Security has been one of the top topic on Windows XP We will discuss how to keep the computer secure. In this section we will discuss how to keep the computer secure so that intrusion can be prevented before the person attempts to enter the network. We will discuss about the Local Security Policy and how it helps to prevent certain unwanted situations from happening and how you can define more control over the computer. Under the Local Policies node, there is a Security Options node. There are close to 60 additional security options grouped into the following categories: accounts, audit, devices, domain controller, domain member, interactive logon, Microsoft network client, network access, network security, recovery console, shutdown, system cryptography, and system objects.
Rename the Administrator's Account.
You cannot delete the Administrator account, but you should rename the built-in Administrator account to provide a greater degree of security. You should use a name that does not identify it as the Administrator account to make it difficult for unauthorized users to break into the account. One of the account settings allows you to enter an account name to automatically rename the Administrator account. To automatically rename the administrator account, access the security options using the Group Policy snap-in, expand Local Policies, and then select Security Options. Right-click Accounts: Rename The Administrator Account and then click Properties. Type in the new name you wish to use for the Administrator account and click OK.
To automatically rename the Guest account, use Accounts: Rename Guest Account.
A security option that is important in securing your computer is the Interactive Log: Number Of Previous Logons To Cache option. This allows you to determine the number of times users can log on to a Windows domain using cached account information. Logon information can be cached locally, so if a domain controller is not available, the user can still log on to the domain. This setting determines the number of times a user can log on using that cached information. The default is 10 times. Setting this value to 0 disables the local caching of this information. A second option is the Network Logon: Do Not Allow Stored User Names And Passwords To Save Passwords Or Credentials For Domain Authentication option. Enabling this option prevents the storing of user names and credentials.
Shutting Down the Computer Without Logging On
By default, Windows XP Professional does not require a user to be logged on to the computer to shut it down. One of the account settings allows you to force users to log on to the computer before it can be shut down. Access the security options using the Group Policy snap-in, just as you did to configure Account Policy. Once you start the Group Policy snap-in, expand Local Policies and then select Security Options. Right-click Shutdown: Allow System To Be Shut Down Without Having To Log On, and then click Properties. Figure 13.5 shows the Properties dialog box for the Shutdown: Allow System To Be Shut Down Without Having To Log On setting. This setting is either enabled, which is the default, or disabled. To force users to have to log on to shut down the system, select Disabled.
Your computer must be a member of a domain or you must turn off the use of the Welcome screen to use this setting.
Clearing the Virtual Memory Pagefile on Shutdown
By default, Windows XP Professional does not clear the virtual memory pagefile when the system is shut down. In some organizations this is considered a breach of security because the data in the pagefile might be accessible to users who are not authorized to view that information. To enable this feature and clear the pagefile each time the system is shut down, start the Group Policy snap-in, expand Local Policies, and then select Security Options. Right-click Shutdown: Clear Virtual Memory Pagefile and then click Properties. By default, it is disabled. To force Windows XP Professional to clear the pagefile when the system is shut down, select Enabled.
Disabling Ctrl+Alt+Delete Requirement for Logon.
Windows XP Professional allows you to configure your computer so that users are required to press Ctrl+Alt+Delete to log on to the computer. By forcing users to press Ctrl+Alt+Delete, you are using a key combination recognized only by Windows. This ensures that you are giving the password only to Windows and not to a Trojan horse program waiting to capture your password. If you are in an environment where security is not a concern, you can leave the default setting of Not Defined or you can enable the Interactive Logon: Do Not Require Ctrl+Alt+Del option. With either of these settings, users will not have to use this key combination to log on to the computer. To require users to press this key combination to log on, start the Group Policy snap-in, expand Local Policies, and then select Security Options. Right-click Interactive Logon: Do Not Require Ctrl+Alt+Del and then click Properties and click Disabled. Disable this setting if security is a concern.
Preventing the Display of the Last User Name in Logon Screen
By default, Windows XP Professional displays the last user name to log on to the computer in the Windows Security dialog box. In some situations this is a security risk because an unauthorized user can see a valid user account name displayed on the screen. This makes it much easier to break into the computer. Enable Interactive Logon: Do Not Display Last User Name to prevent the last user name from being displayed in the Windows Security dialog box. In the Group Policy snap-in, click the Local Policies node in the console pane, and then click Security Options. In the details pane, right-click Interactive Logon: Do Not Display Last User Name, click Properties, and then select Enabled to enable this feature, which is either enabled or disabled.