 |
 |
|
| Reset Security on all folders |
| The problem is with using Windows Explorer to
modify security settings globally on a partition, directories, and
files. This is in fact a less than optimum method of applying security
settings. A more appropriate method is to execute the following command
line from the root of the partition: (Note: If you are not at the root of the partition in question you must set your default there: CD /D drive_name: ) Now the command line: CACLS * /e /t /c /g Administrators:F System:F (Note: If you see the message, ''Unable to perform a security operation on an object which has no associated security,'' you are executing this from a FAT partition. You must set the default to an NTFS partition.) This command will edit (/e) the ACLs, rather than replace them, and recursively apply them (/t) to subdirectories. CACLS will continue (/c) even when it hits an open file. Any number of ACCOUNT:PERM parameters may follow the grant (/g) switch. There is additional flexibility built into the CACLS command-its only limitation is the dearth of selections for PERM (permission levels) values. |
| Passwording Guest Account |
| After reading Joseph Doyle's submission regarding
this I would like to point out that you can set a Guest account password
by simply doing this. This method is somewhat simpler in that you do not
have to mess around with CMD.exe. 1. Make sure you are logged on as an Administrator. 2. Go to Start > Control Panel > Administrative Tools > Computer Management. 3. Select the "Users" folder under "Local Users and Groups". 4. Right click on the "Guest" account and click "Set Password". When a dialog comes up warning you of the possible consequences click "Proceed". You will then be given a dialog that lets you set a new password. I have always considered security a top priority and considering the ease of doing this I would highly recommend that everyone sets a Guest account password. Even though the Guest account is disabled by default, why not do this just for the extra bit of security? |
| Applying A Password to the Guest account |
| The default for the guest password in XP Home and
Pro is BLANK...there is no password. Listed below is the how to
info. To apply a Password to the guest account: Please log on to this computer with an Administrator account and turn on the guest account. Click Start->Run->Type cmd and click OK. Input the following command and press Enter. Net user guest password Go to Control Panel->User Accounts. Click the Guest account and now you can change the password. |
| The wonders of Syskey |
| This is an interesting way to increase the
security of your machine further. With the help of this tip, you will
need to insert a special floppy disk that you make in order to log on.
If you loose the disk, you are locked out. Click on start run and then type in SYSKEY, hit return On the first window that opens you shall need to click on UPDATE. On the next window ensure the System generated password is selected. (this is what I reccomend) Also ensure the Store startup Key on a floppy drive is selected click on OKAY (Yes, make sure there is a blank disk in the floppy drive.) follow the prompts closing out of the windows and restart. Remove the disk and restart. What does this do? An xtra layer of security. When you reboot your XP system, you will be asked for this diskette prior to accessing you login screen. If you do not have the Disk to bad for you and the flamers that are may be trying to hack your system. |
| Remote registry editing |
| Windows XP lets remote registry editing by
running a service for it. Below are the step-by-step instructions to
disable this security hole: 1. Goto your control panel (you can do this by clicking on your start menu) 2. Select administrative tools 3. On the right panel, find the service called "remote registry" 4. Right click on it and select properties 5. In the startup type option box, select disable 6. Reboot you computer and repeat steps 1-4. You should see it won't be running anymore. |
| Security Settings Windows 2000 Style |
| Miss the old Windows 2000 style of setting
security permissions? Do this and you will get them all back. Fire up Windows Explorer. Go to Tools>Folder Options. Hit the View tab. Scroll to the bottom. un check 'Use Simple File Sharing (Reccomended) and voila! This should work in Home version as well |
| Administrator Account Password in XP Home |
| In XP Home Edition the admin account is only
accessible from SafeMode. This accounts password is by default
BLANK....yeah that's correct there is no password. To ensure a more secure system. 1. Turn off your computer. 2.Power on and hit F8 just after the BIOS check is complete. Select Safe Mode from the List. Its around the top of the list. 3.On the next page press ENTER. 4.Work you way to the Desktop. Goto Control panel...by clicking on Start\settings\ControlPanel 5.Double Click on Users Accounts 6.Select the Administrators Account from the list. 7.Apply a password. Then restart the system. |
| Disable NETBIOS |
| In Windows XP, NetBIOS is not necessary for
networking unless you have NT 4.0 WS, Windows 2000 Pro or Windows 98
computers on your network. Thus, in order to close security holes, you
should disable NetBIOS. In order to disable NetBIOS, you must have
TCP/IP configured to use WINS. On the Windows task bar, click Start => Control Panel => Network and Internet Connections => Network Connections or with "Classic View" engaged click Start => Control Panel => Network Connections Right-click on Local Area Connection and select Properties from the menu Click on the General tab Select Internet Protocol (TCP/IP) from the Components list Click Properties Click Advanced in the Internet Protocols (TCP/IP) Properties window Click on the WINS tab Click Add Type the IP Address of the WINS Server Click Add Click OK to close the Advanced TCP/IP Settings window Click OK to close the Internet Protocol (TCP/IP)) Properties window Click OK to close the Local Area Connection Properties window |
| Clear temp files on IEclose |
| Launch Internet Explorer. Select the Tools from the menu bar. Then select Internet Options... from the drop down menu. Once the internet options has loaded click on the advanced tab. Under security find where it says Empty Temporary internet files folder when browser is closed and check it. Click OK |
| Do not save encrypted data to disk in IE |
| Launch Internet Explorer. Select the Tools from the menu bar. Then select Internet Options... from the drop down menu. Once the internet options has loaded click on the advanced tab. Under security find where it says Do not save encrypted pages to disk and check it. Click OK |
| IIS 5.0 Security Hole in Win XP Pro/2000 |
| The File Transfer Protocol (FTP) is used for
copying files to and from a remote computer system on a network using
TCP/IP. Be aware that FTP passwords are passed in clear text if you
utilize userids other than anonymous. It is strongly recommended that
you disable the FTP service unless absolutely necessary. If FTP service
is a business requirement, place the FTP Service and files that are to
be transmitted on a stand-alone member server. Thereby, limiting access
to other services and data on your network. Follow the steps below
(depending on your OS) to disable the FTP service or improve the
security of your installation. Windows XP Professional and Windows 2000 come with Internet Information Server 5.0 (IIS 5.0) as an optional component in the 'Add/Remove Windows Components' located in the 'Add or Remove Programs' in the Control Panel. Unfortunately if you install IIS 5.0 it automatically starts a service to allow anonymous FTP access which could be a serious security threat to your computer. To disable this service follow these steps: 1. Start Control Panel => Administrative Tools => Services. 2. Locate the FTP publishing Service. 3. Right Click and select Properties. 4. Click Stop. 5. Select Disable from the Start-up type drop down box. 6. Click Apply. 7. Click OK. |
| Access Stored User Names and Passwords with rundll32.exe |
| The Stored User Names and Passwords applet lets
you assign user names and passwords to use when needing to authenticate
yourself to services in domains other than the one you are currently
logged into. The normal way of running this applet can be difficult to
find quickly, so here is a way to launch it using a desktop shortcut
using the rundll32.exe program: rundll32.exe keymgr.dll,KRShowKeyMgr |
| DHCP Fix |
| According to AnalogX, a security hole in windows allows other people
to monitor your pc. They made a fix, which can be downloaded freely from
their site http://www.analogx.com/contents/download/system/dhcpfix.htm or go to http://www.analogx.com |
| Security Test for XP |
| Heres a great way to test your securty,works with windows NT, 2000 and XP. It has a wealth of infomation like open shares, services, etc. It is a great tool: http://www.microsoft.com/technet/mpsa/start.asp |
| Testing Your System's Security |
| This is not really a tweak, but simply a list of websites, which
offer online system security testing. If you have a firewall, you can
see now if it's secure enough. Remember, hackers always find a way into your system if they want! http://grc.com/ http://hackerwhacker.com/ http://scan.sygatetech.com/ http://www.testmyfirewall.com/ http://www.auditmypc.com/ http://www.iggyz.com/Test.html http://online.securityfocus.com/cgi-bin/sfonline/links.pl?cat=43&offset=60 |
|
|
|
|
