A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire.

A Windows NT log file has an inappropriate maximum size or retention period.

A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.

A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive.

The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.

The Logon box of a Windows NT system displays the name of the last user who logged in.

An event log in Windows NT has inappropriate access permissions.

A system does not present an appropriate legal message or warning to a user who is accessing it.

A system-critical Windows NT registry key has inappropriate permissions.

A filter in a router or firewall allows unusual fragmented packets.

A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data.

A network service is running on a nonstandard port.

A Windows NT administrator account has the default name of Administrator.

A Windows NT file system is not NTFS.

There is a one-way or two-way trust relationship between Windows NT domains.

A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.

The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.

The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.

A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.

A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.