Admin Tips
- Windows Server 2008/2003/2000/XP/NT Administrator Knowledge Base
  - Windows XP
    - Admin Tips
      - Security

Knowledge Base Tips topic

[	3440	]	Windows Server 2008/2003/2000/XP/NT Administrator Knowledge Base	Last updated: Mar 09, 2010
[	748	]	Windows 2000	Last updated: Feb 18, 2010
[	489	]	Admin Tips	Last updated: Feb 18, 2010
[	123	]	Registry Tips	Last updated: Feb 18, 2010
[	136	]	User Tips	Last updated: Jan 27, 2010
[	523	]	Windows 2003	Last updated: Feb 18, 2010
[	1155	]	Windows NT	Last updated: Jul 22, 2009
[	197	]	Windows Server 2008	Last updated: Mar 09, 2010
[	188	]	Windows Vista	Last updated: Mar 03, 2010
[	628	]	Windows XP	Last updated: Jan 14, 2010

Security Tips

Sort By: Title | Date | Rating

Hiding an Entire Computer from Network Users: Date - Aug 12, 2009; Rating - 3.5; Author - Eric Geier; Preventing network users from seeing a computer in My Network Places or Network.
Remove Cached 802.1X/PEAP Login Information (in XP): Date - May 28, 2009; Rating - Not Rated; Author - Eric Geier; Delete the username and password stored for authenication.
Tips for Securing Your Wireless LAN: Date - Feb 04, 2009; Rating - 3.4; Author - Eric Geier; Ways to protect your Wi-Fi network from eavesdroppers and hackers.
Changing Windows unlocking behavior: Date - May 22, 2008; Rating - 4.8; Author - Martin Webber; Third party application that allows you to change the unlocking behavior of windows allowing you to set which users can unlock a workstation.
Autologon and wireless networks: Date - Sep 04, 2007; Rating - 1; Author - Mitch Tulloch; Possible issues when using autologon on wireless networks.
Temporarily disabling Kerberos: Date - Jul 25, 2007; Rating - 3; Author - Mitch Tulloch; How to force NTLM authentication and temporarily disable Kerberos.
Troubleshooting Domain Join Issues: Date - Jun 19, 2007; Rating - 3.3; Author - Mitch Tulloch; How to troubleshoot when issues joining a domain arise.
Displaying User Privileges: Date - May 23, 2007; Rating - Not Rated; Author - Mitch Tulloch; How to display a list of privileges of a user on Windows XP.
Blocking Domain Unjoin: Date - May 17, 2007; Rating - 1.3; Author - Mitch Tulloch; How to prevent users from removing their computers from the domain.
Extra-Secure EFS: Date - Aug 29, 2006; Rating - 3.5; Author - Mitch Tulloch; How to increase EFS security on Windows XP.
Managing the Builtin Administrator Account: Date - Jul 12, 2006; Rating - 2.1; Author - Mitch Tulloch; How to minimize the hazards of the built-in Administrator account.
Restrict which programs can be run: Date - Jun 28, 2006; Rating - 3.9; Author - Mitch Tulloch; How to restrict which programs are allowed to run on a computer
Directory listings in alternate shell: Date - May 03, 2006; Rating - 1.7; Author - Mitch Tulloch; How to stop a command from executing in a command shell opened with alternate credentials.
Virtualization and Viruses: Date - Apr 26, 2006; Rating - 1.7; Author - Mitch Tulloch; How to protect your virtual machines without degrading performance.
Pagefiles--to wipe or not to wipe: Date - Apr 19, 2006; Rating - 3.8; Author - Mitch Tulloch; Discusses whether setting Group Policy to wipe a pagefile at shutdown is a good or bad idea.
Non-Admin Trick for Safe Web Surfing: Date - Mar 28, 2006; Rating - 3.5; Author - Mitch Tulloch; A safe way to browse the web when you're logged on as admin.
Security Patches as ISO images: Date - Feb 21, 2006; Rating - 4.8; Author - Mitch Tulloch; You can obtain patches for Windows as an ISO (CD) image.
Enforcing Group Policy: Date - Feb 14, 2006; Rating - 3.5; Author - Mitch Tulloch; How to force Group Policy to apply even when users can override settings using local admin credentials.
Managing devices on XP desktops: Date - Jan 05, 2006; Rating - 4; Author - Mitch Tulloch; Managing devices on XP desktops requires admin-level credentials, but what if your users don't have such credentials and yet you want to let them manage their own devices?
Administrator account with no password: Date - Jan 04, 2006; Rating - 2.1; Author - Mitch Tulloch; While conventional wisdom is that Administrator accounts should have long, complex passwords, this is not always so...
Checking Local Group Policy: Date - Dec 21, 2005; Rating - 3.7; Author - Mitch Tulloch; There may be times when you want to check the Local Group Policy Settings on a desktop machine.
Disable Remote Desktop: Date - Nov 22, 2005; Rating - 3.5; Author - Mitch Tulloch; How to disable Remote Desktop on XP machines.
Simple Ways to Harden Clients: Date - Nov 03, 2005; Rating - 2.2; Author - Mitch Tulloch; Three simple ways to harden Windows XP clients.
Eliminating the Welcome Screen: Date - Oct 26, 2005; Rating - 3.8; Author - Mitch Tulloch; How to prevent the Welcome screen from running when your users turn on their OEM-supplied XP boxes for the first time.
Wipe Your Drive: Date - Oct 12, 2005; Rating - 2; Author - Mitch Tulloch; Hard drives should be wiped clean before disposing of them.
Remove Unused Drivers and Devices: Date - Sep 16, 2005; Rating - 4.5; Author - Tony Bradley; If you remove a piece of hardware, particularly USB devices that may be frequently swapped out, without first Uninstalling it in Device Manager, the drivers remain behind, but the device no longer shows up in Device Manager by default.
Using Users to Test Patches: Date - Sep 15, 2005; Rating - 4; Author - Mitch Tulloch; You can use your own users to test patches for client OSes and applications, if you do it the right way.
Get the Latest ADM Files: Date - Jul 12, 2005; Rating - 2.8; Author - Mitch Tulloch; How to obtain the latest Administrative Template files from Microsoft.
Group Policy and Laptops: Date - Jul 07, 2005; Rating - 2.1; Author - Mitch Tulloch; Common misconception concerning laptops and Group Policy.
XP SP2 Breaks Group Policy: Date - Jun 09, 2005; Rating - 2.8; Author - Mitch Tulloch; Resolving an issue with adm files in XP SP2.
Find Out When Policy Last Applied: Date - Jun 08, 2005; Rating - 3; Author - Mitch Tulloch; How to find out when Group Policy was last applied to a remote machine.
Refresh Group Policy Remotely: Date - Jun 06, 2005; Rating - 5; Author - Mitch Tulloch; How to refresh Group Policy remotely from the command line.
Prevent Ordinary Users From Installing Devices: Date - Apr 06, 2005; Rating - 4.3; Author - Mitch Tulloch; Enhance security by preventing ordinary users from being able to install devices.
Map Your Network For Better Protection and Incident Response: Date - Apr 01, 2005; Rating - 3.7; Author - Tony Bradley; It is difficult to protect devices that you don't even know exist. In larger enterprises it is very easy to lose track of the asset inventory which leads to complacency about rogue devices. In order to effectively protect the network and to respond to incidents efficiently, an updated asset inventory and network map should always be handy.
Protect Wireless Access Using MAC Address Filters: Date - Mar 22, 2005; Rating - 4.2; Author - Tony Bradley; Wireless networks add a significant level of convenience for many users. The ability to roam at will and access the network without adding wires is quite useful. But, you need to do so securely. There are a number of basic steps you should take to protect your wireless network and filtering MAC addresses is one more way to secure it.
Disabling the RunAs Command: Date - Mar 22, 2005; Rating - 4.3; Author - Mitch Tulloch; To enhance security you can prevent users from using the RunAs command.
Google Yourself To Identify Security Holes: Date - Mar 15, 2005; Rating - 4; Author - Tony Bradley; Google is very good at what it does. It automatically and systematically catalogues every document, image, web site or other data that is web accessible so that it can be quickly retrieved using the Google search engine. That includes potentially sensitive or confidential data that wasn't intended to be shared publicly. Google your own network or sites to identify possible security holes.
Disable Enumeration of SID's: Date - Mar 08, 2005; Rating - 4.5; Author - Tony Bradley; One way for an attacker to scope out a target system and, particularly, to identify the Administrator account so they can focus their efforts on the account with the most privileges is to list, or enumerate, the SID's (serial identifiers) on a Windows machine.
Microsoft Baseline Security Analyzer (MBSA): Date - Mar 07, 2005; Rating - 3.6; Author - Wayne Maples
Rename The Administrator Account: Date - Feb 25, 2005; Rating - 3.4; Author - Tony Bradley; Some experts say that renaming the Administrator account is pointless. Any worthy hacker knows that the true Administrator account has a unique identifier and how to find it. But, that doesn't mean you need to make it easy for the hackers who aren't worthy.
National Security Agency : Security Recommendation Guides: Date - Feb 23, 2005; Rating - 4.7; Author - Wayne Maples
Configure and Maintain AutoComplete: Date - Feb 16, 2005; Rating - 3.9; Author - Tony Bradley; Microsoft Internet Explorer offers the AutoComplete feature to remember past entries and automatically pre-populate fields as you type to save you some time and effort. You may find it quite convenient, but having AutoComplete remember username or password information can pose a security risk.
Use 'Run As' To Protect The Registry: Date - Jan 25, 2005; Rating - 3.9; Author - Tony Bradley; Members of the Administrators group typically have full control to modify registry keys. Unwittingly executing a malware-infected or other questionable program with Administrator privileges can result in registry additions or edits which may adversely affect the system. To safeguard the registry without logging out you can use this trick.
Configure Account Lockout Policies: Date - Dec 01, 2004; Rating - 3.8; Author - Tony Bradley; Given enough time and potential to try multiple username and password combinations an attacker might eventually succeed in compromising the security of a server or other computer. Account lockout policies allow you to set thresholds to automatically shut down an account if too many incorrect username and password combinations are attempted in order to protect the machine.
Remove Saved Passwords: Date - Nov 18, 2004; Rating - 4.4; Author - Tony Bradley; Windows XP offers the ability to save passwords for web sites and network resources. This can be very convenient as opposed to remembering and entering the username and password each time you need access, but it poses a security risk because anyone who has physical access to your computer would also be able to log into those sites using your saved credentials.
Sample security policies and guidelines: Date - Nov 09, 2004; Rating - 2.4; Author - Wayne Maples
Recover Lost Windows NT Administrator Password: Date - Sep 07, 2004; Rating - 3.4; Author - Wayne Maples
Backdoors : backorifice, subseven, netbus: Date - Apr 20, 2004; Rating - 2.9; Author - Wayne Maples
HOW TO: Manage Stored User Names and Passwords on a Computer That Is Not in a Domain in Windows XP: Date - Apr 20, 2004; Rating - 4; Author - Wayne Maples
SQL Server worm exploits blank sa password: Date - Apr 20, 2004; Rating - 4.3; Author - Wayne Maples
Keystroke loggers and spy software / hardware: Date - Apr 20, 2004; Rating - 3.7; Author - Wayne Maples
Monitor and capture all text a program writes to the screen: Date - Apr 20, 2004; Rating - 4; Author - Wayne Maples
Password Recovery Resources: Date - Apr 20, 2004; Rating - 3.3; Author - Wayne Maples
Windows Freeware and Commercial Personal Firewalls for SOHO Small Office and Home: Date - Apr 20, 2004; Rating - 4; Author - Wayne Maples
Wayne's Forensics and Incident Response Resources: Date - Apr 20, 2004; Rating - Not Rated; Author - Wayne Maples
Wayne's IDS Intrustion Detection Systems Tips and Resources: Date - Apr 20, 2004; Rating - 3.8; Author - Wayne Maples
Change Detection / Integrity Resource / Rootkits: Date - Apr 20, 2004; Rating - Not Rated; Author - Wayne Maples
Wayne's Denial of Service (DoS) Resource: Date - Apr 20, 2004; Rating - Not Rated; Author - Wayne Maples
SysLog Servers for NT/2000/XP: Date - Apr 20, 2004; Rating - 3.9; Author - Wayne Maples
Enforce strong passwords: Date - Apr 20, 2004; Rating - 4.1; Author - Wayne Maples
Windows XP Universal Plug and Play security quagmire: Date - Apr 20, 2004; Rating - 5; Author - Wayne Maples
What’s New in Security for Windows XP Professional and Windows XP Home Edition: Date - Apr 20, 2004; Rating - 3.8; Author - Wayne Maples
Encrypting File System in Windows XP and Windows Server 2003: Date - Apr 20, 2004; Rating - 4; Author - Wayne Maples
HOW TO: Manage Stored User Names and Passwords on a Computer in a Domain in Windows XP: Date - Apr 20, 2004; Rating - Not Rated; Author - Wayne Maples
Ssh Secure Shell Resources: Date - Apr 20, 2004; Rating - 5; Author - Wayne Maples
Steganography Resources: Date - Apr 20, 2004; Rating - 2.4; Author - Wayne Maples
Create a Password Reset Disk: Date - Apr 20, 2004; Rating - 2.7; Author - Wayne Maples