| |
|
 |
| |
| |
| 
|
Windows XP Security |
| Although
both Professional and Home Edition versions of
Windows XP are miles ahead of Windows 95/98/Me,
only Windows XP Professional can come close to
the venerated Windows NT/2000 security standards.
|
| Where
to Start |
Windows XP Security Checklist
Although Windows XP Professional is built
on the Windows 2000 kernel, there are
significant differences between the operating
systems - especially when it comes to
security. This checklist is partially
based on our popular Windows
2000 security checklist and covers
both Windows XP Professional and XP Home
Edition. When implementing these recommendations,
keep in mind that there is a trade off
between increased security levels and
usability for any Operating System. To
help you decide how much security you
need, we've divided the checklist into
Basic, Intermediate, and Advanced Security
options.
Guide
to Securing Windows XP in Small and
Medium Businesses
With the over-growing threat of malicious
code -- such as worms, virus, and hacker
threats -- it is critical that all customers
take immediate action to help lock-down
their desktop and laptop systems. This
guide explains how to implement the
security measures recommended in the
Windows XP Security Guide in a small
or medium business environment without
an Active Directory deployment. These
recommendations help ensure that your
desktop and laptop systems running Windows
XP Professional SP1 are more secure
from the majority of current security
threats, while ensuring that users can
continue to be efficient and productive
on their computers. In addition
to the advanced step-by-step guidance
in this document, you will also find
information on the top security recommendations
that Microsoft is making to all customers,
from the home to the enterprise. Source:
Microsoft Technet
HOW TO: Use
the Microsoft Personal Security Advisor
Web Site
Microsoft Knowledge Base Article: 314997
- This article describes how to use
the Microsoft Personal Security Advisor
Web site.
Securing Mobile Computers with Windows XP Professional
This article examines specific threats
that can affect mobile computers©also
known as laptop or notebook computers.
It also covers how the security tools
and privacy services included in the
Microsoft Windows XP Professional operating
system provide solutions to combat these
threats. |
Information About
Unlocking a Workstation
Microsoft Knowledge Base Article: 281250 - This
article describes the behaviors to expect when
you attempt to unlock a locked workstation.
Using Software Restriction Policies to Protect Against
Unauthorized Software
Software restriction policies are a new feature
in Microsoft© Windows? XP and Windows Server
2003. This important feature provides administrators
with a policy-driven mechanism for identifying
software programs running on computers in a
domain, and controls the ability of those programs
to execute. Software restriction policies can
improve system integrity and manageability©which
ultimately lowers the cost of owning a computer.
Source: Microsoft.com
Windows XP Baseline Security Checklists
These checklists outline the steps you should
take to reach a baseline of security with Windows
XP Home Edition and Windows XP Professional
computers, either on their own or as part of
a Windows NT or Windows 2000 domain. Source:
Microsoft.com
XP Professional Security Features: An Introduction
This is not intended to be exhaustive dissertation of all
the new features in XP; rather, the purpose
is to highlight some of the new security features
found in the product, and to provide those still
considering an upgrade to XP with some insight
into how doing so can help them administer their
network. Source: SecurityFocus
|
| How to... |
HOW TO: Audit User
Access of Files, Folders, and Printers in Windows
XP
Microsoft Knowledge Base Article: 310399 - As
an administrator of a Windows XP Professional-based
computer, you can configure your computer to audit
user access to files, folders and printers.
This facility is unavailable
on Windows XP Home Edition. HOW TO: Configure
a Preshared Key for Use with Layer 2 Tunneling
Protocol Connections in Windows XP
Microsoft Knowledge Base Article: 281555 - This
article discusses how to configure a preshared
key using the Layer 2 Tunneling Protocol (L2TP).
How to Clear the
Windows Paging File at Shutdown
Microsoft Knowledge Base Article: 314834 - This
article documents the method for clearing the
Windows paging file (Pagefile.sys) during the
shutdown process, so that no unsecured data
is contained in the paging file when the shutdown
process is complete.
How
to: Create and Disable Administrative Shares
on Windows XP
Microsoft Knowledge Base Article:
314984 - This step-by-step article describes
how to create and delete hidden or administrative
shares on Windows XP Professional-based, Windows
2000 Professional-based, and Windows NT 4.0
Workstation-based computers.
HOW TO: Create
and Use a Password Reset Disk for a Computer
in a Domain
Microsoft Knowledge Base Article: 306214 - This
article describes how to create and use a password
reset disk for a computer that is a member of
a domain. You can use a password reset disk
to gain access to your Windows XP Professional-based
computer if you forget your password.
HOW TO: Delegate
Security for a Printer
Microsoft Knowledge Base Article: 282902 - This
article describes how to delegate security for
a printer in Microsoft Windows XP. You are not
able to delegate print operator security using
Directory Services. Printer security is stored
locally on the print server.
HOW TO: Disable the
Local Administrator Account in Windows
Microsoft Knowledge Base Article: 281140 - This
step-by-step article describes how to disable
the local Administrator account. This information
does not apply to the Domain Administrator account
in an Active Directory domain.
How to Quickly Lock
Your Computer and Use Other Windows Logo Shortcut
Keys
Microsoft Knowledge Base Article: 294317 - This
article describes how to quickly lock your computer
as well as the other Windows logo shortcut keys
that you can use.
HOW TO: Quickly Lock
Your Desktop by Clicking a Shortcut on the Taskbar
Microsoft Knowledge Base Article: 313884 - You
can create a shortcut on your taskbar that immediately
locks your computer. When you click this shortcut,
you achieve the same the result as you would
if you were to press CTRL+ALT+DEL, and then
click Enter
How to Set Security
in Windows XP Professional That Is Installed
in a Workgroup
Microsoft Knowledge Base Article: 290403 - This
article describes how to set permissions in
a workgroup after an upgrade from Microsoft
Windows 2000 Professional to Microsoft Windows
XP Professional.
HOW TO: Set WMI Namespace
Security
Microsoft Knowledge Base Article: 295292 - This
article describes how to set namespace security
in Windows Management Instrumentation (WMI).
WMI security is based on namespaces. The schema
is logically partitioned into namespaces for
organizational and security purposes. You should
use the Wmimgmt.msc Microsoft Management Console
(MMC) snap-in to modify the security on WMI
namespaces. In this tool, you can set security
that is based off of the root or select individual
namespaces. You can also use inheritance that
is based on namespace hierarchy |
| Password Management |
| HOW
TO: Create and Use a Password Reset Disk for
a Computer in a Domain in Windows XP
Microsoft Knowledge Base Article: 306214
- This article describes how to create and use
a password reset disk for a computer that is
a member of a domain. You can use a password
reset disk to gain access to your Windows XP
Professional-based computer if you forget your
password
HOW TO: Create and
Use a Password Reset Disk for a Computer That
Is Not a Domain Member in Windows XP
Microsoft Knowledge Base Article: 305478 - This
article describes how to create and use a password
reset disk for a computer that is part of a
workgroup, or that is not connected to a network.
You can use a password reset disk to gain access
to your Microsoft Windows XP-based computer
How to Log On to Windows XP If You Forget Your Password
or Your Password Expires
Microsoft Knowledge Base Article: 318305 - This
article describes how to log on to Windows XP
if you forget your password, or if your password
expires and you cannot create a new one. NOTE:
If you have not created a password reset disk
and you have also forgotten your Administrator
password you cannot log on to your existing
Windows installation for security reasons. This
information applies to starting Windows XP typically,
to Safe mode, and to Recovery Console. In this
case, you must perform a "clean" installation
of Windows XP, re-create all user accounts,
and reinstall all of your programs.
HOW TO: Manage Stored
User Names and Passwords on a Computer That
Is Not in a Domain in Windows XP
Microsoft Knowledge Base Article: 306541 - This
article describes how to manage stored user
names and passwords on a computer that is not
a member of a domain. |
| Personal Firewall |
Description of the Windows XP Internet Connection Firewall
Microsoft Knowledge Base Article: 320855 - This
article describes the Internet Connection Firewall
(ICF) that is included with Windows XP Home Edition
and Windows XP Professional HOW TO: How to Enable
the Internet Connection Firewall Feature in
Windows XP
Microsoft Knowledge Base Article: 283673 - Microsoft
Knowledge Base Article: 283673 - Microsoft Windows
XP provides Internet security in the form of
a firewall, known as the Internet Connection
Firewall (ICF). This feature is designed for
home and small business use and provides protection
for computers directly connected to the internet.
HOW TO: Enable or Disable Internet Connection Firewall
in Windows XP
Microsoft Knowledge Base Article: 283673 - Microsoft
Windows XP provides Internet security in the
form of a firewall, known as the Internet Connection
Firewall (ICF). This feature is designed for
home and small business use and provides protection
for computers directly connected to the Internet.
This feature is available for local area network
(LAN) or dial-up connections. It also prevents
scanning of ports and resources (file and printer
shares) from external sources. This article
discusses how to enable the Internet Connection
Firewall feature to provide Internet security
for your computer. This article also discussed
how to disable the Internet Connection Firewall
feature, which may help in troubleshooting some
applications that do not function as expected
behind a firewall
How
to Manually Open Ports in Internet Connection
Firewall in Windows XP
Microsoft Knowledge Base Article: 308127 - This
article describes how to manually open ports
in Internet Connection Firewall (ICF) in Windows
XP.
The Internet Connection
Firewall Can Prevent Browsing and File Sharing
Microsoft Knowledge Base Article: 298804 - When
you enable the Internet Connection Firewall
(ICF) feature, and then attempt to browse the
Internet by means of My Network Places,
you are unsuccessful. Also, if you use the net
view \\ computername command,
you can receive the following error message:
System error 6118 has occurred. The list of
servers for this workgroup is not currently
available.
Internet Connection Firewall Does Not Filter or Provide
Firewall Services During Startup and Shutdown
Microsoft Knowledge Base Article: 323009 - When
you start or shut down your Windows XP-based
computer, the Internet Connection Firewall (ICF)
does not filter or provide firewall services.
During the startup or shutdown process, users
can connect to your computer or to any program
or service
Internet Connection Firewall Does Not Block Internet
Protocol Version 6 Traffic
With Microsoft Internet Protocol version 6 installed
and Internet Connection Firewall enabled, Internet
Protocol version 4 traffic is filtered by the
firewall but Internet Protocol version 6 traffic
is not blocked
Service Redirection Does Not Apply to Internet Connection
Firewall
Microsoft Knowledge Base Article: 297942 - In
Windows XP, the Internet Connection Firewall
(ICF) and Internet Connection Sharing (ICS)
features share a common interface for configuring
services to which Internet users can gain access.
With ICS, you can map services to hosts on the
internal network, but ICF does not provide this
functionality. ICF uses the service information
to determine which services to allow through
the firewall, but disregards the information
that specifies which host should receive traffic
for the given service. Therefore, if only ICF
is enabled, traffic is allowed for the specified
service to pass through the firewall and make
a connection to the external interface. If the
specified service is not listening on the external
interface of the Windows XP ICF host, the connection
does not work. If you are trying to redirect
a service to an internal host, you must enable
ICS
Windows ICF: Can't Live With it, Can't Live Without it
Windows ICF (Internet Connection Firewall) is
the built-in firewall in Windows XP. For this
article, SecuirtyFocus.com put ICF into the
lab and set their security penetration testers
loose at it to see how good it is. In this article,
they'll will give an overview of ICF, see how
ICF performs under a simulated attack, and discuss
the pros and cons of ICF. Source: SecurityFocus.com |
| Logon and Authentication |
HOW TO: Automatically
Log On a User Account in Windows XP
Microsoft Knowledge Base Article: 282866 - This
article describes how to automatically log on a
user account during the Windows startup process.
(updated 3/28/2002) HOW TO: Enable or
Disable the CTRL+ALT+DELETE Sequence for Logging
On in Windows XP Microsoft Knowledge Base
Article: 308226 - This articles describes how
to enable or disable the CTRL+ALT+DELETE sequence
for logging on in Windows XP.
HOW TO: Change the
Windows Logon Screen Saver
Microsoft Knowledge Base Article: 185348 - This
step-by-step article describes how to change the
default logon screen saver. When you start Windows,
a Begin Logon dialog box is displayed prompting
you to press CTRL+ALT+DEL to log on. By default,
if you do not press a key for 15 minutes, the
Windows logon screen saver (Logon.scr) starts.
HOW TO: Change the
Logon Window and the Shutdown Preferences
Microsoft Knowledge Base Article: 291559 - Setup
configures Windows XP to use the friendly Welcome
logon screen and the shutdown buttons, if your
computer is installed as a home computer (a computer
where a network domain has not been specified).
HOW TO: Configure
Windows XP to Automatically Log On a User Account
Microsoft Knowledge Base Article: 282866 - This
article describes how to automatically log on
a user account during the Windows startup process.
How to Set Logon
User Rights by Using the NTRights Utility
Microsoft Knowledge Base Article: 315276 - This
article describes how to set logon user rights
by using the NTRights utility. The NTRights utility
(Ntrights.exe) is included in the Windows 2000
Resource Kit.
How to Set the NUM
LOCK State at Logon in Windows XP
Microsoft Knowledge Base Article: 314879 - This
article describes how to set the NUM LOCK state
to be on by default
at logon. You can accomplish this by using a script
file that runs either at startup or, in Windows
XP Professional, through a Group Policy
HOW TO: Use the Fast
User Switching Feature
Microsoft Knowledge Base Article: 279765 - In
Microsoft Windows XP, if you enable the Fast User
Switching feature, multiple user accounts can
log on to a computer simultaneously. This article
describes how to enable and use this feature.
With Fast User Switching, users can switch sessions
without closing Windows, programs, and so forth.
For example, User A is logged on and is browsing
the Internet, User B wants to log on to their
user account and check their e-mail account. User
A can leave their programs running while User
B logs on and checks their e-mail account. User
A can then return to their session where their
programs would still be running.
Secondary Logon (Run
As): Starting Programs and Tools in Local Administrative
Context
Microsoft Knowledge Base Article: 225035 - Windows
secondary logon allows administrators to log on
with a non-administrative account and still be
able to perform administrative tasks (without
logging off) by running trusted administrative
programs in administrative contexts.
Administrator Unable
to Unlock a "Locked" Computer
Microsoft Knowledge Base Article: 242917 - After
you restart a computer running Windows and no
one has logged on, you may be unable to log on
to the computer either locally or to the domain.
A User Logon Request
Is Rejected Without Any Messages
Microsoft Knowledge Base Article: 313322 - If
the security log is full and a restricted user
with no password attempts to log on from the Windows
XP Welcome screen, the logon request is rejected
without any error messages.
|
|
|
|
|
|
