Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. These recommendations should be applied only to the Windows XP Professional SP2/SP3 Systems and will not work on Windows 9X/ME, Windows NT, Windows 2000, Windows Server 2003, Windows Vista or Windows Server 2008. The security templates have been tested on WinXP Professional SP2 systems and will not work on Windows 9X/ME, Windows NT, Windows 2000, Windows Server 2003, Windows Vista or Windows Server 2008. The NIST Windows Security Baseline database application has been tested on Windows XP Professional and Vista.

This document is only a guide containing recommended security settings; it is not meant to replace well-structured policy or sound judgment. Furthermore this guide does not address site-specific configuration issues. Care must be taken when implementing this guide to address local operational and policy concerns.

This document was developed at the National Institute of Standards and Technology, which collaborated with OMB, NSA, DISA, USAF, CIS, and Microsoft to produce the Windows XP security templates. Pursuant to title 17 Section 105 of the United States Code this document and template are not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guarantees, expressed or implied, about its quality, reliability, or any other characteristic. We would appreciate acknowledgement if the document and template are used.

• SP 800-68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals. [pdf, ~1.4 MB, 2008-10-10]
  
  
• NIST Windows Security Baseline Database Application v0.2.7 (Beta). [zip, ~22 MB, 2008-07-25]
  
  
• FDCC Download Packages (e.g., documentation, GPOs, SCAP Content, VHDs, etc.).
  
  
• Guide for Securing Microsoft Windows XP Systems for IT Professionals security templates, version R1.2.1. [zip, ~30 KB, 2007-05-08]
  

• NIST Windows Security Baseline Database (Beta)
  • 2008-07-25 - Draft NIST Windows Security Baseline Database (Beta)
    
    
    
• Security Templates (.inf files)
  
  • 2007-05-08 - Release R1.2.1
  • 2005-11-02 - Release R1.2.0
  • 2004-08-24 - Draft Update R1.0.2
    Comments (all templates) - Remove extraneous comments.
    Setting 12.19 (all templates) - Correct typo.
    Setting 12.15 (all templates) - Delete the NoNameReleaseOnDemand registry value.
    Settings 9.1 & 13.1 (High Security) - delete the file permission and auditing from the SystemDrive.
    Setting 8.9 (High Security) - delete the Netlogon service (Not Defined)
    
  • 2004-07-04 - Draft Update R1.0.1
    Setting 5.26 (all templates) - Correct typo in the DOJ message.
    Setting 12.5 (all templates) - Correct typo in the registry value.
  • 2004-06-24 - Draft Release R1.0
    
    

• Guidance for Securing Microsoft Windows XP Systems for IT Professionals document (pdf file)
  • 2008-10-10 - SP 800-68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals
  • 2008-07-25 - Draft SP 800-68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals
  • 2005-11-02 - Final Release
  • 2004-08-24 - Draft Update
    Setting 12.19 (Appendix A) - Correct typo.
    Setting 12.15 (Appendix A) - Strikethrough the NoNameReleaseOnDemand registry value (Not Defined).
    NoNameReleaseOnDemand (Section 6.8.3) - Indicate that the setting is not included in the NIST security templates.
    Settings 9.1 & 13.1 (Appendix A) - Strikethrough the file permission and auditing from the SystemDrive (Not Defined).
    Setting 8.9 (Appendix A) - Change Netlogon service to Not Defined for the High Security template.
    Netlogon (Section 6.5 ) - Remove it from the list of disabled service.
    
  • 2004-07-04 - Draft Update
    Delete a blank page.
    Setting 12.5 (Appendix A) - Correct typo in the registry value.
  • 2004-06-24 - Draft Release