MS System Setup
advertisement
MS System Setup Securing A System Use Automatic Updates • For a workstation or server, schedule the updates to occur regularly. – Control panel click on security center. • Should a portable computer be any different. Limited-Access Accounts • Create a limited access account for each user with strong passwords. • Administrative access should be reserved for administrative tasks only Control panels -> User Accounts Install/(Uninstall) Applications • • • • Registry cleaner: Glary Tools Malware scanners: McAffe, Adaware Personal Firewall: Comodo Startups and services: Autoruns – use this to identify startups and services that can be disabled. Minimal Configuration • Uninstall un-necessary applications and services. • Use a tool like Autoruns or MSCONFIG to deactivate services. start->run: msconfig • See castlecops.com for more info on startups and services. • Bleepingcomputer.com/uninstall/all.html Scanners • Anti-Virus – Virus Scan Console – Configure the updates • Anti-spyware/adware • Update regularly (automatically) • Choose scanners that can be run in safe mode. Scanners (McAfee) • Go to Auto Update and choose the schedule button to set the schedule for updates. • Manual updates are possible by placing the .DAT files in the: Program Files\ Common Files\McAfee\Engine folder. Browser • IE is the default • Are other browsers more secure? • Configure to be secure – Deactivate ActiveX, JavaScript, Java – Tools->internet options • Security tab • Conduct browsing with a limited access account. Browser • Set – Internet zone • http://surfthenetsafely.com/ieseczone8.htm – Trusted sites (default settings?) • Consider a tool like SiteAdvisor • Don’t use Autocomplete – tools-internet options->content tab • Disable the features AutoComplete Registry Maintenance • Flush the System Restore – Click the “System Restore Settings” in the wizard. – (check) Turn off System Restore. This will delete your old checkpoints. – Turn on System Restore – Run a registry cleaner/check before making a new checkpoint. Registry Backup • Run a registry checker/cleaner (Glary tools). – Backup the registry and create a checksum (hash) (see next slide) – Consider MD5Summer as a way to checksum all files in the registry. – Optional: Encrypt the backup and hash information or store it on removable secure media. Registry Backup • Start->run->Open: regedit • File -> Export • Choose a name and location for the registry backup file. Save it. • Create a hash for the backup file. Place the hash in a text file. • Encrypt the hash and backup file. – Properties -> advanced • Copy to external media Archival-Backups • Things to backup – Personal data and settings – Registry Windows has a backup utility: Accessories->System Tools->Backup Disk Maintenance • Disk Clean Up – System Tools ->Disk Cleanup • De-fragmenting (in safe mode) – System Tools -> De-fragment Disabling Autoruns • Right click the icon for the device • Choose the AutoPlay tab • Select each type in the drop down list – Select “no action” for each item in the drop down list (menu) – Apply – OK Scan new media • Use your scanners to scan any media inserted in your computer before opening files on the media File Display • Show the extensions on file names – Double click My Computer, go to Tools -> file options. – Also show hidden files and folders – http://www.granneman.com/techinfo/windows/ showextensions/ Firewall • For a notebook computer, use a personal firewall. • Disable the Windows default firewall when you install your software personal firewall. • Configure it correctly. • Update regularly and automatically. Encryption • Encrypt important files stored on your computer • Note: important files should be archived to WORM media and stored in a secure place. E-mail • Deactivate preview panes.
