These are suggested basic Windows XP settings to improve its usability and security, and the privacy of its users. This is designed primarily as a checklist that I will be using for myself, and is not meant to be completely comprehensive, or even to explain the reasons for my suggestions. Most of this will be particularly helpful to individual users, but there is always the chance that any individual recommendation might produce an unwanted result for any particular individual. For those wanting to seek greater understanding and guidance about privacy and security issues, I suggest starting at Protecting Your Privacy & Security.
Classic Windows Settings
Appearance and Themes - Folder Options - General tab: select "Use Windows classic folders"
View tab: select "Show hidden files and folders"
uncheck "Hide extensions for known file types"
uncheck "Hide protected operating system files...."
Taskbar and Start Menu - Taskbar tab: uncheck "Group similar taskbar
check "Show Quick Launch"
uncheck "Hide inactive icons"
Start Menu tab: select "Classic Start menu"
click on Customize button - click "Expand Control Panel"
uncheck "Use Personalized Menus"
System - Advanced tab - Performance settings (Visual Effects
uncheck "Animate windows when minimizing and maximizing"
"Fade or slide menus"
"Fade or slide ToolTips"
"Show window contents while dragging"
Display - Themes tab - Theme: select Windows Classic
- Desktop tab - Customize Desktop - uncheck "Run Desktop Cleanup Wizard every 60 days"
- Appearence tab - Effects - uncheck "Hide underlined letters for keyboard navigation...."
START BUTTON - Settings - right click on Control Panel, select Open - click "Switch to Classic View"
WINDOWS EXPLORER - View menu - select Status Bar
Configure a folder as wanted, such as View menu - select Status Bar
then Tools - Folder Options - View - "Apply to All Folders"
UI (if installed) - Explorer: check "Use Classic Search in
uncheck "Prefix 'Shortcut to' on new shortcuts"
If using third party software for CD recording, such as Nero or
Direct CD, turn off Windows XP CD recording:
In Windows Explorer, right click on the CD drive, select Properties; on the Recording tab, uncheck "Enable CD recording on this drive"
Privacy and Security Settings
Set a BIOS boot password (or preferably a hard disk password if you
have this option). When you boot, your computer should tell you
what key to hit to enter Setup for this.
Set a Screen Saver password: Right click on the desktop; click on
Properties; on the Screen Saver tab, set a Wait time, and place a check
for "On resume, display Welcome screen."
Control Panel - Administrative Tools - Local Security Policy
(WinXP Pro only?)
Set Account Policies - Password Policy settings
Set Account Policies - Account Lockout Policy (maybe, all to 5)
Local Policies|Security Options: Enable "Shutdown: Clear virtual memory pagefile" or:
1. Start Regedit
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
3. Set the value to 1
Disable Services (Settings - Control Panel - Administrative
Tools - Services) you don't need to have enabled.
Set Windows Updates settings: Settings - Control Panel - System
Select either Automatic, or "Notify me but don't automatically...."
Turn off Simple File Sharing (requires WinXP Pro): Settings - Control Panel - Folder Options - View
Microsoft Error Reporting: Disable it by Settings - Control Panel - System - Advanced - Error Reporting, and selecting Disable Error Reporting (I suggest checking "But notify me when critical errors occur").
Turn off File and Printer Sharing for your Internet connection:
Settings - Network Configurations - right click on the icon for your Internet connection and select Properties;
uncheck "File and Printer Sharing for Microsoft Networks," and also while you are there:
"Client for Microsoft Networks" (but, I found this one to be needed for my 802.11b wireless connection)
"Disable NetBIOS over TCP/IP": Settings - Network Connections - right click on the icon for your Internet connection and select Properties - click on Internet Protocol (TC/IP)- Properties - Advanced - WINS tab.
Windows Messenger: Unless you really use it, turn it off by going to
its menu option of Tools - Options - Preferences, and unchecking "Run
this program when Windows starts" and "Allow this program to run in the
Use a more secure browser (such as Firefox) for routine browsing, and use IE only when needed for sites you trust (the IE View extension makes this very easy to do).
Internet Explorer: Tools - Internet Options - Security tab -
Zone - Custom Level; set security zone to Medium.
Scroll down to Scripting section; disable "Allow paste operations via script"
- General tab- Temp. Internet Files Settings: set 1 MB for disk space amount.
- Content tab- AutoComplete: uncheck Options you want to protect - Use Clear buttons
- Advanced tab: uncheck "Enable Install On Demand (Internet Explorer)"
"Enable Install On Demand (Other)"
check "Empty Temporary Internet Files folder when …."
Lexmark printer users: Rename all files starting with LEXPPS, unless
you are actually sharing your printer on a local network.
To make Outlook Express
Tools - Options - Security tab - Virus Protection: make sure "Restricted sites zone" is selected.
Check both the other boxes in this section.
- Download Images: select "Block images and other external...."
Tools - Options - Read tab:
select "Read all messages in plain text."
View - Layout: Make sure "Show preview pane" is not checked.
Unassociate Visual Basic Scripting: Control Panel - Folder Options -
Scroll down Extensions to VBS; click on it, and hit Delete.
Only login with admin privileges when you actually need to.
Use a limited user account for normal computer use.
Use good user
Control Panel - User Accounts; click on a user account icon, and then click on "Change my password"
Make sure the default Administrator account has a secure
password. Windows XP Pro users can access this account by going
to the Welcome Screen, and then holding down the Ctrl and Alt keys
while punching the Del key twice, and entering Administrator as the
user in the box that pops up. Windows XP Home users will have to
boot to Safe Mode: reboot and start punching the F8 key until given the
option of booting to Safe Mode.
Disable the Guest Account: Settings - Control Panel - User Accounts
Click the Guest account - Click "Turn off Guest access" (this is only for WinXP Pro?).
If you choose to use Hibernation, be aware that all contents of your RAM (at the time of entering hibernation) will be written to the hard disk, including any passwords and personal information.
Microsoft Word: Tools - Options - Save: Disable "allow fast saves"
Associate the rtf extension with WordPad: right click on a file with
an rtf extension - select Open With - select Choose Program
- click on WordPad - place a check for "Always use the selected program...." - click OK.
Set "X-No-Archive: yes" for News and Mail headers. I
understand that Outlook Express does not have a way of automatically
having this in the headers, but having it (without the quotes) as the
first line of a newsgroup post serves the same purpose.
Use Ad-Aware and/or SpyBot to remove spyware. I
use the SpyBot Immunize option to help prevent such problems.
Use good Anti-Virus software (such as the free Avast! or the free AVG). Keep the virus definitions up to date. Set your AV software to automatically scan files each time they are accessed.
Use a good firewall. Although a firewall (such as the free Comodo)
and outgoing (to help defend against trojans, spyware, etc.) protection
is better, the Windows XP Firewall is very good at the income only
protection that it provides:
Settings - Control Panel - Network Connections - right click on your Internet connection icon - Properties - Advanced
set "Protect my computer and network by limiting or preventing access to this computer from the Internet."
(if the Windows XP Service Pack 2 is installed, the Settings button on the Advanced tab needs to be selected first)
Use of a router adds much incoming protection, esp. one with SPI
(Stateful Packet Inspection).
If not using the computer for a long period of time (such as when
away for the day at work, or when sleeping for the night), shut it down
- esp. if having an always on Internet connection such as cable modem
For wireless networking, be sure to use
encryption. If only WEP is available, use the 128 bit WEP, but be
aware that WEP will not really protect you from a capable
If WPA is available, use it - TKIP is quite secure, but AES is even
better if you have it available. Use a shared key at least 20
characters long. I recommend using Password Safe to both
generate and store secure passwords. Also make sure that you set
a good password for your router setup access, change its default SSID
(there is no need to hide it if you use WPA), and disable your router's
setup access by wireless connections. Make sure "Automatically
to non-preferred networks" IS NOT checked, and that "Access point
(infrastructure) networks only" IS selected (your wireless network
connnection properties - Wireless Networks tab - Advanced button).
Return to Tom McCune's Homepage
Comments or Suggestions: web@DELETE_THISmccune.cc
Please notice that part of the above address needs to be removed.