Check or Attack Name: systemlog

The Windows NT System Log was found to be accessible. This enables an attacker to read the System Log on a Windows NT computer. This could also indicate that the guest account is enabled, possibly with network access rights.

Remove network access rights for the Guest account.

To remove network access rights, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select User Rights to display the User Rights Policy dialog box.
3. Check administrative rights on the machine, and the state of the network access right for the Guest account.

—AND—

Remove Administrator access for unauthorized user accounts.

To remove Administrator access, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Double-click the Administrators group, or the group you use to assign administrative rights.
3. Remove any unexpected Members. Look for the following:
   • User accounts or groups that do not need administrative rights.
   • User accounts or groups that are disabled or obsolete.
4. The Guest account should not be a member of Administrators unless there is a compelling reason.