Category: Windows NT4 / WinNT4 » User Security »

Disable the MSDOS and Win16 subsystem

For security measures then one should consider disabling the ability to launch the 16 bit subsystem.

Restrict access to the registry over the network

Manage what accounts that have remote access to the registry.

Restrict users from replacing a system DLL

Protect against DLL injections to avoid performing malicous code.

Restrict access to the files stored on NTFS partitions

Using access control lists to improve the security for NTFS partitions.

Restrict access to the OS/2 and POSIX subsystem

Disable legacy subsystems to prevent attackers from using these subsystems as base of attack.