Windows XP Secure User Accounts

At some point of time, we all have been asked to reinstall Windows XP Home for a relative that is somewhat computer illiterate. Troubleshooting the constant crashes and investigating the extreme slowness was not something you want to bother with.

Therefore, I decided to create this guide to show you how to property configure a Windows XP Home computer’s user accounts for optimum security. This tutorial will assume the reader is a basic home user and this system is not part of a network.

Navigation may vary dependent on the view of the user. I’m using classic view for this guide. If you are using category view there may be extra steps involved. To switch to classic view go to Start menu > control panel … in the upper left you can switch your view.

User Account Settings

The first thing you must do is determine how complex user accounts need to be. I don’t advice operating the computer as the default administrator on a regular basis. This opens up an array of potential vulnerabilities. I’ll show you a command to access admin functions as a regular user shortly. I recommend only one administrative account per computer and one limited user account for each person having access to the computer.

start menu > control panel > user accounts > create a new account for each person who will use the computer. Choose limited account type for each user.

Go into each account and have the user choose a unique password. Six to Eight characters alpha and numeric is ideal.

Run As

Having limited access users adds to the security of the system, but includes a small hurdle when attempting to run certain applications, install software, or apply updates. Run As is a command that runs a program as an administrator from a limited account.

Locate the icon of the program you wish to run
Hold down SHIFT and right click the icon
Click Run as
Run the program as the following user
Choose the username of the admin account and type in the password

The program will launch as if the administrator account was logged in.

Now we’ll need to configure folder options for each user.

File Extensions and Association

File extensions are the three letters following the period in a file name. The association is the program that opens those files relative to their extension.

Examples:
.html – Internet Explorer
.doc – Microsoft Word
.txt – Notepad

By default Windows hides these extensions from the user. Therefore, a file named "Homework.exe” (exe = executable) would be seen only as "Homework”. This is a masquerading technique of viruses and such. To remedy this problem we’ll need to change the folder options for each user.

Start menu > control panel > folder options > view tab
Uncheck "Hide file extension for known file types”

Now we can identify what type of file we are clicking on.

Click on File Types tab
Click on the extensions JS, JSE, OTF, REG, SCT, SHB, SHS, VBE, VBS, WSC, WSF, and WSH
For each click the Change button and select notepad
Click ok

The most common malicious software uses those extensions. If you accidentally click on "virus-name.jse”, it will now open in notepad and not execute the code.

Secure Windows XP registry, logs, and passwords

Windows XP stores security relevant items in the folders C:\Windows\Repair and C:\Windows\System32\config. Browse to their location and allow only the administrator and the system access.

My computer > C drive (windows installation drive) > Windows
Right click over the Repair folder
Select properties
Click on the Security tab
Select Users
Uncheck Allow for all but "List Folder Contents”

Congratulations!

Each user has a password protected account
Admin rights are not active during daily use
The Run As command is a safe way to administer the computer
File extensions are readily identified to the user
File associations link to safe programs
Important Windows folders are protected from general users

Remember all the security configurations in the world won’t help a user with careless activity!