Docstoc

Prep a non-Partners PC for the Network(1)

Document Sample
Prep a non-Partners PC for the Network(1) Powered By Docstoc
					Prep a non-Partners PC for the Network
Though your new PC may seem ready to be placed on the network, there are a few steps
that must be taken in order to ensure that it is going to be secure on the Partners Network.
Many trojans and worms can be avoided by ensuring that your PC has all the up-to-date
Microsoft patches before connecting to the Partners network. If you have a new Windows
XP or 2000 PC or laptop, or one you haven't used before on the Partners network, you
need to secure it before connecting to the network. If you have a Windows XP or 2000
PC or laptop already on the network and haven't taken the precautions below, do so now.

Before you connect your PC or laptop to the Network:

You should run the updates and install the software noted below with your PC
disconnected from the network. Given that, you will need a CD or a thumbdrive
(512MGB+) that has the updates and fixes listed below. If you'd like one of our techs to
visit you and take care of this, call the Help Desk at 617-726-5085 and ask that you call
be placed in the "research queue".

1. Windows Service Packs:

       a. For Windows 2000: Service Pack 4 http://www.microsoft.com/downloads/

       b. For Windows XP: Service Pack 2 http://www.microsoft.com/downloads/

2. For both: Dcombob.exe vulnerability fix http://www.grc.com/default.htm

3. For both: UmPnP.exe vulnerability fix http://www.grc.com/default.htm

4. For both: Anti-virus software:

       a. MacAfee Virus software and the latest .dat (virus definition file)
       http://is.partners.org/rcc/mcafee.htm Warning: MacAfee is only for those
       computers used on campus. Installing on home computers violates our license
       agreement and is illegal.

       b. Or, Norton Anti-Virus software and the latest .dat (virus definition file)
       http://www.partners.org/rescomputing under “Security Alerts”

Insert the CD/connect the thumbdrive and:

1. Upgrade to the appropriate Service Pack for the version of Windows you are running.

2. Turn off DCOM by using Dcombob.exe (requires reboot)

3. Turn of UPnP by using UnPnP.exe
4. Turn off Null sessions by using regedt32, set the following value
“RestrictAnonymous” to 1, found in: HKEY_LOCAL_MACHINE > System >
CurrentControlSet > Control > LSA

5. Disable remote access vulnerabilities – Control Panel > Admin. Tools > Services. In
the Services (Local) list find Computer Browser and Server
Change the Startup Type from Automatic to Disable in both, Stop if running.

6. Turn off Netbios Over TCP/IP. Go to Network Connections > Local Ethernet >
TCP/IP > Advanced > WINS Change Netbios to Disabled (This has caused some to have
problems with connecting to Windows network shares. If you do, reactivate it, but be
aware that this is a vulnerability)

7. Verify that all accounts on the machine, especially the Administrator accounts, have
strong passwords. There are viruses with dictionary files guessing common passwords.

8. Install Anti-Virus software on the machine.

9. Set the Anti-Virus software to Update virus .dat files daily, and to scan weekly.

10. Connect the PC to the network and run all available windows updates.

You can auto-schedule future automatic updates for Windows XP, 2000 and Me so
you won't forget. See the Microsoft documentation at the links below.

For Windows XP: HERE

http://www.microsoft.com/athome/security/protect/windowsxp/updates.mspx

For Windows 2000: HERE

http://www.microsoft.com/athome/security/protect/windows2000/updates.mspx

For Windows Me: HERE

http://www.microsoft.com/athome/security/protect/windowsme/updates.mspx

Last, if you connect portable storage media to your PC (floppy disk, zip disk, thumbdrive,
external hard drive, or CD) scan the media with your anti-virus software before opening
files on them; a couple minutes could save a couple days spent rebuilding your PC.


Continued…….
ATTENTION Windows XP users: DO NOT connect a XP PC/laptop to the Network
without first turning off Bridging. Many out of the box” XP PC’s/laptops are set up to
“Bridge” network connections. This setting will cause your Partners Network port(s) to
be disabled. Before connecting to the Network, turn off Bridging. For directions, use an
existing PC/Mac on the network and go HERE.

Once your PC is secure and on the Network, did you know?

1. You can use Microsoft Outlook with your Partners email account including full
calendaring. Call the Help Desk (617-726-5085) and ask for a research tech to stop by
and install/configure Outlook for you.

2. You can access many Partners applications using Citrix software. Citrix is software
that allows non-Partners build PC users to access applications that were built to run only
in a Partners-build PC environment (e.g., PCIS/CAS, RPDR, PAS) from work and from
home while connected to the Partners Network via remote access.

       a. To install Citrix, you must be on the Network (after completing steps a. through
       f. above) and navigate to the Partners Portal webpage HERE.

       b. You will be prompted for your Partners username and password.

       c. You will then be prompted to install the Citrix client; this must be done while
       logged on to the Partners Network in the office or from home via remote access.

       d. Instructions on installing Citrix are located on the Research Computing website
       HERE

3. You can use your Network H: drive just as you would with a Partners PC.

       a. The H: drive is secure, safe, personal storage for everyone with Partners
       credentials; it is backed up nightly.

       b. Call the Help Desk (617-726-5085) and ask for a research tech to stop by to
       help you “map” your PC to the H: drive

       OR

       c. Do it yourself by following the directions HERE

4. You can also connect any Shared File Area (SFA) or Folder to which you’ve been
granted access.

				
DOCUMENT INFO
Shared By:
Tags: laptop
Stats:
views:14
posted:4/6/2011
language:English
pages:3