WinXP security policies

Discussion in 'other security issues & news' started by FluxGFX, Dec 19, 2003.

Thread Status:
Not open for further replies.
  1. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Now I was playing in the Administrative tools....

    now looking here security policies...
    Does anyone have any information on to what I could tweak to make my system a forthnox look?

    -
    Been fallowing NSA WinXP Security Guide wich is quite a bible they got there.
     
    FluxGFX, Dec 19, 2003
    #1
  2. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    If you are interested in logging you may want to edit your audit policies. I would probably audit success and failure for all of them except for "Audit directory service access" and "Audit process tracking." I would probably only audit successful attempts for "Audit object access" as well. Once you have done this, it will be very important that you also adjust your settings in your Event Viewer. Go to Event Viewer and right click on each log (Application, System, Security) and select properties. Increase the maximum log size to a size that will fit your needs and also select "overwrite events as needed." This will prevent you from seeing a warning dialog that your logs are full on startup.

    You should also adjust your account lockout policy to maybe 3-4 invalid logon attempts. Lockout duration is personal preference. If you make secure passwords there should be no need to adjust anything under password policy. The only things might be if you want to set a maximum password age.

    User Rights Assignments can be difficult not knowing if you are on a network or if this a stand alone computer.

    But here are a couple of sites that may lead you in the right direction.

    http://www.uksecurityonline.com/husdg/wxpp2.php - look under security policy control.

    http://www.markusjansson.net/exp.html - look under secure settings

    If you haven't already also make sure you have disabled un needed services. xp-AntiSpy is also a good program for XP http://www.xp-antispy.org/index.php?option=com_remository&Itemid=26

    I hope that helps you to get started.
     
    rerun2, Dec 20, 2003
    #2
  3. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    You could do worse than visiting the Microsoft.com/security site. Their W2K3 security guide is very good, hardly any need to look elsewhere. I suppose they offer a similar approach for XP.
    Your XP system will not be a Fort Knox, it's a PC and it's running Windows. But it will be more secure than any other windows workstation.

    Besides... if you need a Fort Knox, I bet that you see the need for a hardware / linux firewall to secure your system.
     
    meneer, Dec 23, 2003
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...