From the KnowledgeBase

Title:
Security: How to protect your Windows computer with security and firewall settings
Synopsis:
Windows: How to protect your computer with security and firewall settings


Solution:

Use the seven steps below to make sure your computer is protected against unwanted intruders and patched with the latest Microsoft updates.

1. Set/Change the Administrator password using Windows Security
A computer with a blank password for the Administrator account is highly vulnerable to all sorts of virus, trojan, and hacker attacks. Thus, the first step in securing any such computer is to provide the Administrator (or Owner) account with a secure password.

  • Log in as Administrator to the computer. This means literally typing the word "Administrator" at the login screen. If your current Admin password is truly blank, you should be able to log in to the computer with the password field blank.
  • Make sure that in the Log On To field, you have pulled down to your computer name (rather than "PRINCETON" or "WIN").
  • When you see a Windows desktop, you have successfully logged on locally to your computer as Administrator.
  • Once logged in, press the Ctrl+Alt+Del keys simultaneously. This will bring up a Windows Security window that gives you a set of options, including Change Password.
  • Click on Change Password.
  • Provide the system with a new password (you will need to type your new password twice) in the window that appears and accept it by clicking on the OK button.
  • This will return you to the Windows Security window. Click on the Shutdown button in order to restart your computer.
  • You can now log in again to the Princeton domain by selecting Princeton in the Log On To field using your Princeton netID.

If your computer automatically boots up without a login prompt, see Solution 9553 to use the Safe Mode procedure. If you use Windows XP Home, see Solution 9553 to use the command line prompt procedure.

If you do not know your Administrator password, and cannot set or reset it, you will need to visit the OIT Solutions Center. It is extremely important that your computer have a secure Administrator password.

2. Password Protect All Accounts on your Computer
Limit the accounts you create on your computer, and make sure to password protect them. Follow the instructions below.

Set / Change User Account Passwords

  • Go to the Start menu and choose Control Panel (or Settings-->Control Panel if the Classic Start Menu is used). Or, see Solution 9553 to use the command line prompt procedure.
  • Select the User Accounts icon.
  • Select the User Accounts control panel.
  • Pick an account and click Create or Change Password. Disable the account if it is unnecessary.
  • You may need to type the current password and then supply a new password twice.
  • Repeat this step for any other accounts on your computer.

3. Disable the Windows XP Guest Account
This prevents users without an account on your computer from logging in remotely or locally.

  • Go to the Start menu and choose Control Panel (or Settings-Control Panel if the Classic Start Menu is used).
  • Select the User Accounts icon.
  • Select the User Accounts control panel.
  • If the Guest Account is turned on, select Guest Account.
  • Select Turn off the Guest Account.
  • Exit out of User Accounts.

4. Reset Internet Explorer Security Settings to the Default configuration
Open the Internet Explorer browser

  • From the Tools pulldown menu, select Internet Options
  • Click on the Security tab
  • Click on the Internet Zone icon to highlight it. Click on the Default Level button if it is not grayed out.
  • Repeat this step for Local Intranet, Trusted Sites and Restricted Zones
  • Click on the Advanced Tab and click Restore Defaults
  • Click OK to close the window.

5. Disable File and Print Sharing

  • Open the Network Control Panel
  • Choose the Local Area Connection - Right-click on it and select Properties
  • Disable the File and Print Sharing Service.

6. Activate the Windows XP Firewall
A firewall protects your computer from Internet worms that exploit open ports and operating system vulnerabilities. Only one firewall should be active on a computer. The firewall in Windows XP is not activated unless you have Service Pack 2 installed. Upgrade to Service Pack 2 as soon as possible. See How do I find what operating system is running on my computer? for more information. To turn the Windows Firewall on:

  • Click Start and then Control Panel. If your screen says Pick a Category, click on Switch to Classic View on the left under Control Panel.
  • Double-click Network Connections.
  • Right-click Local Area Connection and select Properties.
  • Click on the Advanced tab.

You will either see:

  • a section called Windows Firewall with a Settings button.
  • Click the Settings button and then check ON (recommended).

OR

  • a section called Internet Connection Firewall
  • Check the box: Protect my computer and network by limiting or preventing access to this computer from the Internet

Repeat this procedure for every network and dial-up connection.

7. Configure Windows Update to update your machine automatically
All Windows computers should utilize the Windows Update feature to get up to date on their operating system for security reasons. Microsoft issues patches for newly-discovered software vulnerabilities, so you need to keep your machine updated. The most painless way to do this, if you have a permanent connection to the Internet, is to leave your machine on, and allow the machine to update itself and reboot if necessary overnight. See Windows: How to use Windows Update and configure Auto Update for instructions.

Related Links:

Last Updated:
July 17, 2009

Solution ID:
9760