Thread: Securing Windows XP/2000

Securing Windows XP & 2000
-------------------------Changing the Administrator Password-------------------------
To change the Administrator password on your local computer perform the following
steps.
1. Right click on My Computer and go to Manage
2. Left click on the “+” for Users and Groups
3. Left click on the Users Folder
4. In the Right panel of the screen you should see an account called Administrator
5. Right click on the Administrator account and select Set Password
6. You will be given a Warning Click Proceed
7. You will be given two boxes to type the new password and then retype it for
spelling verification.
8. Then click OK and your Administrator password has been changed to something
you and you alone knows.
-------------------------Turning off Simple File Sharing-------------------------
To turn off simple file sharing on your local computer perform the following steps.
1. Double click My Computer
2. Left click on Tools menu
3. Select Folder Options
4. Select the View tab and scroll down to the bottom of the list until you see Use
Simple File Sharing
5. Remove the check mark out of the box
6. Left click on Apply and OK
This will turn of the broadcast of your simple file shares such as: My Music, My
Pictures, etc….
-------------------------Changing Group Policy To Restrict Access To Your Computer-----------------
The following procedures will enable you to tighten down the security on your local
computer so your files will be safer beyond changing the Administrator password. You
should only do this if you have sensitive data on your computer that you do not want
anyone else to have access to.

BE VERY CAREFUL TO FOLLOW THESE INSTRUCTIONS AS THEY ARE WRITTEN!

The operating system by default allows anyone to access the system across the network
provided they have sufficient privileges and access. A person is given privileges by
being assigned to a group such as: (Administrators, Power Users, and Users,
Everyone….). A person is give access by either the computer operator or by hacking into
the system security. To stop this action you can do all or just portions of the following
instructions. The first one is the easiest to restrict and probably the most vulnerable.

To change the Local Group Policy do the following:

1. Click on the Start button and select Run from the Start Menu.
2. In the Run dialogue box type MMC and hit OK
3. You will get a blank screen called Console1
4. Maximize both screens by clicking on the open squares in the top right corner of
each.
5. Click on the File menu and select Add/Remove Snap In
6. Click the Add button
7. Select Group Policy
8. Click the Add button
9. When asked make sure Group Policy Object says “LOCAL COMPUTER”
10. Then select Finish
11. Click Close and then OK

Now that you have the group policy window open we will begin to edit certain
features of the group policy for the local computer that will enhance the security of
the machine. Just like working with the registry you will have to drill down through
some folders to get to the policy you want to lock down. Anytime there is annotation
such as this (Local Computer Policy/Computer Configurations/Windows
Settings/Security Settings/Local Policy) you will be required to click on the “+”
symbol next to the folder to get to the lower level. Once you get to the lowest level
you will then look in the right panel to find the policy that needs changed. Double
click on the policy and you will be given an edit screen to make your changes.
Making Changes

1. Go to the following key /Local Computer Policy/Computer
Configurations/Windows Settings/Security Settings/Local Policies and click
on the folder called User Rights Assignments
2. In the right panel find and double click on (Access this computer from the
network)
3. You will need to remove the following groups: Backup Operators, Everyone,
Power Users, & Users) then click OK
4. Next find and double click on (Allow logon through Terminal Services)
5. Remove the group: (Remote Desktop Users)
6. Next find and double click on (Log on locally)
7. Remove the following groups: (Guest, Backup Operators, & Users)
8. Go to the following key /Local Computer Policy/Computer
Configurations/Windows Settings/Security Settings/Local Policies and click
on the folder called Security Options
9. In the right panel find and double click on (Interactive Login: Do not display last
user name)
10. Click on the Enable button and click OK
11. Next find and double click (Interactive Login: # of previous logons to cache
incases of domain failure)
12. Change this number from 10 to 3 and click OK
13. Next find and double click (Interactive Login: Require domain controller
authentication to unlock workstation)
14. Click on the Enable button and click OK
15. Go to the following key /Local Computer Policy/Computer
Configurations/Administrative Templates/System and click on the folder
called Scripts
16. Find and double click (Run startup scripts visible)
17. Click on the Enable button and click OK
18. Find and double click (Run shutdown scripts visible)
19. Click on the Enable button and click OK
20. Go to the following key /Local Computer Policy/User
Configurations/Administrative Templates/Windows Components and click on
the folder called Internet Explorer
21. Find and double click (Disable external branding of Internet Explorer
22. Click on the Enable button and click OK
23. Find and double click on (Do not allow auto complete to save passwords)
24. Click on the Enable button and click OK
All of the above changes should greatly enhance the security of the operating system
from outside sources.


PDF + Pictures (http://helpdesk.bradley.edu/docs/SecureXP2k.pdf)

thanks for the post spools. I am hoping retard button will be baned before he/she manages to kill yet another good posting.

hes ****ing picking like every post that i've posted. that ****ing bitch.

excuse my language