- Joined
- Jan 8, 2005
- Messages
- 6,188
- Reaction score
- 254
- Points
- 83
- Location
- New Jersey
- Your Mac's Specs
- Mac Pro 8x3.0ghz 12gb ram 8800GT , MBP 2.16 2GB Ram 17 inch.
Since the arival of bootcamp on the mac scene allows users to insall and use windows on the mac, I have decided that these forums needed a thread where people can look up windows tweaks and ways to beef up security on their new windows partitions. I have compiled tweaks from all over the internet and I also made some of my own tweaks that I feel are important to share with you. Besides the tweaks at the end of this thread I have provided a series of links to downloads and other informative sites that I believe all windows users should know about if not use.
Before I begin how ever I would like to extend a warning to all of those who are reading this thread. These tweaks have all been tested by me, and do work, but results vary on different computers with different users. So before you start any tweaks if you are not 100% confortable, I highly recomend you back up, esspecially your registry.
Enjoy Reading the thread and happy tweaking.
I will start off the tweaking with a simple registry edit. This will force anybody who is logging into your computer to press ctrl+alt+del before they can log in. Not entirely important, but this provides a little extra security.
The next tweak is a little more involved, It will block ports on your system, which I recomend using with a firewall, although this can take the place of a firewall, or a firewall can tak the place of this. I will repeat that I recomend using this in conjunction with a firewall, not allowing a firewall to replace this tweak or using this tweak to replace the existance of a firewall. Later in this thread I will recomend a firewall which I use and will provide a link to a page where it can be downloaded.
The next tweak is a way to protect the computer from intruders by disabling a number of services that are not needed that can cause sercurity threats. If you need the service that this tweaks is diabling just do not follow that particular set of instructions and follow on to the next step.
The last security tweak is a DHCP fix, it patches a security hole that is located in the windows os.
Look at the next post for usability tweaks:
Before I begin how ever I would like to extend a warning to all of those who are reading this thread. These tweaks have all been tested by me, and do work, but results vary on different computers with different users. So before you start any tweaks if you are not 100% confortable, I highly recomend you back up, esspecially your registry.
Enjoy Reading the thread and happy tweaking.
I will start off the tweaking with a simple registry edit. This will force anybody who is logging into your computer to press ctrl+alt+del before they can log in. Not entirely important, but this provides a little extra security.
I have not tested this with any version of Windows XP besides XP Pro. It might work in Home Edition or other versions.
If you do this, then you will get the "Press Ctrl-Alt-Delete to begin" box when you turn on your computer, before it asks for your username and password. It also asks for you to press Ctrl-Alt-Del before you can unlock your computer if you lock it. This is done by default in Windows 2000 Server or Windows Server 2003.
To enable the Ctrl-Alt-Delete boxes, open Regedit and go to
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Create a new DWORD value and name it "DisableCAD"
The value should be set to "0"
That's it! Now you can log off to see the change.
(You need to disable the Welcome screen to get this)
The next tweak is a little more involved, It will block ports on your system, which I recomend using with a firewall, although this can take the place of a firewall, or a firewall can tak the place of this. I will repeat that I recomend using this in conjunction with a firewall, not allowing a firewall to replace this tweak or using this tweak to replace the existance of a firewall. Later in this thread I will recomend a firewall which I use and will provide a link to a page where it can be downloaded.
Limit your exposure to the outside world by blocking incomming connections.
Start > Settings > Control Panel > Network Connections
Right click on "Local Area Network" And go to "Properties", In the scroll box, Click on "Internet Protocol (IP/TCP)" and then click on the "Properties" button, In the new window, Click on the "Advanced.." button, Then in the other new window go to the "Options" tab, Click on "TCP/IP Filtering" and hit "Properties", Check off "Enable TCP/IP filtering (All adapters)" next In the Above "TCP Ports" Click on the Radio button "Permit Only" and then add in the ports that you want people to be able to access... If you're running a web server add in 80, If you're running an FTP server add in 21... And so on... Then hit "OK" And close all the other windows, And reboot when it asks you too.
This way you can close the ports that you do not need to be open to the outside world. An alternative to this tweak could be running a firewall or enabling windows built in firewall. Please note that in order for other computers to connect to you, for example sending a file over AOL Instant Messenger or using Windows Messenger to send a file, make sure that the required port is not blocked on your system. Otherwise, nothing will go through.
The next tweak is a way to protect the computer from intruders by disabling a number of services that are not needed that can cause sercurity threats. If you need the service that this tweaks is diabling just do not follow that particular set of instructions and follow on to the next step.
There are several things one can do to protect against intruders. Of course the old adage applies here as well, 'locks keep honest people out'; in other words, if they want in, they will keep trying and eventually will be able to get in through some kind of exploit. The following are some tips that can greatly slow them down and make it nearly impossible for them to get in. If you use file sharing or remote connections, don't make the local policy changes.
1. As it was mentioned before, set the Guest and Administrator account passwords. By default, the Guest account password is blank. Make it something difficult, such as a combination of letters and numbers, preferably not based on dictionary words. Control Panel\Administrative Tools\Computer Management\Local Users and Groups\ Highlight User Account, right-click, 'set password'.
2. Remove/Delete any unused accounts, especially any 'remote assistance' accounts.
3. Disable the Guest account since you can't delete it.
4. Rename the Guest and Administrator accounts to unique names. Remove the description of these accounts (in local users and groups). Control Panel\Administrative Tools\Local Security Policy\Local Policies\Security Options Account: Rename Guest Account - Double click and rename the account Account: Rename Administrator Account
5. If you do not need to connect to your computer from a remote machine, be sure to turn off this functionality. Control Panel\Administrative Tools\Local Security Policy\Local Policies\User rights Assessment\ "Access this computer from the network" - remove all users and groups. This should be blank "Deny access to this computer from the network" - this should include all users and groups. Double click on the policy, click Add User or group, click Advanced, click Find Now, highlight all the accounts and click OK.
6. Turn off the Microsoft File sharing iMac-Forums.com - Post New Threadn Network Neighborhood if it is not going to be used.
7. Under System Properties\Remote, Turn off Remote Desktop and Remote invitations.
8. Run a software firewall program.
9. Be sure to visit WindowsUpdate to get the latest hotfixes and security patches. There are a lot of them.
The last security tweak is a DHCP fix, it patches a security hole that is located in the windows os.
According to AnalogX, a security hole in windows allows other people to monitor your pc. They made a fix, which can be downloaded freely from their site
http://www.analogx.com/contents/download/system/dhcpfix.htm
or go to http://www.analogx.com
Look at the next post for usability tweaks: