Tweaking Optimizing Windows.pdf - GEGeek
Tweaking Optimizing Windows.pdf - GEGeek
Tweaking Optimizing Windows.pdf - GEGeek
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Alt - 0254 = þ<br />
Alt - 0255 = ÿ<br />
Create a password reset disk<br />
If you’re running <strong>Windows</strong> XP Professional as a local user in a workgroup environment, you can create a password reset disk to log<br />
onto your computer when you forget your password. To create the disk:<br />
Click Start, click Control Panel, and then click User Accounts. Click your account name. Under Related Tasks, click Prevent a<br />
forgotten password. Follow the directions in the Forgotten Password Wizard to create a password reset disk. Store the disk in a<br />
secure location, because anyone using it can access your local user account<br />
19. Ensure that you have disabled the Guest Account<br />
The 'Guest' account allows anonymous access to a machine. Making sure that this account is disabled will prevent people from using<br />
services you may have inadvertently left open. You can get to this from "Control Panel > Users and Passwords" Then, click on the<br />
"Advanced" tab, and choose "Advanced." You should know be able to modify the Guest account in the "Users" folder.<br />
There is a tendency to confuse the "Everyone" group with the guest account/group. "Everyone" represents people that are<br />
authenticated in any way the client can verify, be locally or to a domain. If you are anyone, you are "Everyone". If a user doesn't<br />
have any other method of authentication, then they are allowed to access whatever the guest group/account has rights to. This is<br />
why you should disable your guest account. But keep in mind: anyone is everyone, including your own valid user. It is a common<br />
mistake for new users to set the filesystem permissions at the root of their system to "deny" Everyone access. Doing so will keep<br />
everyone, including you out. We're be covering filesystem permissions more in depth at another time.<br />
20. Rename Administrator<br />
Unlike other Accounts, the Administrator ID cannot be locked out. This means that people can try as many times as they like to<br />
crack this ID. To make this more difficult, rename your administrative account to something else. Make it very easy to remember,<br />
like "RealAdmin" or something similar. Next, I would recommend making a dummy Administrator account that has NO rights to<br />
anything, named "Administrator" with no privileges. Scan the event log regularly looking for attempts to use this account and giving<br />
it a log in script that writes the client machine's host name and IP address to a file whenever someone is able to log in using it, and<br />
then kicks the user off. To add a login script to the dummy administrators account, go to Console1 and the properties of the dummy<br />
account. Change it in the "Login Scripts" entry.<br />
A login script, in the most simple terms, is just a batch file that a user runs when they login. This can be as simple as connecting a<br />
few network drives to as complex as, well, let it suffice to say it can get really complex. If you want to make a login script that puts<br />
the IP address info of the person logging into your machine into a log file, you would use something like this. Let's name the file<br />
Login.CMD, and let's create it in notepad just like any other text file.<br />
rem Make it so the person logging in doesnt see the script run<br />
@echo off<br />
Rem get the ipaddress of the local machine along with some other settings, you can write another Rem script to parse out just the<br />
ip address, but if they are NAT'ed or PAT'ed then the whole thing is a Rem lot more useful<br />
ipconfig >> \\\\ipaddr.log<br />
rem Exit the command shell<br />
Exit<br />
Please note a few things here:<br />
You need to be very restirictive on the rights to the folder on your machine. Give authenticated users read/change<br />
permissions at the share level, then go to Security, Advanced, Permissions, select your dummy account, and click "Edit". Make all<br />
the options deny except the right to append to the file.<br />
- You may want to enable quotas on this account as well, so a malicious user can't fill up your harddrive by repeatedly logging in,<br />
over and over.<br />
- This will only catch people running <strong>Windows</strong> machines or other SMB clients that will run a login script.<br />
- This is by no means the best way to detect an intruder. Use a firewall or some dedicated intrusion detection software.<br />
- Enable auditing on the shared directory so you can tell what's happening.<br />
Now it is time to create the ID you will actually be logging in with everyday. If it's your home desktop, go ahead and add this to the<br />
administrator's group for your local machine. Use this ID to log in for most things, reserving your renamed Administrator account<br />
for emergencies. If you are a member of a NT 4.0 domain or a <strong>Windows</strong> 2000 Active Directory tree, it is also a good idea to audit<br />
Logon Failures. This is not an option in <strong>Windows</strong> 2000 professional in a standalone configuration. Next enable account lockout on<br />
the real Administrator accounts by using the passprop utility from resource kit and disable the local computer's Administrator<br />
account.<br />
21. Enable Auditing<br />
Use Auditing - heavily if Internet connected. Read your logs daily. Use them as a guide, however don't blindly trust that every<br />
action is in the logs, and every action reflected in the logs should not be taken at face value. INVESTIGATE ODD THINGS.<br />
Enable auditing and create a separate administrators account for auditing purposes only. For the highest security use separate<br />
administrator account for auditing this allows other administrators to be audited as well. Only enable auditing on the events you<br />
need because every item audited increases overhead.<br />
1. Open User Manager or User Manager for Domains.<br />
2. Create a new account. For example, auditor.<br />
3. Make sure auditor is a members of the Administrators group and Domain Admins.<br />
4. Click Policies. Click Audit.<br />
5. Click Audit These Events<br />
6. Select the events your wish to audit.<br />
7. Click ok.<br />
8. Click Policies.<br />
9. Click User Rights.<br />
10. Select Manage Auditing and security log.