Securing Windows NT/2000 Servers for the Internet by Stefan Norberg This errata page lists errors outstanding in the most recent printing. If you have any error reports or technical questions, you can send them to booktech@oreilly.com. (Please specify the printing date of your copy.) This page was last updated on December 7, 2001. Here's a key to the markup: [page-number]: serious technical mistake {page-number}: minor technical mistake : important language/formatting problem (page-number): language change or minor formatting problem ?page-number?: reader question or request for clarification CONFIRMED errors: ***NOTE: The following corrections cannot be made in a reprint due to space constraints.*** {85} The following text should be inserted after the "Configuring Complex Passwords" section: Setting Winlogon Options The registry path for the DontDisplayLastUserName setting has changed in Windows 2000. I recommend changing the following registry value: Value Name | Type | Recommended | | Value --------------------------------------------------------------------- HKLM\Software\Microsoft\Windows\ | REG_DWORD | 1 CurrentVersion\Policies\System\ | | DontDisplayLastUserName | | --------------------------------------------------------------------- [151] The following entry should be added to Table 6-1: Audit Setting Success Failure Recommended Setting -------------------------------------------------------------------------- Audit directory Active Directory Active Directory None on a bastion service access objects with objects with host. This new (Windows 2000 matching SACLs matching SACLs Windows 2000 audit only) will be audited will be audited setting is applicable on success (per- on failure (per- only to domain mission granted). mission denied). controllers. When enabled, it audits authentication requests it receives over the network. (157) Example 6-1: The example name should end with ntp.conf (and not ntpd.conf). {160} The web site sabernet.net does not exist anymore. The sentence beginning with "Mr Rhoads..." Should now read: "The NTsyslog can be downloaded from SourceForge http://ntsyslog.sourceforge.net/"