Tweaking Optimizing Windows.pdf - GEGeek

More documents

Recommendations

Info

One of the most important things for protecting systems is to use anti-virus software, and ensure that it is kept up-to-date. All systems on the Internet, a corporate Intranet, or a home network should have anti-virus software installed. More security anti-virus information is available on the Microsoft TechNet Security Web Site. Keep up-to-date on the latest security updates The Auto Update feature in Windows XP can automatically detect and download the latest security fixes from Microsoft. Auto Update can be configured to automatically download fixes in the background and then prompt the user to install them once the download is complete. To configure Auto Update, click System in Control Panel and select the Automatic Updates tab. Choose the first notification setting to download the updates automatically and receive notification when they are ready to be installed. Additionally, Microsoft issues security bulletins through its Security Notification Service. These bulletins are issued for any Microsoft product that is found to have a security issue. When these bulletins recommend installation of a security hotfix, you should immediately download and install the hotfix on your computers. XP PRO CHECKLIST Verify that all disk partitions are formatted with NTFS Verify that all disk partitions are formatted with NTFS. NTFS partitions offer access controls and protections that aren't available with the FAT, FAT32, or FAT32x file systems. Make sure that all partitions on your computer are formatted using NTFS. If necessary, use the Convert utility to non-destructively convert your FAT partitions to NTFS. Protect file shares By default, Windows XP Professional systems that are not connected to a domain use a network access model called "Simple File Sharing," where all attempts to log on to the computer from across the network will be forced to use the Guest account. This means that network access through Server Message Block (SMB, used for file and print access), as well as Remote Procedure Call (RPC, used by most remote management tools and remote registry access) will only be available to the Guest account. In the Simple File Sharing model, file shares can be created so that access from the network is read-only, or access from the network is able to read, create, change, and delete files. Simple File Sharing is intended for use on a home network and behind a firewall, such as the one provided by Windows XP. If you are connected to the Internet, and are not operating behind a firewall, you should remember that any file shares you create might be accessible to any user on the Internet. The Classic security model is used if your Windows XP computer is joined to a domain, or if Simple File Sharing is disabled. In the Classic security model, users who attempt to log on to the local computer from across the network must authenticate as themselves, and are not mapped to the Guest account. File shares should be created so that access from the network is only granted to the appropriate groups and/or individual users. Use Internet Connection Sharing (ICS) for shared Internet connections Windows XP provides the ability to share a single Internet connection with multiple computers on a home or small business network through the ICS feature. One computer, called the ICS host, connects directly to the Internet and shares its connection with the rest of the computers on the network. The client computers rely on the ICS host computer to provide access to the Internet. Security is enhanced when ICS is enabled because only the ICS host computer is visible to the Internet. To enable ICS, right-click an Internet connection in Network Connections, click Properties, click the Advanced tab, and then select the appropriate check box. You can also configure ICS by using the Home Networking Wizard. For more information about ICS, see Help and Support Center in Windows XP. Enable Internet Connection Firewall (ICF) Designed for use in the home or small business, ICF provides protection for Windows XP computers that are directly connected to the Internet, or for the computers or devices connected to the Internet Connection Sharing host computer that is running ICF. The Windows XP ICF makes use of active packet filtering, which means that ports on the firewall are dynamically opened only for as long as necessary to enable you to access the services you're interested in. To enable ICF, right-click an Internet connection in Network Connections, click Properties, click the Advanced tab, and then select the appropriate check box. You can also configure ICF by using the Home Networking Wizard. For more information about ICF, see Help and Support Center in Windows XP. Use software restriction policies Software restriction policies provide administrators with a policy driven mechanism that identifies software running in their domain, and controls the ability of that software to run. Using a software restriction policy, an administrator can prevent unwanted programs from running; this includes viruses and Trojan horses, or other software that is known to cause conflicts when installed. Software restriction policies can be used on a standalone computer by configuring the local security policy. Software restriction policies also integrate with Group Policy and Active Directory. For details on creating software restriction policies, refer to the What's New in Security for Windows XP Professional and Windows XP Home Edition white paper. Use account passwords To protect users who do not password-protect their accounts, Windows XP Professional accounts without passwords can only be used to log on at the physical computer console. By default, accounts with blank passwords can no longer be used to log on to the computer remotely over the network, or for any other logon activity except at the main physical console logon screen. For example, you cannot use the secondary logon service (RunAs) to start a program as a local user with a blank password. Assigning a password to a local account removes the restriction that prevents logging on over a network. It also permits that account to access any resources it is authorized to access, even over a network connection. As a result, it is better to leave a blank password assigned to an account rather than assigning a weak, easily guessed password. When assigning account passwords, make sure the password is at least nine characters long and that it includes at least one punctuation mark or non-printing ASCII character within the first seven characters.
Caution If your computer is not in a physically secured location, it is recommended that you assign passwords to all local user accounts. Failure to do so allows anyone with physical access to the computer to easily log on using an account that does not have a password. This is especially important for portable computers, which should always have strong passwords on all local user accounts. Note This restriction does not apply to domain accounts. It also does not apply to the local Guest account. If the Guest account is enabled and has a blank password, it will be permitted to log on and access any resource authorized for access by the Guest account. If you want to disable the restriction against logging on to the network without a password, you can do so through Local Security Policy. Disable unnecessary services After installing Windows XP, you should disable any network services not required for the computer. In particular, you should consider whether your computer needs any IIS Web services. By default, IIS is not installed as part of Windows XP and should only be installed if its services are specifically required. Disable or delete unnecessary accounts You should review the list of active accounts (for both users and programs) on the system in the Computer Management snap-in. Disable any non-active accounts and delete any accounts which are no longer required. Make sure the Guest account is disabled This setting recommendation only applies to Windows XP Professional computers that belong to a domain, or to computers that do not use the Simple File Sharing model. On Windows XP Professional systems that are not connected to a domain, users who attempt to log on from across the network will be forced to use the Guest account by default. This change is designed to prevent hackers attempting to access a system across the Internet from logging on by using a local Administrator account that has no password. To use this feature, which is part of the Simple File Sharing model, the Guest account must be enabled on all Windows XP computers that are not joined to a domain. For those computers that are joined to a domain, or for unjoined computers that have turned off the Simple File Sharing model, the Guest account should be disabled. This will prevent users attempting to log on to the computer from across the network from using the Guest account. Set stronger password policies To protect users who do not password-protect their accounts, Windows XP Professional accounts without passwords can only be used to log on at the physical computer console. By default, accounts with blank passwords can no longer be used to log on to the computer remotely over the network, or for any other logon activity except at the main physical console logon screen. Note This restriction does not apply to domain accounts. It also does not apply to the local Guest account. If the Guest account is enabled and has a blank password, it will be permitted to log on and access any resource authorized for access by the Guest account. Use the Local Security Policy snap-in to strengthen the system policies for password acceptance. Microsoft suggests that you make the following changes: - Set the minimum password length to at least 8 characters - Set a minimum password age appropriate to your network (typically between 1 and 7 days) - Set a maximum password age appropriate to your network (typically no more than 42 days) - Set a password history maintenance (using the "Remember passwords" radio button) of at least 6 - Set account lockout policy Windows XP includes an account lockout feature that will disable an account after an administrator-specified number of logon failures. For example, enable local account lockout after 5-10 failed attempts, reset the count after not less than 30 minutes, and set the lockout duration to "Forever (until admin unlocks)". If that's too aggressive, consider permitting the account to automatically unlock after a certain period of time. There are two common goals for using account lockout: one is to make it obvious that multiple attempts have been made to log on to a user account with an invalid password; the second is to protect accounts from attempts to guess a password by dictionary attacks, or iterative guessing. There is no one correct setting here that will apply to all environments. Consider reasonable settings for your environment. Install anti-virus software and updates One of the most important things for protecting systems is to use anti-virus software, and ensure that it is kept up-to-date. All systems on the Internet, a corporate Intranet, or a home network should have anti-virus software installed. More security anti-virus information is available on the Microsoft TechNet Security Web Site. Keep up-to-date on the latest security updates The Auto Update feature in Windows XP can automatically detect and download the latest security fixes from Microsoft. Auto Update can be configured to automatically download fixes in the background and then prompt the user to install them once the download is complete. To configure Auto Update, click System in Control Panel and select the Automatic Updates tab. Choose the first notification setting to download the updates automatically and receive notification when they are ready to be installed. 62. Internet Explorer Security Checklist This checklist outlines basic security measures for Internet Explorer version 5.01 Service Pack 2 or later. - Verify that you are running a 128-bit browser - On the Tools menu, click Internet Options, and then click the Security tab. Verify that your security zones are set to their default levels. - On the Tools menu, click Internet Options, and then click the Advanced tab. Verify that your Advanced settings are set to their default levels. - Be sure to visit Windows Update regularly for new security updates
Page 1 and 2:
Mr.X.'s TWEAKING AND OPTIMIZING WIN
Page 3 and 4:
-Msdownld.tmp This one needs manual
Page 5 and 6:
If you have Windows 95/NT you can e
Page 7 and 8:
BootKeys=1 BootMenu=0 BootMenuDefau
Page 9 and 10:
Settings\Cache\History] "CachePath"
Page 11 and 12:
Similarly, open Internet Explorer,
Page 13 and 14:
g - Restart your computer once step
Page 15 and 16:
38. Keep IE crash free Here's a tip
Page 17 and 18:
44. Switch off Dos memory manager D
Page 19 and 20:
Data: D:\WIN95 58. Clear Recent Doc
Page 21 and 22:
Click on the property tab for this
Page 23 and 24:
Right-click in the right hand pane
Page 25 and 26:
By the use of this client software,
Page 27 and 28:
8. Want Real mode DOS back in Windo
Page 29 and 30:
Recommendation: This service will f
Page 31 and 32:
detect and/or recognize your hardwa
Page 33 and 34:
It should almost certainly benefit
Page 35 and 36:
Click start. click settings. click
Page 37 and 38: Click Analyze, click ok, click Acti
Page 39 and 40: Nonbrowser. A nonbrowser is configu
Page 41 and 42: Private IP Addressing (APIPA) for p
Page 43 and 44: provides protected storage for sens
Page 45 and 46: If the service is turned off, RIS i
Page 47 and 48: enables NetBIOS name resolution. Pr
Page 49 and 50: 11. Adaptive Menus Microsoft Office
Page 51 and 52: 3. Speed up Internet Explorer 6 Fav
Page 53 and 54: Note that in doing this, you are co
Page 55 and 56: claimed for a ‘fixed’ page file
Page 57 and 58: When a NTFS drive is formatted it b
Page 59 and 60: Goto above key in registry and you
Page 61 and 62: To get Admin account on the "Welcom
Page 63 and 64: • Security is not opening attachm
Page 65 and 66: is not acceptable, and that anythin
Page 67 and 68: [-HKEY_LOCAL_MACHINE\System\Current
Page 69 and 70: exists on your NT machine (this key
Page 71 and 72: - Not found in a dictionary - Not d
Page 73 and 74: Alt - 119 = w Alt - 120 = x Alt - 1
Page 75 and 76: Alt - 0166 = ¦ Alt - 0167 = § Alt
Page 77 and 78: 11. Remove the default administrato
Page 79 and 80: These logs can contain sensitive da
Page 81 and 82: Right-click in the right hand pane,
Page 83 and 84: 57. Temporarily Assign Yourself Adm
Page 85 and 86: Install the appropriate post-Servic
Page 87: Windows XP Home Edition Configurati
Page 91 and 92: C:\inetpub\ftproot (FTP server) C:\
Page 93 and 94: MBR Work - www.terabyteunlimited.co
Page 95 and 96: Extreme Tech www.extremetech.com Fi
Page 97 and 98: IconFactory.com www.iconfactory.com
Page 99 and 100: Cable Modem Tips http://homepage.nt
Page 101 and 102: _Google _Google Image Search _Googl
Page 103 and 104: Boot other device This feature dete
Page 105 and 106: feature is a little different from
Page 107 and 108: ypass the compensation circuit and
Page 109 and 110: Therefore, using the latest video B
Page 111 and 112: So, for optimal performance, you sh
Page 113 and 114: second clock cycle before sending t
Page 115 and 116: SDRam RAS precharge time This featu
Page 117 and 118: The shorter the delay, the earlier
Page 119 and 120: CPU level 1 cache The modern proces
Page 121 and 122: MPS 1.1 was the original specificat
Page 123 and 124: Please note that even if you don't
Page 125 and 126: Advanced Settings tab of the associ
Page 127 and 128: However, this is not a surefire way
Page 129 and 130: This feature allows you to manually
Page 131 and 132: doubling the bandwidth of the proce
Page 133 and 134: When this feature is enabled, the s
Page 135 and 136: VLink 8X support V-Link refers to V
Page 137 and 138: You will notice that the interrupts
Page 139 and 140:
AMD OVERCLOCKING - changing the mul
Page 141 and 142:
Examples of terminology used You wi
Page 143 and 144:
are much easier to use. No matter w
Page 145 and 146:
Hard drive limitations Overclocking
Page 147 and 148:
5.0x 500Mhz 560Mhz 620Mhz 665Mhz 5.
Page 149 and 150:
If you see copper, you've gone too
Page 151 and 152:
"PC" specification that SDRAM uses
Page 153 and 154:
Benchmarks allow you to measure you
show all

Tweaking Optimizing Windows.pdf - GEGeek

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?