Tweaking Optimizing Windows.pdf - GEGeek
Tweaking Optimizing Windows.pdf - GEGeek
Tweaking Optimizing Windows.pdf - GEGeek
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
11. Remove the default administrators group.<br />
12. Add the account used for auditing.<br />
13. Click ok.<br />
22. Group Policy Editor<br />
On 2000 and XP you can use the group policy tool to restrict access. If you would like to limit or control just about every aspect of<br />
your computer you can use a great tool called the group policy editor. Click Start and select Run. Type gpedit.msc in the text box<br />
and click on OK. The group policy editor will load. Navigate through the folders and you will discover hundreds of items that you<br />
can limit access to and control.<br />
23. Security Templates<br />
This applies to 2000 and XP. During installation, a set of standard security settings is applied to the system: these settings are<br />
known as a security template. To get a detailed analysis of the security settings on your machine, open the MMC and select<br />
Add/Remove Snap In from the Console Menu. Click on the Add button, and select the Security Configuration and Analysis, and<br />
Security Templates snap-ins.<br />
If you view the Security Templates option, you will see a list of the basic security templates that are available to your system. You<br />
can view the security settings that each individual template applies by clicking on the plus sign next to each template. The basicwk<br />
template is the default workstation security template, the hisecws template provides higher security workstation settings while the<br />
compatws template provides maximum compatibility for non-<strong>Windows</strong> 2000 certified applications.<br />
The template named Setup Security is the default setup template, by double-clicking on this you can see a list of the security<br />
settings that this template applies under each section of the system, i.e. Account Policies, Local Policies, Event Log, Restricted<br />
Groups, System Services, Registry and File System. Double clicking on each individual item will give you more detailed information<br />
on that particular setting. For example under the default Setup Security template, if you look under Account Policies, then Password<br />
Policy you will see the security setting for the system passwords.<br />
To view the settings that are currently applied to your machine, right click on Security Configuration and Analysis and select Analyse<br />
Computer Now. To apply a different template, right-click on Security Configuration and Analysis and select Import Template. You<br />
can then choose from the selection of standard templates. You can also modify an existing template to your chosen settings, then<br />
choose Export Template and save it as a new template.<br />
24. Disable or delete Unnecessary Accounts<br />
You should review the list of active accounts (for both users and applications) on the system in the Computer Management snap-in,<br />
and disable any non-active accounts, and delete accounts which are no longer required.<br />
25. Set account lockout policy<br />
<strong>Windows</strong> 2000 and XP includes an account lockout feature that will disable an account after an administrator-specified number of<br />
logon failures. For maximum security, enable lockout after 3 to 5 failed attempts, reset the count after not less than 30 minutes,<br />
and set the lockout duration to Forever (until admin unlocks).<br />
The <strong>Windows</strong> NT Resource Kit includes a tool that allows you to adjust some account properties that aren't accessible through the<br />
normal management tools. This tool, passprop.exe, allows you to lock out the administrator account: The /adminlockout switch<br />
allows the administrator account to be locked out<br />
26. Require CTRL-ALT-DEL before login<br />
In 2000 and XP under Control Panel/Users & Passwords ensure that the "Users must enter a user name and password" box is<br />
checked, and under the Advanced tab, that "Require users to press CTR-ALT-DEL before logging on" is checked.<br />
27. Don't Display Last User Name at logon<br />
Either use TweakUI and clear the checkmark next to Clear Last User at logon in the Paranoia tab or utilise a registry entry. Enabling<br />
this will blank the username box on the logon screen. Preventing people that are logging on from knowing the last user on the<br />
system and also from preventing account lockouts for the wrong person.<br />
Win9x Settings<br />
Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\<strong>Windows</strong>\CurrentVersion\Winlogon]<br />
Value Name: DontDisplayLastUserName<br />
Data Type: REG_SZ<br />
Data: (1=enable, 0=disable)<br />
NT Settings<br />
Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\<strong>Windows</strong> NT\CurrentVersion\Winlogon]<br />
Value Name: DontDisplayLastUserName<br />
Data Type: REG_SZ<br />
Data: (1=enable, 0=disable)<br />
If that doesn't fix it, follow this solution (make sure you have a note of all your ISP usernames and passwords)<br />
First, delete your .PWL file from the C:\WINDOWS folder.<br />
Next, delete the equivalent entry from C:\WINDOWS\SYSTEM.INI's [Password Lists] section.<br />
Next, open Control Panel > Network and ensure <strong>Windows</strong> Logon is installed and that it is the Primary Network.<br />
Reboot. When asked for a username and password, enter your usual username and hit Return. Do NOT enter a password- leave it<br />
blank. Hit Return to confirm the blank password. That's the last time you'll be asked to logon to <strong>Windows</strong>. When you logon to your<br />
ISP, you'll have to enter your username and password, but once connection is established, these will be remembered for future<br />
logons, provided you checkmark the appropriate box, of course.<br />
If you're on a LAN, use Client for Microsoft Networks, instead. You will need to use Tweak UI's Logon instead.<br />
If you WANT to logon, but can't, remove the following registry value: