diff --git a/doc/README.NTSecurity b/doc/README.NTSecurity
new file mode 100644
index 0000000000..fb779b449a
--- /dev/null
+++ b/doc/README.NTSecurity
@@ -0,0 +1,52 @@
+Issue: 
+======
+ If the LocalSystem user is allowed to install the Firebird Service,
+ it could make the whole system accessible to a malicious attacker.  
+
+Scope:
+======
+ Affects Windows NT platforms.
+
+Document author:
+=================
+ Alex Peshkov (pes@insi.yaroslavl.ru)
+
+Document date:  2003/06/22
+==============
+
+
+ Firebird installation kits for Windows NT systems, i.e. those that
+ support services, currently provide a route into the host system 
+ for any hacker who finds a new security hole in Firebird.  All of 
+ the current kits install the Firebird service to run under the 
+ LocalSystem account. Through Firebird, the attacker can get 
+ LocalSystem access to the system.
+
+The steps to fix things manually are simple:
+
+1)  add the user 'firebird' as a member of the Domain users group,  
+    with default rights
+ 
+2)  grant this user write access to all databases, including 
+    security.fdb (isc4.gdb in pre-1.5 versions), and the 
+    firebird.log file
+
+3)  grant the user 'firebird' rights to "Login as service" 
+
+4)  make the Firebird services (FirebirdServer and FirebirdGuardian,
+    if used, log in with username 'firebird'
+
+Solution:
+=========
+ Alex Peshkov
+
+ People writing installers should note that Firebird's standard routine 
+ to install and manage the Firebird Service on WinNT/2000/XP platforms 
+ (instsvc.exe) was upgraded in version 1.5 by the addition of an
+ optional L[ogin] switch to the {install} command.  It is strongly
+ recommended that you employ this switch in the Windows kits, to make
+ the 'firebird' user, not LocalSystem, the default account under which
+ the Firebird Service logs in.
+
+ For more details, see the document README.instsvc
+ switch to (see instsvc.exe).
diff --git a/doc/README.instsvc b/doc/README.instsvc
new file mode 100644
index 0000000000..269e80a429
--- /dev/null
+++ b/doc/README.instsvc
@@ -0,0 +1,79 @@
+README to instsvc.exe
+----------------------
+Author:   Alex Peshkov (pes@insi.yaroslavl.ru)
+
+Firebird provides a standard routine to manage the Firebird Service
+on WinNT/2000/XP platforms - instsvc.exe.
+
+ NOTE  Most of the instsvc switches are self-explanatory. 
+       The only obscure one - the -z switch - causes 
+       instsvc.exe to print the Firebird software version 
+       as the first line of output.
+
+To install the Firebird service on your box:
+
+instsvc {install Firebird_directory [-auto | -demand] [-superserver | -classic]} 
+  [-g[uardian]] [-l[ogin] username [password]] [-z]
+
+To remove the service:
+
+ instsvc {remove} [-g[uardian]] [-z]
+
+To set the priority of the server process next time it is installed 
+(see also the reimplemented ProcessPriorityLevel parameter in 
+firebird.conf):
+
+ instsvc {configure [-boostpriority | -regularpriority]} [-z]
+
+To start the Firebird service with altered process priority:
+
+ instsvc {start [-boostpriority | -regularpriority] } [-z]
+
+To stop the Firebird service:
+
+ instsvc {stop} [-z]
+
+    To enhance Firebird security, the service management program 
+has been modified to accept a login switch, to optionally 
+pre-empt the LocalSystem user from being, by default, the user 
+under which the Firebird service logs in. 
+
+ NOTE  Regular user login is not compatible with the local access 
+       protocol, which relies on SERVICE_INTERACTIVE_PROCESS mode 
+       ("Allow service to interact with Desktop").  For this reason, 
+       unfortunately, the local access protocol remains a source of 
+       vulnerability.
+
+    If the -[L] switch is not present, instsvc.exe proceeds as 
+before, logging in the service using the LocalSystem profile.
+
+    The switch [-Login username [password]] allows the Firebird 
+service to log in as a real user instead of the LocalSystem user.
+When instsvc.exe detects this switch, it looks for two arguments, 
+username and password.
+  
+    If a username is present, it proceeds to check the next string.
+If the first character is not a '-' (minus sign), it interprets the 
+string as a password.  Thus, the password should not begin with '-'. 
+
+    If the username and password do not resolve to a valid domain 
+user, or one or both are missing, the usual NT built-in checking takes 
+over and any error will be due to a validation failure of the 
+domain\user string that is resolved from the input.
+
+    The user username needs to have privileges to log in as a service, 
+as well as read/write access to all databases and the firebird.log file.
+For security reasons, write access to firebird.conf and Firebird 
+executables should NOT be given.
+ 
+    Use of the -L switch disables the use of local protocol, so the 
+system administrator must choose between increased security and the 
+ability to use the local database access protocol. For production servers 
+that need to run in potentially aggressive environments, the -L switch is 
+strongly recommended.
+
+ NOTE  A reworking of windows local access - a relic of its original 
+       implementation back in Windows 3.11 - is overdue and is scheduled 
+       for a release beyond Firebird 1.5.  Amongst other changes, it 
+       will be made compatible with the -l[ogin] switch in instsvc.exe.
+