These are suggested basic Windows XP settings to improve its usability
and security, and the privacy of its users. This is designed
primarily as a checklist that I will be using for myself, and is not
meant to be completely comprehensive, or even to explain the reasons
for
my suggestions. Most of this will be particularly helpful to
individual users, but there is always the chance that any individual
recommendation might produce an unwanted result for any particular
individual. For those wanting to seek greater understanding and
guidance about privacy and security issues, I suggest starting at Protecting
Your
Privacy & Security.
Classic Windows Settings
CONTROL PANEL:
Appearance and Themes - Folder Options - General tab: select "Use
Windows classic folders"
View
tab: select "Show hidden files and folders"
uncheck
"Hide extensions for known file types"
uncheck "Hide
protected operating system files...."
Taskbar and Start Menu - Taskbar tab: uncheck "Group similar taskbar
buttons"
check "Show Quick Launch"
uncheck "Hide inactive icons"
Start
Menu tab: select "Classic Start menu"
click on
Customize button - click "Expand Control Panel"
uncheck "Use Personalized Menus"
System - Advanced tab - Performance settings (Visual Effects
tab):
uncheck
"Animate windows when minimizing and maximizing"
"Fade
or slide menus"
"Fade
or slide ToolTips"
"Show
window contents while dragging"
Display - Themes tab - Theme: select Windows Classic
- Desktop tab
- Customize Desktop - uncheck "Run Desktop Cleanup Wizard every 60 days"
- Appearence
tab - Effects - uncheck "Hide underlined letters for keyboard
navigation...."
START BUTTON - Settings - right click on Control Panel, select Open - click "Switch to Classic View"
WINDOWS EXPLORER - View menu - select Status Bar
Configure
a folder as wanted, such as View menu - select Status Bar
Details
then
Tools - Folder Options - View - "Apply to All Folders"
TWEAK
UI (if installed) - Explorer: check "Use Classic Search in
Explorer"
uncheck
"Prefix 'Shortcut to' on new shortcuts"
If using third party software for CD recording, such as Nero or
Direct CD, turn off Windows XP CD recording:
In Windows Explorer, right click on the CD drive, select
Properties; on the Recording tab, uncheck "Enable CD recording on
this drive"
Privacy and Security Settings
Set a BIOS boot password (or preferably a hard disk password if you
have this option). When you boot, your computer should tell you
what key to hit to enter Setup for this.
Set a Screen Saver password: Right click on the desktop; click on
Properties; on the Screen Saver tab, set a Wait time, and place a check
for "On resume, display Welcome screen."
Control Panel - Administrative Tools - Local Security Policy
(WinXP Pro only?)
Set Account Policies -
Password Policy settings
Set Account
Policies - Account Lockout Policy (maybe, all to 5)
Local
Policies|Security Options: Enable
"Shutdown: Clear virtual memory pagefile" or:
1.
Start Regedit
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management\ClearPageFileAtShutdown
3. Set the value to 1
Disable Services (Settings - Control Panel - Administrative
Tools - Services) you don't need to have enabled.
Particularly
consider:
Set Windows Updates settings: Settings - Control Panel - System
-
Automatic Updates
Select either Automatic, or "Notify me but don't automatically...."
Turn off Simple File Sharing (requires WinXP Pro): Settings - Control Panel - Folder Options - View
Microsoft Error Reporting: Disable it by Settings - Control Panel - System - Advanced - Error Reporting, and selecting Disable Error Reporting (I suggest checking "But notify me when critical errors occur").
Turn off File and Printer Sharing for your Internet connection:
Settings - Network Configurations - right click on the icon for your
Internet
connection and select Properties;
uncheck "File and Printer Sharing for Microsoft Networks," and also
while you are there:
"Client
for Microsoft Networks" (but, I found this one to be
needed for my 802.11b wireless connection)
"Disable NetBIOS over TCP/IP": Settings - Network Connections - right click on the icon for your Internet connection and select Properties - click on Internet Protocol (TC/IP)- Properties - Advanced - WINS tab.
Windows Messenger: Unless you really use it, turn it off by going to
its menu option of Tools - Options - Preferences, and unchecking "Run
this program when Windows starts" and "Allow this program to run in the
background."
Use a more secure browser (such as Firefox) for routine browsing, and use IE only when needed for sites you trust (the IE View extension makes this very easy to do).
Internet Explorer: Tools - Internet Options - Security tab -
Internet
Zone - Custom Level; set security zone to Medium.
Scroll down to
Scripting section; disable "Allow paste operations via
script"
-
General tab- Temp. Internet Files Settings: set 1 MB
for disk space amount.
- Content tab- AutoComplete:
uncheck Options you want to protect - Use Clear buttons
-
Advanced tab: uncheck "Enable Install On Demand (Internet
Explorer)"
"Enable Install On Demand
(Other)"
check "Empty Temporary Internet
Files folder when …."
Lexmark printer users: Rename all files starting with LEXPPS, unless
you are actually sharing your printer on a local network.
To make Outlook Express
reasonably secure:
Tools - Options - Security tab -
Virus Protection: make sure "Restricted sites zone" is selected.
Check
both the other boxes in this section.
- Download Images: select "Block
images and other external...."
Tools - Options - Read tab:
select "Read all messages in plain text."
View - Layout: Make sure "Show preview
pane" is not checked.
Unassociate Visual Basic Scripting: Control Panel - Folder Options -
File Types
Scroll down Extensions to VBS;
click on it, and hit Delete.
Only login with admin privileges when you actually need to.
Use a limited user account for normal computer use.
Use good user
passwords:
Control Panel - User Accounts; click on a user account icon, and then
click on "Change my password"
Make sure the default Administrator account has a secure
password. Windows XP Pro users can access this account by going
to the Welcome Screen, and then holding down the Ctrl and Alt keys
while punching the Del key twice, and entering Administrator as the
user in the box that pops up. Windows XP Home users will have to
boot to Safe Mode: reboot and start punching the F8 key until given the
option of booting to Safe Mode.
Disable the Guest Account: Settings - Control Panel - User Accounts
Click
the Guest account - Click "Turn off Guest access" (this is only
for WinXP Pro?).
If you choose to use Hibernation, be aware that all contents of your RAM (at the time of entering hibernation) will be written to the hard disk, including any passwords and personal information.
Microsoft Word: Tools - Options - Save: Disable "allow fast saves"
Associate the rtf extension with WordPad: right click on a file with
an rtf extension - select Open With - select Choose Program
-
click on WordPad - place a check for "Always use the selected
program...." - click OK.
Set "X-No-Archive: yes" for News and Mail headers. I
understand that Outlook Express does not have a way of automatically
having this in the headers, but having it (without the quotes) as the
first line of a newsgroup post serves the same purpose.
Use Ad-Aware and/or SpyBot to remove spyware. I
use the SpyBot Immunize option to help prevent such problems.
Use good Anti-Virus software (such as the free Avast! or the free AVG). Keep the virus definitions up to date. Set your AV software to automatically scan files each time they are accessed.
Use a good firewall. Although a firewall (such as the free Comodo)
with
both incoming
and outgoing (to help defend against trojans, spyware, etc.) protection
is better, the Windows XP Firewall is very good at the income only
protection that it provides:
Settings
- Control Panel - Network Connections - right click on your
Internet
connection icon - Properties - Advanced
set
"Protect my computer and network by limiting or preventing access
to this computer from the Internet."
(if the Windows XP Service Pack
2 is installed, the Settings button on the Advanced tab needs to be
selected first)
Use of a router adds much incoming protection, esp. one with SPI
(Stateful Packet Inspection).
If not using the computer for a long period of time (such as when
away for the day at work, or when sleeping for the night), shut it down
- esp. if having an always on Internet connection such as cable modem
or DSL.
For wireless networking, be sure to use
encryption. If only WEP is available, use the 128 bit WEP, but be
aware that WEP will not really protect you from a capable
attacker.
If WPA is available, use it - TKIP is quite secure, but AES is even
better if you have it available. Use a shared key at least 20
characters long. I recommend using Password Safe to both
generate and store secure passwords. Also make sure that you set
a good password for your router setup access, change its default SSID
(there is no need to hide it if you use WPA), and disable your router's
setup access by wireless connections. Make sure "Automatically
connect
to non-preferred networks" IS NOT checked, and that "Access point
(infrastructure) networks only" IS selected (your wireless network
connnection properties - Wireless Networks tab - Advanced button).
Return to Tom McCune's Homepage
Comments or Suggestions: web@DELETE_THISmccune.cc
Please notice that part of the above address needs to be removed.