The weakest link in any security plan is people. There are many good mechanisms for protecting computers that are not used, simply because of a lack of policy, process, and procedure. ACLs in NTFS are an excellent example. All users on the system have the ability to protect their files using ACLs, but in most environments the vast majority aren't even aware of their existence, or if they are aware, they may not know how to use ACLs properly. A good training and security-awareness program is crucial to good security. The following procedures will harden your users, which will ultimately harden your NT systems against all forms of attack: Limit the use of internal modems and absolutely confirm that they are not set to auto-answer. Require people to enable a locking screen saver to prevent security breach incidents when they leave their desks for extended periods while still logged in. Create two accounts for administrators, so that they have one account without privileges for reading their mail and doing everyday work and another with privileges for handling NT administrative tasks. Restrict execution of programs downloaded from the Internet to keep viruses from infecting your system. Institute a backup procedure in which your organization does a full backup at least once a week.