up6 $
{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Drive and Printers Dialog}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K}
Drive and Printers Dialog}}{\cs16 Drives and Printers Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Checking the check box will allow only administrators to assign drive letters and printers.
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Selecting the Secure button will check the check box
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar Changes made in this dialog are made immediately after the OK button has been selected, however they will not take effect until the system is restarted.
\par \pard\plain \s1\li120\sb280\sa120\sl-320\slmult1\widctlpar \b\f9 {\cs16 \page }{\cs17\fs18\up6 #{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 #} IDH_ALLOCATE_REMOVABLE_DRIVES_DIALOG}}{\cs16 }{\cs17\fs18\up6 $
{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 $} Allocate Removable Drives Dialog}}{\cs16 }{\cs17\fs18\up6 K{\footnote \pard\plain \s18\li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs17\fs18\up6 K}
Allocate Removable Drives Dialog}}{\cs16 Allocate Removable Drives Dialog
\par }\pard\plain \s15\li120\sl-240\slmult1\widctlpar \f9\fs20 {\cs16
Checking one or both of the check boxes will prevent access to the specified devices by programs started by another user while a user is logged on by allocating those drives when the user logs on.
\par }\pard\plain \li120\sb80\sl-240\slmult1\widctlpar \f9\fs20 {\cs16 Selecting the Secure button will check both check boxes prohibiting access to both the floppy drives and the CD-ROM Drives by programs run by another user.
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar {\cs16
\par }\pard \li120\sb80\sl-240\slmult1\widctlpar Changes made in this dialog are made immediately after the OK button has been selected, however they will not take effect until the system is restarted.
\par }