• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

What security settings to you change?

M

Modular

Diamond Member
I'm interested to hear what security settings people change through the Start - Control Panel - Administrative Tools method.

I'm going to reinstall Windows on one PC and haven't really messed with this stuff before. I think it will be fun to see what people change and why.

Thanks.
 
1) non-Admin account on Vista or WinXP. Why: proactively prevents many kinds of Bad Stuff? (e.g. ActiveX pop-ups for Bonzi Buddy installers etc, spyware installation, modification of HOSTS file, disabling the Windows Firewall, etc etc)

2) fully enable the Data Execution Prevention setting :camera: on Vista or WinXP. To get at this, right-click My Computer and choose Properties. Why: proactively prevents some kinds of Bad Stuff? (e.g. the infamous WMF Exploit).

3) if it's WinXP Professional (or Vista Business or Vista Ultimate), a Software Restriction Policy. Why: proactively prevents many kinds of Bad Stuff? (see the link for examples, some of which are hypothetical... for the moment, that is).

 
Excellent information! I really appreciate the input Mech.

I have to admit, however, that I am a newb and ask a really noobish question.

I installed a bunch of programs under my Admin account that don't show up on my newly created Limited Account, and some that do show up, such as UltraVNC, cannot run under the limited account. Is there an easy way to make them work?

 
Originally posted by: Modular
Excellent information! I really appreciate the input Mech.

I have to admit, however, that I am a newb and ask a really noobish question.

I installed a bunch of programs under my Admin account that don't show up on my newly created Limited Account, and some that do show up, such as UltraVNC, cannot run under the limited account. Is there an easy way to make them work?
Click to expand...
In practical terms, just add shortcuts to the missing programs on your Limited account, and start with the simple stuff listed on this page if you didn't do those already. There are programs that really won't work (or not properly) under a Limited account on XP, and the next option is to right-click them while holding the Shift key, choose Run As..., and run them with your Admin account's credentials (the account cannot have a blank password, btw).

Bigger picture: Vista is better if you want the enhanced security of a non-Admin account, so if you're wobbling in the Vista direction at all, that would be a benefit.
 
One way to solve the problem of shortcuts and such not being available to other account is to setup the system the way you want then copy the profile used to config the system over the default user profile. That way all future logins will have the same desktop config.
 
Go even further, and do the following:

1) Admin tools > Local Security Settings > Enable Audit Policy settings.
2) Admin tools > User Rights Assignment > Deny Access/Logons all settings for Anonymous Logon accounts.
3) Disable Administrative shares (http://www.petri.co.il/disable_administrative_shares.htm).
4) Disable un-used services (Alerter/ComputerBrowser/ErrorReportingService/IndexingService/Messenger/Telnet
UPnP/WirelessZeroConfig).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top