The most important thing, as *nabylbt* said is to run the correct service pack. I think it is like 6a or something. Most of the security exposure in NT 4.0 is due to the fact that most people dont apply the service packs in a timely manner.

To harden the box, there are a few easy things you can do to prevent NT 4.0 "paint-by-the-numbers" attacks:

1. Enable the RestrictAnonymous registry key. This will prevent null session users from enumerating your user information.

2. If you dont need to use NetBIOS shares, DONT. You said above that you already took all the shares off. Are you still sharing c$, admin$?

3. Install passfilt to enforce strong password requirements on your box. Download l0phtcrack and run an audit of the users on the machine to ensure they are using strong passwords.

4. Ensure that any additional services you are offering on the machine are updated to the latest patch.

5. Rename the administrator and guest account.

There are whole books written on NT hardening. These are just a few thoughts.

Good luck hardening NT

~Xe