I'm working through Stefan Norberg's "Securing Windows NT/2000 Servers for the Internet", trying to create a 'hardened' bastion server. A lot of the recommendations involve using the DACL to restrict any program and key file access to ONLY administrators. This is probably a howler newbie question, but I can't find the answer anywhere. The Security settings tab in the properties boxes allows denying all access to "System" (the local system). My gut tells me that will kill the system, but a literal reading of the book says to nuke all access besides adminstrators.
Any guidance much appreciated.
TIA, Mark