Windows XP/Practical Steps

< Windows XP


Provide Physical Security for the machineEdit

This is self-evident. To prevent people from using your computer(s), deny them physical access. If you want to limit or monitor computer usage, physically monitor what they are doing with your computer! These simple steps alone can reduce a large number of potential threats.

Disable or Delete Unnecessary UsersEdit

Disable any accounts that are not used. For example always disable the Guest account (disabled by default on brand new computers or a "fresh" Windows XP install).

There are two ways to disable a user in Windows XP.

(a) Start >> Settings >> Control Panel [the control panel window should appear] >> User Accounts [the User Accounts window should appear] in the User accounts window there are two headings: "Pick a Task..." and "or pick an account to change". If you select the user you want to disable under "pick an account to change" new links will appear. Choose "Turn off the [username] account".

(b) Start >> Run... >> Enter "lusrmgr.msc" >> Click "Users" >> Double-click the user you want to disable, check the "Account is Disabled" box and click "Ok".

Additionally it may well be worth renaming the "Administrator" account as this may be targeted in any attempt to breach security or run/install programs. There are two methods.

XP Home Edition XP Professional Edition

At a command prompt type control userpasswords2. Select Administrator and click on Properties. Change the user name, NOT the full name.

  1. Type secpol.msc at a command prompt
  2. Open Local Policies/Security Options
  3. In the details pane, double click Accounts: Rename Administrator Account
  4. Type the new name for the account

Remove Unnecessary Windows ServicesEdit

A service is a privileged program that is loaded on startup and provides some low-level functionality in the background. It can be started and stopped on request (via the Control Panel >> Administrative tools >> Services window).

Unneeded Windows services use up a (small) amount of resources, but may also cause problems. For example, if you do not use TELNET you can disable the service so as to deny other people an opportunity to remotely log on your computer and send commands to it to see what happens.

The Windows Messenger service (nothing to do with the popular chat program) is a typical nuisance. It allows you to send/receive messages over a network (using the net send command). The text appears in a dialog box on the target computers' screens. People can thus spam the Internet with annoying messages.

Deactivating unneeded Windows services requires some caution, since stopping the wrong services may render your computer unusable. Be sure of what you're doing. A useful tool in this respect is Starter by Codestuff. This is free and allows you to deal with both Startup items and Services (and links to internet searches for items). While care is needed security can be improved as well as start up time.

To modify services select Start >> Run... >> type "services.msc" and click Run (this is a shortcut). Right click the service you wish to modify in the list to access options such as Disable.

Keep Your OS UpdatedEdit

Security vulnerabilities are continuously discovered and exploited by virus writers and crackers. Microsoft's policy is to regularly release cumulative patches, available on the Windows Update site. Since SP2 Windows also has an Automatic updates feature (to find it right click on My Computer, choose Properties, select the Automatic updates tab).