Docstoc

How To Improve Windows security

Document Sample
How To Improve Windows security Powered By Docstoc
					1. Improve security

If strangers have physical access to your PC, it's easy for them to plug in a USB flash
drive and make copies of your data. If you're using Windows XP SP2 or later, though,
there's a simple way to prevent this from happening.

Go to 'HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies', create a
DWORD value called 'WriteProtect' and set it to 1. You'll be able to read USB drives,
but not write to them any more.

2. Tame UAC

Windows Vista's User Account Control raises so many alerts that many people just turn it
off. But do that and you'll also lose useful features like IE's protected mode. If you really
can't live with UAC, try disabling the alerts for administrators: you won't get any more
hassle, but UAC will run in the background and you'll still get its other features.

To do this, set
'HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPro
mptBehaviorAdmin' to 0. You can restore normal UAC behaviour by setting it to 2.

3. Change the owner

Install Windows on your PC and you'll be asked to enter your name, which is then stored
as the registered owner (run WinVer to see this on your system). If you've got a second-
hand PC, you probably want to change the name stored as the registered owner. There's
no obvious way to do this, and that's where the Registry comes in.

Browse to 'HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion' and you'll
see both a 'RegisteredOwner' and 'RegisteredOrganization' value. Double-click either
to change them.

4. Sort files properly

Sorting filenames in Explorer can be a problem. By default, it will place 'File_v2.txt'
before 'File_v15. txt': that's not ASCII ordering, but it seems to be sensible. But what if
the 'v' refers to a version number, and actually File_v15.txt should come first? Suddenly
Explorer's default system doesn't work at all.

To restore regular ASCII file ordering, go to
'HKLM\Software\Microsoft\Windows\Currentversion\Policies\Explorer', create a
DWORD value called 'NoStrCmpLogical' and set it to 1. Delete the key to restore the
standard Explorer approach.

5. Troubleshoot startup
If Windows is taking its time to start up or shut down, there might be a problem. To find
out what's going on, go to
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', create a
DWORD value called 'verbosestatus' and set it to 1. Restart your PC and Windows will
tell you what it's getting up to.

6. Manage folder types

Windows Vista's Explorer will 'intelligently' choose your folder type based on its
contents. But this means that a Download folder will change to a Music folder if you grab
a few MP3s. To fix this, go to 'HCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\Shell', delete the 'Bags' subkey and then create a
new Bags key in the same location.

Create a key called 'AllFolders' beneath Bags, and a key called 'Shell' below that. Click it
to open 'HCU\Software\Classes\LocalSettings\Software\Microsoft\Windows\Shell\
Bags\AllFolders\Shell'. Right-click the right-hand pane, choose 'New | String Value'
and call this 'FolderType'. Then double-click FolderType and set its value to
'NotSpecified'. You'll still be able to change the folder type, but Vista will no longer
assign one. 7. Easy encryption

Some versions of Windows have always allowed you to encrypt files, but it's an awkward
process; you must right-click the file, select 'Properties', click the 'Advanced' button,
check 'Encrypt contents to secure data' and then press 'OK' twice.

For a simpler alternative, go to
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced',
create a new DWORD called 'EncryptionContextMenu' and set it to 1. Now you can
just right-click a file and select 'Encrypt'.

8. Access folders fast

Get speedy access to any folder by pinning it to the Start menu. Run REGEDIT, go to
'HKCR\Folder\shellex\ContextMenuHandlers', right-click 'ContextMenuHandlers'
and click 'New | Key'.

Type '' (as ever, without quotation marks) and press [Enter]. Now hold down [Shift],
right-click a folder and select 'Pin to Start Menu'.

9. Speed up copy times

Vista gives a high priority to your soundcard, so you should get glitch-free audio no
matter what you're doing. This can cause slower network copy speeds, however.

To tweak this, browse to
'HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Multimedia\SystemP
rofile'. Try setting 'NetworkThrottlingIndex' to more than 10 – 50 or 60 should be
effective – then reboot and test your network speeds again.

10. Fix the drive listing

If Explorer no longer lists your DVD drive (or thinks that it's a DVD-ROM and can't burn
discs), go to 'HKLM\System\CurrentControlSet\Control\Class\' and delete the
'UpperFilters' or 'LowerFilters' settings.

This usually works, but it may break whatever application caused the problem in the first
place. If a program stops working, check to see if it has an update, then reinstall it.




11. Access display settings quickly

Right-click the desktop in Windows Vista and you can't directly access the display
settings. Windows 7 will fix this, but in the meantime go to
'HKCR\Directory\Background\Shell', right-click 'Shell', select 'New | Key' and call it
'Display Settings'.

Double-click '(Default)' in the right-hand pane and enter 'Display Settings' in the Value
Data box. Now right-click Display Settings in the left-hand pane, select 'New | Key' again
and call this key 'command'.

Double-click this new key's (Default) value and enter this text: 'rundll32
shell32.dll,Control_ RunDLL DESK.CPL,@0,3'. (That's a zero following the @ sign,
and take care to use the right cases.) Click 'OK' and right-click the desktop to see the new
Display Settings option.

12. Multiple Live Messenger log-ins

By default, Windows Live Messenger only lets you log into one account at a time. To
rectify this situation, go to 'HKLM\Software\Microsoft\WindowsLive\Messenger',
create a DWORD value called 'Multiple Instances' and set it to 1. Delete the value to
restore things to the way they were beforehand.

13. Clean the menus

You've uninstalled an application, but it's left you a gift: several now-useless right-click
context menu entries. To fix this, go to 'HKCR\*' and 'HKCR\Directory'. Expand the
shell, then the 'shellex\ContextMenuHandlers' keys and look for any keys beneath these
that relate to your unwanted command.
On our PC, the key 'HKCR\*\shellex\ContextMenuHandlers\7-Zip' links to the 7-Zip
context menu, for instance, so to get rid of that we would right-click the 7-Zip part in the
left-hand pane and click 'Delete'. But be careful – only delete a key if you're really sure
it's the right one.

14. Speed up backups

Windows XP's NTBACKUP improves its performance by maintaining a list of system
files it knows you won't want to back up (such as the paging file). Add your own files and
folders that you're not bothered about and you'll get even better results.

View the list at
'HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup'.

15. Change the default installation folder

Most installations default to the Program Files folder, but if you want to point this
elsewhere, navigate to 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion',
change the 'ProgramFilesDir' entry to point at your chosen folder and reboot.

16. Rename drives

Add a memory card reader to a PC and Explorer will often cram the Computer folder
with similar sounding drive names ('Removable Drive D:', 'Removable Drive E:' and so
on), making it difficult to tell them apart. But it doesn't have to be that way.

If drive G: is a CompactFlash slot, say, then a few Registry tweaks can change it to read
'CompactFlash (G:)', making things much clearer. Start at
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer' and create a
key called 'DriveIcons'.

Within that, create a key with the drive letter ('G' in this example), and within that, create
a new key called 'DefaultLabel'. Double-click this key's (Default) value entry, give it the
name 'CompactFlash' (or whatever you like) and click 'OK'. Restart Explorer or press
[F5] to see the change.

17. Wipe the page file

Windows stores memory pages in its paging file as you work. That's fine unless an
intruder gets access to your system. If so, they may then be able to browse the paging file
and extract confidential information.

To avoid this, go to
'HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManageme
nt', set the 'ClearPageFileAtShutdown' value to 1 and reboot. Windows will now wipe
the page file every time it shuts down, lengthening the process but increasing your
security.

18. Crash on cue

Blue-screen crashes are usually bad news, but occasionally you might want to initiate one
yourself. You might need to test Windows' error reporting, for example. There's a
Registry trick that can help achieve this.

Go to 'HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters', create a
DWORD called 'CrashOnCtrlScroll' and set it to 1. Reboot your computer, and to crash
it just hold down the right [CTRL] and press [Scroll Lock] twice. Use this sparingly: it's a
crash like any other, and there's a chance of hard drive corruption. To be safe, delete the
CrashOnCtrlScroll value when you're done.

19. Save CPU time

The average PC has several programs wanting to use the processor at any one time, and
so Windows allocates each a period of CPU time – a 'quantum' – before moving to the
next. By default this is very short, which makes for a responsive PC, but it sometimes
means that Windows wastes time just switching between processes.

The solution? You can try what Windows Server does: set up your system to use a long
quantum. Set
'HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl\Win32PrioritySepar
ation' to 16 (hex).

Longer quantums mean fewer switches between programs and so less wasted time. It can
push some programs too far, though, and you might begin to notice games lagging or
video playback becoming less smooth. If you spot any problems, just restore the original
Win32PrioritySeparation value (probably 26 hex).

20. Disable AutoRun

Windows' AutoRun feature is a potential security risk because it automatically runs code
when you connect removable devices to your PC. If you can put up with the
inconvenience of doing things manually then it's safest to disable it.

On some systems, this can only be done from the Registry. To do so, go to
'HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\IniFileMapping' and
create a key called 'Autorun.inf'.

Next, double-click the new key's (Default) value and enter the new value
'@SYS:DoesNotExist'. Now delete the Registry key
'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2'.
Windows now won't automatically run any code on CDs, DVDs or removable drives; you
will have to manually launch it.

				
DOCUMENT INFO
Stats:
views:3
posted:3/22/2012
language:
pages:6
Maneesh Choudhury Maneesh Choudhury Projects http://www.bellenokia.tk
About I AM A OPEN BOOK....READ ME........... I am invisible like air--- I am as important as oxygen--- I am living in the world of my dreamz I am always there to help otherz--- I am busy but never ignore any one I am the one who carez--- I---AM----MANEESH