Educause Security Discussion mailing list archives
Re: FW: Checklist for securing Windows XP systems
From: "Weeks, Calvin W." <cweeks () OU EDU>
Date: Thu, 29 Jul 2004 10:22:35 -0500
There is no way for me to know what your current settings are on the workstation you are applying the script to, so I cannot do a comparison, but the attached Excel spreadsheet will tell you what the settings will be after you apply the script. Also, the NIST, NSA, and Microsoft make it very clear that you MUST be logged in as Administrator level privileges to apply security settings properly or at all. Our script or applying the settings manually will not work if you are not logged in as Administrator or I cannot guaranty that it will work properly or shut down properly. Hope this helps. Calvin -----Original Message----- From: Brent Sweeny [mailto:sweeny () indiana edu] Sent: Thursday, July 29, 2004 10:04 AM To: Weeks, Calvin W. Cc: The EDUCAUSE Security Discussion Group Listserv Subject: Re: [SECURITY] FW: Checklist for securing Windows XP systems what do your scripts do, exactly? there are lots of options in the NIST and NSA guides, and yours has type-of-use options so I presume there are multiple classes of settings. I tried it with a non-administrator account and it doesn't seem to fail very gracefully, and I'd hate to try it--even on a non-critical system--with an admin account before I knew what it was doing. thanks. On Thu, Jul 29, 2004 at 09:33:03AM -0500, Weeks, Calvin W. wrote:
We have used the NIST and the NSA guides over the past four years at
the
University of Oklahoma and have found them to be very valuable to our security efforts. We spent some time working with our public access areas, labs, residential housing, and research community and have put together a script that will automatically apply the NIST
recommendations
to workstations. This version is our public version that we distribute too our non-university owned workstations and you are welcome to use
as
you wish: http://security.ou.edu/distribution/OU_BP_Security_Scripts_2.exe Hash Value: bca4ef56f26e1e44d6082ab7416dfb7b Please, test on a non production machine before using and pay
attention
to comments when you run the script. This can be applied to Win 2000 Pro/Server, Win XP, and Win 2003; however we have found that you
should
always apply the security settings manually on servers and we only use this script for workstations. We are working on customizing scripts
that
will work for servers, but you have to make a script for each type of server that you have (i.e., webserver, file/print server, Domain controller, DNS, DHCP, etc.) If you of you have any questions you may contact myself or Jason
Britton
(fulco () ou edu) and please, give us feedback for improvements to the script. Calvin Weeks, EnCE, CISSP, CISM Director, OU Cyber Forensics Lab University of Oklahoma Phone: 405-325-8334 http://cfl.ou.edu <http://cfl.ou.edu/> http://security.ou.edu <http://security.ou.edu/>
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Attachment:
Security Script Setting Export - DISTRO_2.xls
Description: Security Script Setting Export - DISTRO_2.xls
Current thread:
- FW: Checklist for securing Windows XP systems Ken Shaurette (Jul 29)
- <Possible follow-ups>
- Re: FW: Checklist for securing Windows XP systems Weeks, Calvin W. (Jul 29)
- Re: FW: Checklist for securing Windows XP systems Brent Sweeny (Jul 29)
- Re: FW: Checklist for securing Windows XP systems Weeks, Calvin W. (Jul 29)