Microsoft released a new guide that might help you tighten the security of Windows NT and Windows 98 for use in an Active Directory environment. The guide, "Microsoft Windows NT® 4.0 and Windows® 98 Threat Mitigation," consists of several registry modification files and a document that describes the steps you should consider taking.
For example, you might consider adjusting various TCP parameters that affect behavior such as ICMP redirects and source routing. You might also want to adjust parameters that affect NTLM authentication levels and SMB signing, and more.
You can download a copy of the guide at Microsoft's download center.