Windows 2K and XP security settings?

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Thu Jun 13 18:54:08 GMT 2002


Hi all,

I have been asked by our desktop support / PC standards folks to give some 
security-minded recommendations for their new Windows 2000 and XP images. 
I can think of some things off of the top of my head, and I'll bet after a 
bit of research I can think of a few more.  What do you all do to help 
secure your standard "NT-ish" installs?  (I know it is a broad question.)

Some things they mention they do:

- Patched to current service pack / windows update / security hotfix 
standard for the OS and browser
- Strong administrative passwords
- Antivirus auto-updates once per day

Some ideas off the top of my head:

- Rename the administrative accounts
- Enable personal firewall for XP (prob creates more support issues than 
it solves)
- Restrict Anonymous setting to disable account enumeration
- Enable logon/logoff auditing to help track crack attempts
- Set strong password policies for all local accounts
- Enable auto-download of security updates

I feel like this is my one crack at helping to secure the desktop for the 
next year.  Help me get it right! ;-)

Phil

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================



More information about the unisog mailing list