Tweaking Optimizing Windows.pdf - GEGeek

More documents

Recommendations

Info

38. Maximum Number of Remote Access Authentication Attempts on NT This setting controls the number of authentication retries before the remote access connection is terminated. Even better disable remote access. Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters] Value Name: AuthenticateRetries Data Type: REG_DWORD Data: 1 to 10 39. Automatically Disconnect Remote Access Callers on NT and 2000 Specifies the amount of idle time in minutes to wait before disconnecting the RAS client. This reduces browser traffic generated by the machine because it advertises its presence on the network. This change is highly recommended for WAN's connected using dial up lines to reduce costs on idle connections to the server. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\autodisconnect Modify the REG_DWORD value from 15 minutes to 2 in decimal. 40. Disable Dial-In Access for Windows 9x and NT It's possible for users to setup a modem on a Windows machine, and by using Dial-up Networking allow callers to connect to the internal network. Especially in a corporate environment this can cause a major security risk. Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Network] Value Name: NoDialIn Data Type: REG_DWORD Data: (0 = dial-in enabled, 1 = dial-in disabled) 41. Securing Network Access to NT CD-ROM Drives This setting determines whether data in the CD-ROM drive is accessible to other users. Because the CD-ROM drive is a volume, by default, it is shared as an administrative share on the network. If the value of this entry is 1, the CD-ROM drive is allocated to the user as part of the interactive logon process and, therefore, only the current user can access it. This prevents administrators and remote users (and even the same user at a different workstation) from accessing the drive while the current user is logged on to the computer. The drive is shared again when the current user logs off the computer. Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Value Name: AllocateCDRoms Data Type: REG_SZ Data: (0 = enabled, 1 = disabled) Value Meanings: '0' = Compact discs in the CD-ROM drive can be accessed by all administrators in the domain. '1' = Only the user logged on locally can access data on the compact discs in the CD-ROM drive. 42. Securing Network Access to NT Floppy Drives This setting determines whether data in the floppy disk drive is accessible to other users. Because the floppy disk drive is a volume, by default it is shared as an administrative share on the network. If the value of this entry is 1, the floppy disk drive is allocated to the user as part of the interactive logon process and, therefore, only the current user can access it. This prevents administrators and remote users (and even the same user at a different workstation) from accessing the drive while the current user is logged on. The drive is shared again when the current user logs off. Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Value Name: AllocateFloppies Data Type: REG_SZ Data: (0 = enabled, 1 = disabled) Value Meanings: '0' = Floppy disks in the floppy disk drive can be accessed by all administrators in the domain. '1' = Only the user logged on locally can access data on the floppy disks in the floppy disk drive. 43. Dont save encrypted files to disk When you connect to a site that is encrypted the data sent over the network is encrypted. Your browser has the key to decrypt and display the information. Why give someone a chance to crack the encryption. If you don't allow IE to save it to disk then it is nearly impossible for someone else to be able to get that file and use brute force to crack it. Launch Internet Explorer. Select the Tools from the menu bar. Then select Internet Options... from the drop down menu. Once the internet options has loaded click on the advanced tab. Under security find where it says Do not save encrypted pages to disk and check it. Click OK 44. Clear pagefile at shutdown I only recommend this for people who are paranoid as your pagefile has to be recreated at every boot and has a big hit on performance. Your pagefile could contain passwords etc. This can be useful if you are imaging your computer with drive image or ghost to get your image as small as possible. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement If value does not exist add the following value ClearPageFileAtShutdown : 1 (Type Reg_DWord) 45. Make all Desktop Settings Permanent Make all Desktop Settings Permanent in an window: window size, position, toolbar etc. Run Regedit and go to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Right-click in the right hand pane, click New, and select DWORD Value. Name it 'NoSaveSettings' Now right-click on it, choose Modify, and type 1 in the Value data box. Click OK and exit the Registry Editor. All future windows settings will be from now on those you specified BEFORE creating the new "NoSaveSettings" Registry value, and can be changed ONLY temporarily. Next time you open that same window, its settings will revert back to the ones you started with, before this Registry change. To reenable permanent settings changes again, goto the same Registry key above, right-click on "NoSaveSettings", choose Modify, and change its Value data to 0. 46. Clear Internet Explorer Typed URL History Internet Explorer caches any URL's that are typed into the address bar. This could become a privacy issue on a shared computer, or it may become a nuisance if there is a particular URL you want to remove without clearing the whole history. Open your registry and find the key below and delete any value you want to remove. Registry Settings: Key: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs] 47. Dlls and Exes to Read only Make all your dll's, exe's and com files read only. If you make all your application files (EXE) and dll's read only it will make your system more secure because normally trojans and viruses don't have any built in routines to change attributes of the files they are designed to modify - they can't modify a read only file without first changing its attributes. There are reasons viruses and trojans don't try to change the attributes - Virus programmers usually don't think anyone would make all their exe & dll files read only and don't write code to deal with that obstacle. - Even if they think about it, the goal of all viruses is to keep them as small as possible so they are harder to detect. Adding routines to change attributes increases the size of the programs. When an exe or dll or com file can't be modified the virus can't spread. BUT even better... If something tries to modify a read only file Windows usually pops up a notice and that would tip you that something suspicious was going on. If you try to delete a folder that has read only files you will be prompted with a second confirmation and this extra step helps to avoid mistakes of accidentally deleting the wrong files or folders. 48. Turn off auto-insert notification on all cd drives Do this from control panels\system\devicemanager - click on each of your cd drives and goto properties\settings and uncheck auto insert notification. I have seen some commercial magazine disks that try to execute a virus automatically when a disc is inserted into your machine. Although a good virus checker would detect this. In NT you will have to do this through the registry. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDRom] Change to value of 'Autorun', or create a new DWORD value if it doesn't already exist, and set the data to equal '0' for Autorun disabled. Restart your computer. For example, the setting may look like: Autorun 0x00000000 (0) 49. Stop .reg files from being automatically run This next registry entry changes the way a .reg file is handled. If a .reg is opened normally it would ask you 'are you sure you want to add details to the registry' and when a .reg is run with the /s switch it wouln't ask you it would just add the details anyway. This reg file changes the behaviour of a reg file, so if it is executed it will only edit the file and not import it into the registry. To merge the Registry file into your Registry, you will need to right-click on it and select Merge. -----Begin cut & paste here----- REGEDIT4 [HKEY_CLASSES_ROOT\regfile\shell] @="edit" ------End cut & paste here------ 50. Spyware Run 'Ad-Aware' program to fight the spying that a least 100 or so programs are known to do. (I do this mainly to save the band width wasted by the data and banner ads that are passing back and forth.) www.lavasoft.de Also check out SpyBot from http://spybot.safer-networking.de/ 51. Create a shortcut to lock computer This works in XP and probably NT and 2000. Right click on desktop and select new -> shortcut. Then copy and paste this in the program location box "rundll32.exe user32.dll,LockWorkStation" Click next and enter a name for you shortcut and then click finish. Now you can copy and paste that shortcut anywhere you want on your computer. 52. Physically secure and protect your servers and critical workstations Quite simply lock them up - password protect consoles, lock them away in secure fireproof halon strong rooms which are alarmed and have security cameras inside. Make sure rooms have no windows and no roof or any access of any kind apart from one security door. The secure door must be very strong and protected with multiple entry systems e.g. keycard access with codepunch and/or fingerprint/retina scan recognition systems - you get the idea... 53. XP Permissions Sharing of files and folders can be managed in two ways. If you chose simplified file sharing, your folders can be shared with everyone on your network or workgroup, or you can make your folders private. (This is how folders are shared in Windows 2000.) However, in Windows XP Professional, you can also set folder permissions for specific users or groups. To do this, you must first change the default setting, which is simple file sharing. Open Control Panel, click Tools, and then click Folder Options. Click the View tab, and scroll to the bottom of the Advanced Settings list. Clear the Use simple file sharing (Recommended) check box. To manage folder permissions, browse to the folder in Windows Explorer, right-click the folder, and then click Properties. Click the Security tab, and assign permissions, such as Full Control, Modify, Read, and/or Write, to specific
Page 1 and 2:
Mr.X.'s TWEAKING AND OPTIMIZING WIN
Page 3 and 4:
-Msdownld.tmp This one needs manual
Page 5 and 6:
If you have Windows 95/NT you can e
Page 7 and 8:
BootKeys=1 BootMenu=0 BootMenuDefau
Page 9 and 10:
Settings\Cache\History] "CachePath"
Page 11 and 12:
Similarly, open Internet Explorer,
Page 13 and 14:
g - Restart your computer once step
Page 15 and 16:
38. Keep IE crash free Here's a tip
Page 17 and 18:
44. Switch off Dos memory manager D
Page 19 and 20:
Data: D:\WIN95 58. Clear Recent Doc
Page 21 and 22:
Click on the property tab for this
Page 23 and 24:
Right-click in the right hand pane
Page 25 and 26:
By the use of this client software,
Page 27 and 28:
8. Want Real mode DOS back in Windo
Page 29 and 30: Recommendation: This service will f
Page 31 and 32: detect and/or recognize your hardwa
Page 33 and 34: It should almost certainly benefit
Page 35 and 36: Click start. click settings. click
Page 37 and 38: Click Analyze, click ok, click Acti
Page 39 and 40: Nonbrowser. A nonbrowser is configu
Page 41 and 42: Private IP Addressing (APIPA) for p
Page 43 and 44: provides protected storage for sens
Page 45 and 46: If the service is turned off, RIS i
Page 47 and 48: enables NetBIOS name resolution. Pr
Page 49 and 50: 11. Adaptive Menus Microsoft Office
Page 51 and 52: 3. Speed up Internet Explorer 6 Fav
Page 53 and 54: Note that in doing this, you are co
Page 55 and 56: claimed for a ‘fixed’ page file
Page 57 and 58: When a NTFS drive is formatted it b
Page 59 and 60: Goto above key in registry and you
Page 61 and 62: To get Admin account on the "Welcom
Page 63 and 64: • Security is not opening attachm
Page 65 and 66: is not acceptable, and that anythin
Page 67 and 68: [-HKEY_LOCAL_MACHINE\System\Current
Page 69 and 70: exists on your NT machine (this key
Page 71 and 72: - Not found in a dictionary - Not d
Page 73 and 74: Alt - 119 = w Alt - 120 = x Alt - 1
Page 75 and 76: Alt - 0166 = ¦ Alt - 0167 = § Alt
Page 77 and 78: 11. Remove the default administrato
Page 79: These logs can contain sensitive da
Page 83 and 84: 57. Temporarily Assign Yourself Adm
Page 85 and 86: Install the appropriate post-Servic
Page 87 and 88: Windows XP Home Edition Configurati
Page 89 and 90: Caution If your computer is not in
Page 91 and 92: C:\inetpub\ftproot (FTP server) C:\
Page 93 and 94: MBR Work - www.terabyteunlimited.co
Page 95 and 96: Extreme Tech www.extremetech.com Fi
Page 97 and 98: IconFactory.com www.iconfactory.com
Page 99 and 100: Cable Modem Tips http://homepage.nt
Page 101 and 102: _Google _Google Image Search _Googl
Page 103 and 104: Boot other device This feature dete
Page 105 and 106: feature is a little different from
Page 107 and 108: ypass the compensation circuit and
Page 109 and 110: Therefore, using the latest video B
Page 111 and 112: So, for optimal performance, you sh
Page 113 and 114: second clock cycle before sending t
Page 115 and 116: SDRam RAS precharge time This featu
Page 117 and 118: The shorter the delay, the earlier
Page 119 and 120: CPU level 1 cache The modern proces
Page 121 and 122: MPS 1.1 was the original specificat
Page 123 and 124: Please note that even if you don't
Page 125 and 126: Advanced Settings tab of the associ
Page 127 and 128: However, this is not a surefire way
Page 129 and 130: This feature allows you to manually
Page 131 and 132:
doubling the bandwidth of the proce
Page 133 and 134:
When this feature is enabled, the s
Page 135 and 136:
VLink 8X support V-Link refers to V
Page 137 and 138:
You will notice that the interrupts
Page 139 and 140:
AMD OVERCLOCKING - changing the mul
Page 141 and 142:
Examples of terminology used You wi
Page 143 and 144:
are much easier to use. No matter w
Page 145 and 146:
Hard drive limitations Overclocking
Page 147 and 148:
5.0x 500Mhz 560Mhz 620Mhz 665Mhz 5.
Page 149 and 150:
If you see copper, you've gone too
Page 151 and 152:
"PC" specification that SDRAM uses
Page 153 and 154:
Benchmarks allow you to measure you
show all

Tweaking Optimizing Windows.pdf - GEGeek

Create successful ePaper yourself

Delete template?

Save as template?