|
Recent Entries
Links
RSS Feed 
Archives
|
 In At The Bleep EndThursday, April 21, 2005
Win 2000/XP registry security tweaks for non-networked PCs If you're reading this on a standalone XP or win 2000 PC, you are comfortable editing your registry and want to tighten up your security, here are a few tweaks to consider. Disclaimer: Registry editing is a risky business - make a registry backup first and don't blame me if it all goes Pete Tong! 1. Restrict anonymous access (sort of) Note: Keep a record of the original settings, in case these changes cause some services or programs to misbehave (eg. see this article). Set the following two keys to values of 1... HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA \ RestrictAnonymous HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA \ RestrictAnonymousSAM and set this key to 0... HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA \ EveryoneIncludesAnonymous 2. Turning off hidden shares If you go Settings > Control Panel > Admin Tools > Computer Management > Shared Folders > Shares, you may see all your drive letters listed, with dollar symbols afterwards. These are automatic hidden shares. These can be a security risk, and on a standalone system there should be no need for them. To turn them off, set these two keys to 0... HKLM \ SYSTEM \ CurrentControlSet \ Services \ lanmanserver \ parameters \ AutoShareServer HKLM \ SYSTEM \ CurrentControlSet \ Services \ lanmanserver \ parameters \ AutoShareWks This will not turn off the hidden IPC share. See this article for more details. |
