Securing WindowsXP
Results 1 to 4 of 4

Thread: Securing WindowsXP

  1. #1
    Junior Member
    Join Date
    Jun 2002
    Posts
    24

    Securing WindowsXP

    This is my first tutorial so I'm pretty excited. I figured it's time I put a little back into the community. I've done a lot of configuration with XP(pro) and I think I have a few tips I could give when trying to secure a windows XP box.

    ** You must be the Admin. Also get a good FIREWALL or two. I'm not going to reccomend any, because that could lead to an entirely different discussion.

    The setup I'm about to show you works well for me. The first step would be to create a system restore point so you can roll-back if you don't like the desired effects.
    Start->Programs->Accessories->SystemTools->SystemRestore and create a restore point

    Next disable the M$ "firewall". Go into the control panel and double click network connections then right click on local area connection and select properties. The click on the advanced tab and remove the check mark in the box. We do this because we can't disable the right services if this is enabled.

    Now we'll check the security settings. In the control panel double click on Admin Tools, then select local security policy. Expand account policies and select password policy. Make sure that enforce password history is set to remember 0 passwords. Now enable store password using reverse encryption is enabled. This will allow for multi-user security. At the bottom in the left frame select IP security policies. This is where your security settings are stored for IE. Make sure they are set to at least request security. Under local policies there are MANY different settings that you can use to personalize your system. This is an extremely powerful tool as you can set user rights and security settings for the OS. Go through each key and define what you would like(too many settings to list here). If you hadn't guessed, it's pretty much a registry editor.

    In the admin tools double click on component services. This is where all the settings for your network connections are defined. Click on the standard tab at the bottom. In the list make sure that the following services are disabled (you can change the status by double clicking on the service):
    automatic updates
    netmeeting remote desktop sharing
    remote access auto connection
    remote access connection manager
    remote desktop help session manager
    remote registry
    routing and remote access
    TCP/IP Netbios helper
    Universal plug and play device host
    There are many other things that you could configure here. Changing more of these may cause problems when trying to use internet based applications.

    That covers the best ways to secure XP. There are other things you can do as well such as WINDOWS UPDATES REGULARILY, virus scanner updates, firewall updates and changing password. I hope everyone enjoys this post; I'm open to criticism.
    ----------------------------------------------------------------
    \"First you get the sugar, then you get the power, then you get the women\"
    ----------------------------------------------------------------

  2. #2
    Member
    Join Date
    Aug 2001
    Posts
    66
    That is a nice Tips collection. Although I doubt that any System Admin would want to follow them blindly, but that is a good article to start with.

    Keep it up.

    PS: The MS FireWall is not *that* bad. If the advanced settings are tweaked properly, then you may not even require to install any 3rd party firewall. Its just a matter of knowing what the MS firewall is capable of.
    Ah well...I\'m back on AntiOnline!

  3. #3
    Senior Member
    Join Date
    Mar 2002
    Posts
    425
    One major question I would ask before trusting the Microsoft supplied firewall is whether it allows you to block all of Microsoft's phone home features.

  4. #4
    Junior Member
    Join Date
    Jun 2002
    Posts
    24
    I wasn't suggesting that anyone should trust the xp firewall; it isn't even engaged on my system at all. If you do choose to make use of the firewall I'd definitely have something else, zone alarm in the very least.

    personally i don't choose to use the M$ firewall at all.....
    ----------------------------------------------------------------
    \"First you get the sugar, then you get the power, then you get the women\"
    ----------------------------------------------------------------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •