Windows Security Enhancements
Windows is being attacked for its insecurity everwhere. OK, so being the most popular platform on the planet does open itself up to some insecurity Microsoft can't help. But this page will show you how to extend on the default Windows Security.
Is anything missing? Do you have any information to share? What do you think about this section? Please contact Guru Guy and let him know!
Note: When these sections instruct you to "run", "type" or execute command lines, they mean typing the commands/instruction into Start->Run. Any reference to HKLM (HKey Local Machine) is a location within the Windows Registry (Start->Regedit). These tips & tricks assume you have sufficient knowledge to carry out the instructions and Guru Guy is not responsible for any consequences of implementing them.
Windows Security
- Change the way Windows XP and 2000 login (or enable auto-logon) by running:
control userpasswords2
In Windows Vista, use the new command:
netplwiz- Remove the requirement for a Login Password (Not secure mind-you!)
Control Panel/Administrative Tools/Local Security Settings/Minimum Password Length/ Reduce it to 0 (No password required).- Convert your FAT32 Hard disk to NTFS since NTFS offers better file-safeguards with its journaling file system and better security which can be applied on a file-by-file basis:
convert x: /fs:ntfs
where x: is your drive to convert.- Load Windows Security Centre (direct to Firewall configuration also) by typing:
Start->Run-> wscui.cpl- Change User Password at Command Prompt
net user <user_name> <new_password>- For the net use command used in Batch files/CMD files/Login Scripts, to save the credentials in the Credential Manager, use the /savecred switch.
When you type: net use * \\ computer_name \ share_name /savecred command, the user is prompted for a user name and password.
When you type: net use * \\ computer_name \ share_name /u: domain_name\user_name /savecred command, the user is only prompted for a password.- Delete Windows XP Admin Password (on a FAT32 filesystem only):
Boot up with DOS and delete the sam.exe and sam.log files from Winnt\system32\config in your hard drive.
Now when you boot up in NT the password on your built-in administrator account will be blank (No password).- Change the "Registered Owner" that appears in the System properties via the registry:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion
RegisteredOwner and RegisteredOrganization- Disable ALL drives from Autoplay if required:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
DWORD Value "NoDriveTypeAutoRun" HEX value:
0x1 Disables Autoplay on drives of unknown type.
0x4 Disables Autoplay on removable drives.
0x8 Disables Autoplay on fixed drives.
0x10 Disables Autoplay on network drives.
0x20 Disables Autoplay on CD-ROM drives.
0x40 Disables Autoplay on RAM drives.
0x80 Disables Autoplay on drives of unknown type.
0xFF Disables Autoplay on all types of drives.- Restrict USB Memory Stick Access - Read-only data, not to Write!
a. HKLM\System\CurrentControlSet\Control\Storage\StorageDevicePolicies
b. DWORD Value "WriteProtect" must be set to 1 to enable READ-ONLY access.- Deactivate password storage in IE. (Passwords are useless if they are stored after all!)
a. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
b. New DWORD value "DisablePasswordCaching"
c. Set value to 1 to disable password storage.- Turn off Admin Shares in Windows XP Pro
a. HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters
b. Add DWORD "AutoShareWks" -> Set value to 0 to turn off.- Another way to modify the security of your PC:
Start->Run type: "secpol.msc /s"
Related Articles
Like what you've read? Was this of help? Contact Guru Guy to let him have your feedback!
Now why not visit Guru Guy's Vintage Computer Webshop to grab classic Vintage Computer Server Software!
