10 registry hacks for hardening Windows XP security
3. Rename the new value to
.4. Double-click the new value and enter 1 in the Value Data field. (You can modify this to allow allapplications to run by changing the value to 0).5. Create a new subkey named
.6. Create a new string value for each application you want to allow. Name each string value as aconsecutive number.7. Set the Value Data for each string value as the name of an application you want to allow (this should bethe executable program name, such as explore.exe for Windows Explorer).8. Reboot the computer to apply the change.
Don’t apply this policy to yourself or you may not be able to run the programs you need to in order to administerthe computer—and if you can’t run the registry editor, you won’t be able to change the policy.
Disable saved password for dialup networking
It’s handy for users not to have to enter their passwords each time they start a dialup networking session, but itcan also be a security risk to have Windows save the password, since anyone else can start a session, too. Todisable the saved password function for DUN, do the following:1. In your registry editor, navigate to:
.2. If the entry
doesn’t already exist, right-click in an empty portion of the rightdetails pane and select New | DWORD Value.3. Rename the new value to
.4. Double-click the new value (or if it already existed, just double-click it now) and enter 1 in the Value Datafield to prevent Windows from saving the DUN password. If you want to enable saving of passwords later,you can do so by setting the value to 0.
Prevent access to specific drives
You can prevent users from viewing and accessing the files and folders on specific drives using WindowsExplorer, My Computer, or the Run command. They will not be able to map a network drive or use the DIRcommand to get a list of directories on the drive. This is a good way to add a layer of protection to a drive onwhich you store sensitive data. (You should also use access controls/permissions and encrypt the data if it’sextremely sensitive.)1. In your registry editor, logged on with the user account you want to restrict, navigate to:
.2. Right-click in an empty portion of the right details pane and select New | DWORD Value.3. Rename the new value
.4. Double-click the value and set the view to Decimal. In the Value Data field, add the following number(s) tohide the corresponding drive(s): A: 1, B: 2, C: 4, D:8, E:16, F: 32, G: 64, H:128, I: 256, J: 512, K: 1024, L:2048, and so on, multiplying by 2 to get the next numbers for the rest of the alphabet.
Copyright ©2005 CNET Networks, Inc. All rights reserved.For more downloads and a free TechRepublic membership, please visithttp://techrepublic.com.com/2001-6240-0.html