Wanted: Security Concepts for XP Home

  • Thread starter Thread starter Cycloid Torus
  • Start date Start date
C

Cycloid Torus

Like many, I would like to improve my security. I have kids and they have
limited accounts - which don't seem to be very limited to me. I am also
concerned by the "exploits" which seem rampant and the many cautions about
Active-X, java, scripts, etc. I have taken some steps: 1. NAT router, 2.
ZoneAlarm, 3. Norton AV, 4. Spybot S&D, 5. SpywareBlaster, and 6.
MailWasher.

I have looked at Kelly's site and his Security Console (looking forward to
v2 as I do not quite see or, mor probably the case, do not understand how I
would use it today). I gather from this and reading many of the topics on
this Newsgroup that XP Home may not really alow me to limit and better
secure my kids use (which I always thought was the actual purpose of having
different levels of access) because it isn't "fine grained" enough.

I tried Microsoft "Help" and didn't find any - and I am not astute enough to
self-determine good advise from bad which I might find via Google or Alta
Vista or even Jeeves.

Can someone offer suggestions about this and/or direct me to where I may
learn more?

Thanks (and Happy Thanksgiving) to all.
 
Your first steps are good ones.

As for the Security Console, its mine, not Kelly's, and it will allow you to restrict access to a large number of the settings of the system, on a per-user basis.

Additionally, you should not allow your kids to run as Administrators, unless it is absolutely necessary. Make their accounts, and yours Limited Users. If you need to access Administrator only features, use the built in Administrator account.

And last, but not least, if you're not running NTFS as your file system, you should be. FAT32 does not offer any security from a user stand point. NTFS enforces specific restrictions on files/folders based on user level and/or group membership.
 
Doug Knox

Thank you very much for your information - and for forgiving my
mis-attribution. I saw your recent posting about more fully securing limited
User Accounts folders. Good to know - but hard to remember (I wrote it
down). Can you refer me to places where I can learn more about how to better
organize and secure and operate an XP Home computer with many users? I was
hoping to find a website which would coach me from a conceptual level with
practical steps to:
- secure accounts from one another
- service accounts more automatically from a privileged user account
- confirm that user accounts are up to date with security requirements etc
As a forinstance you can see some of the trouble I have had with "index.dat"
(Spyware in Content.IE5). Similarly, I find some things are global (like
ZoneAlarm, IE6 security, etc) and others are account specific (NAV 2004 and
its problems with Limited Accounts, SpywareBlaster, SpyBot, CleanUp,
clearing index.dat, IE6 history, etc). So much of this seems silly, or
stupid or just plain wrong (like McAfee v8 which apparently cannot do a
virus scan if you have any kind of site control enabled - as a parent I
would like to limit access to sites for my kids but also allow them to scan
any disks from school).

I'm looking forward to learning more about Security Console - with hopes for
v2 (want my wish list??).

Your first steps are good ones.

As for the Security Console, its mine, not Kelly's, and it will allow you to
restrict access to a large number of the settings of the system, on a
per-user basis.

Additionally, you should not allow your kids to run as Administrators,
unless it is absolutely necessary. Make their accounts, and yours Limited
Users. If you need to access Administrator only features, use the built in
Administrator account.

And last, but not least, if you're not running NTFS as your file system, you
should be. FAT32 does not offer any security from a user stand point. NTFS
enforces specific restrictions on files/folders based on user level and/or
group membership.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
 
Sorry I didn't get back to you sooner (holiday and all). Sure, if you want to send your wish list, please feel free. However, anything that isn't available via the Group Policy Editor (XP Pro only) won't be added. The purpose of the Windows XP Security Console is to allow users to apply group policy settings, on a per-user basis in a non-domain environment. Your wish list can be sent to (e-mail address removed) (what the hell, I get enough spam there already <G>).
 
Back
Top