Windows XP Secure User AccountsAt some point of time, we all have been asked to reinstall Windows XP Home for a relative that is somewhat computer illiterate. Troubleshooting the constant crashes and investigating the extreme slowness was not something you want to bother with. Therefore, I decided to create this guide to show you how to property configure a Windows XP Home computer’s user accounts for optimum security. This tutorial will assume the reader is a basic home user and this system is not part of a network. Navigation may vary dependent on the view of the user. I’m using classic view for this guide. If you are using category view there may be extra steps involved. To switch to classic view go to Start menu > control panel … in the upper left you can switch your view. User Account SettingsThe first thing you must do is determine how complex user accounts need to be. I don’t advice operating the computer as the default administrator on a regular basis. This opens up an array of potential vulnerabilities. I’ll show you a command to access admin functions as a regular user shortly. I recommend only one administrative account per computer and one limited user account for each person having access to the computer. start menu > control panel > user accounts > create a new account for each person who will use the computer. Choose limited account type for each user. Go into each account and have the user choose a unique password. Six to Eight characters alpha and numeric is ideal. Run AsHaving limited access users adds to the security of the system, but includes a small hurdle when attempting to run certain applications, install software, or apply updates. Run As is a command that runs a program as an administrator from a limited account. Locate the icon of the program you wish to run Hold down SHIFT and right click the icon Click Run as Run the program as the following user Choose the username of the admin account and type in the password The program will launch as if the administrator account was logged in. Now we’ll need to configure folder options for each user. File Extensions and AssociationFile extensions are the three letters following the period in a file name. The association is the program that opens those files relative to their extension. Examples: .html – Internet Explorer .doc – Microsoft Word .txt – Notepad By default Windows hides these extensions from the user. Therefore, a file named "Homework.exe” (exe = executable) would be seen only as "Homework”. This is a masquerading technique of viruses and such. To remedy this problem we’ll need to change the folder options for each user. Start menu > control panel > folder options > view tab Uncheck "Hide file extension for known file types” Now we can identify what type of file we are clicking on. Click on File Types tab Click on the extensions JS, JSE, OTF, REG, SCT, SHB, SHS, VBE, VBS, WSC, WSF, and WSH For each click the Change button and select notepad Click ok The most common malicious software uses those extensions. If you accidentally click on "virus-name.jse”, it will now open in notepad and not execute the code. Secure Windows XP registry, logs, and passwords Windows XP stores security relevant items in the folders C:\Windows\Repair and C:\Windows\System32\config. Browse to their location and allow only the administrator and the system access. My computer > C drive (windows installation drive) > Windows Right click over the Repair folder Select properties Click on the Security tab Select Users Uncheck Allow for all but "List Folder Contents” Congratulations! Each user has a password protected account Admin rights are not active during daily use The Run As command is a safe way to administer the computer File extensions are readily identified to the user File associations link to safe programs Important Windows folders are protected from general users Remember all the security configurations in the world won’t help a user with careless activity!
|