Securing XP windows!

[Guest]

Note: I read this on another website and wanted to share it with all of you.

Author: Jag

------------------------------------------------------------------------------

i read this last night thought it might be useful to the xp users.

-----------------------------------------------------------------------------

Note: These are just notes of the changes i made to win-xp pro using win-xp options after my default install. These changes will not secure your box 100% but they make a good couple of 1st steps. They are in no specific order other than the order that I performed them. I have only spent a couple of hours working on this operating system at the time of this text so please bare with me and understand that there is much more to securing your box than this.

1. NTFS Partition.

2. Disable Error Reporting

3. Disable Automatic Updates (only if your XP copy is pirated)

4. Disable "Recent Documents" Viewed

5. Setup XP Firewall

6. Setup screensaver password

7. Setup BIOS password

8. Account Modifications

-Rename Admin Account

-Disable Guest Account

-Disable Help_Assistant Account

-Disable Support Account

9. Install a virus scanner.

10. Change Login Screen (default shows usernames)

11. Disable Remote Registry

1. -----------------------------------------------------------------------------------------

NTFS Partition (I like being God over system users)

-----------------------------------------------------------------------------------------

Be sure to install XP onto an NTFS partition so that you (the admin) can take advantage

of file permissions. You want this option so that "you" can decide who reads, writes,

executes what files.

If you didnt install XP onto an NTFS partition. Convert It. To convert to NTFS follow

the instructions below.

Open a command prompt and type "convert c: /FT:NTFS /v"

This command will convert your c: partition from FAT to NTFS in verbose mode.

2. -----------------------------------------------------------------------------------------

Disable Error Reporting - we dont want microsoft to know everytime we f^%$ up.

especially if we didnt pay for winxp.

-----------------------------------------------------------------------------------------

control panel >> performance and maintenance >> system >> advanced >> error reporting

(disable all)

right click "my computer" >> manage >> services and applications >> services >> " stop

and disable" Error Reporting.

3. -----------------------------------------------------------------------------------------

Disable automatic updates - to update, they must know what we have. thats a NO NO!

-----------------------------------------------------------------------------------------

NOTE: DO THIS ONLY IF YOUR COPY OF XP IS PIRATED!! I suggest "auto update" if your copy

of XP is legal.

control panel >> performance and maintenance >> system >> automatic updates

(disable updates)

right click "my computer" >> manage >> services and applications >> services >> " stop

and disable" Automatic Updates.

4. -----------------------------------------------------------------------------------------

Quit listing most recent documents opened under the start button - Dont want the

girlfriend or the parents to find that pr0n you being viewing.

-----------------------------------------------------------------------------------------

control panel >> appearance and themes >> task bar and start menu >> start menu >>

customize >> advanced

remove the checkmark next to "List my most recently opened documents".

5. -----------------------------------------------------------------------------------------

Block incoming traffic to your winxp box. - Before this change, i scanned my xp box and

found it to have many ports wide open. After this change, I found nothing and xp logged

the attempts in c:windowspfirewall.log.

-----------------------------------------------------------------------------------------

control panel >> network connections >> right click "local area connection" >> properties

>> advanced >> check the box under "Internet Connection Firewall" then choose "settings".

Services Tab - leave all unchecked unless there is a service you are running that people

must be able to access.

Logging Options - Log everything.

ICMP - I left all these unchecked for the time being. (allowing nothing)

(this does not protect you from "Spy Ware". This only stops traffic from coming into

your win-xp box (not all traffic). It does not stop traffic from going out.) If you

need to stop traffic from going out and need a more secure firewall then download a real

firewall like "zone alarm or black ice".

6. -----------------------------------------------------------------------------------------

Setting a screensaver password incase you leave some of that secret pr0n open when you

walk away.

-----------------------------------------------------------------------------------------

right click on the desktop >> properties >> screen saver >> check the box next to " On

Resume, Password Protect."

If you dont have a password set on your user account, you can do so in control panel >>

user accounts >> change account.

7. -----------------------------------------------------------------------------------------

Setting a BIOS password - We dont want anyone rebooting the computer or trying to sneak

into our pr0n while we are away at school or work.

-----------------------------------------------------------------------------------------

I cant explain to one how this is done due to the differences between all computers and

how the BIOS settings are entered. If you know what Im talking about then do it. If you

dont know what Im talking bout then learn how to do it. A screensaver password is useless

unless you setup a BIOS password.

8. ------------------------------------------------------------------------------------------

Renaming and Disabling Accounts for adminstrator, guest, help_assistant and support.

------------------------------------------------------------------------------------------

Right click my_computer >> manage >> local users and groups

rename administrator account

disable guest account

disable help_assistant account

disable support account

9. -------------------------------------------------------------------------------------------

Install Virus Protection............. (We like our uncorrupted data and trojan free system)

-------------------------------------------------------------------------------------------

Install a virus scanner. Your firewall might protect your system from unwanted hackers but

what about an unwanted virus or trojan?. I recommend installing a virus scanner such as

"Nortons" or "McAfee".

10. -------------------------------------------------------------------------------------------

Change Default Login Screen............ (why do we want to share usernames with anyone?)

-------------------------------------------------------------------------------------------

Xp uses the "welcome screen" by default. This screen has the names of all accounts on the

system so that the user only has to click on their name and type a password. Come on now....

We arent that damn lazy. If we change this screen to the normal login, then prying eyes

will have to know a username and password to get in. Follow the instruction below to change

this.

control panel >> user accounts >> change the way users log on or off

uncheck the box next to "Use Welcome Screen" and choose "apply options".

11. -------------------------------------------------------------------------------------------

Disable Remote Registry..........(why would I need to edit my registry remotely anyway?)

-------------------------------------------------------------------------------------------

right click "my computer" >> manage >> services and applications >> services >> " stop

and disable" Remote Registry.