Windows NT does not arrive completely secure when it is installed out of the box. It takes effort to configure it and use it securely. The information I have provided in this article is far from complete, and I strongly recommend that you follow up with other sources. The best advice I can give you is to determine what level of hardening is required for your organization and write it down. Then put the title "Security Policy" on the document, and your organization will already be light-years ahead of most other organizations. Security policy will be the subject of my next column.