In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc.

A network intrusion detection system (IDS) does not properly reassemble fragmented packets.

A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets.

A network intrusion detection system (IDS) does not verify the checksum on a packet.

A network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers.

A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection.

A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire.

A Windows NT log file has an inappropriate maximum size or retention period.

A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.

A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive.

The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.

The Logon box of a Windows NT system displays the name of the last user who logged in.

An event log in Windows NT has inappropriate access permissions.

A system does not present an appropriate legal message or warning to a user who is accessing it.

A system-critical Windows NT registry key has inappropriate permissions.

A filter in a router or firewall allows unusual fragmented packets.

A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data.

A network service is running on a nonstandard port.

A Windows NT administrator account has the default name of Administrator.

A Windows NT file system is not NTFS.