Windows XP Home - User Account Security Guide

Enter the Portal of Deals, Discounts, Sales, & Coupons

Windows XP Home - User Account Security

May.02, 2008 in Hardening Systems, Tutorials, Windows

Windows XP Secure User Accounts Tutorial

I was asked to reinstall Windows XP Home for a relative that is somewhat computer illiterate. Troubleshooting the constant crashes and investigating the extreme slowness was not something I wanted to bother with. Before I began, I took a quick look around and noticed that all of the user accounts were administrators and there was a variety of malware on the computer.

Therefore, I decided to create this guide to show you how to property configure a Windows XP Home computer’s user accounts for optimum security. This tutorial will assume the reader is a basic home user and this system is not part of a network. User policy at the enterprise level is more in depth and will be covered in separate posts.

Note: Navigation may vary dependent on the view of the user. I’m using classic view for this guide. If you are using category view there may be extra steps involved. To switch to classic view go to Start menu > control panel … in the upper left you can switch your view.

User Account Settings

The first thing you must do is determine how complex user accounts need to be. I don’t advice operating the computer as the default administrator on a regular basis. This opens up an array of potential vulnerabilities. I’ll show you a command to access admin functions as a regular user shortly. I recommend only one administrative account per computer and one limited user account for each person having access to the computer.

start menu > control panel > user accounts > create a new account for each person who will use the computer. Choose limited account type for each user.

New Limited User

Go into each account and have the user choose a unique password. Six to Eight characters alpha and numeric is ideal.

Run As

Having limited access users adds to the security of the system, but includes a small hurdle when attempting to run certain applications, install software, or apply updates. Run As is a command that runs a program as an administrator from a limited account.

Locate the icon of the program you wish to run
Hold down SHIFT and right click the icon
Click Run as
Run the program as the following user
Choose the username of the admin account and type in the password

Run As

The program will launch as if the administrator account was logged in.

Now we’ll need to configure folder options for each user.

File Extensions and Association

File extensions are the three letters following the period in a file name. The association is the program that opens those files relative to their extension.

Examples:
.html – Internet Explorer
.doc – Microsoft Word
.txt – Notepad

By default Windows hides these extensions from the user. Therefore, a file named “Homework.exe” (exe = executable) would be seen only as “Homework”. This is a masquerading technique of viruses and such. To remedy this problem we’ll need to change the folder options for each user.

Start menu > control panel > folder options > view tab
Uncheck “Hide file extension for known file types”

show file extensions

Now we can identify what type of file we are clicking on.

Click on File Types tab
Click on the extensions JS, JSE, OTF, REG, SCT, SHB, SHS, VBE, VBS, WSC, WSF, and WSH
For each click the Change button and select notepad
Click ok

The most common malicious software uses those extensions. If you accidentally click on “virus-name.jse”, it will now open in notepad and not execute the code.

file association

Secure Windows XP registry, logs, and passwords

Windows XP stores security relevant items in the folders C:\Windows\Repair and C:\Windows\System32\config. Browse to their location and allow only the administrator and the system access.

My computer > C drive (windows installation drive) > Windows
Right click over the Repair folder
Select properties
Click on the Security tab
Select Users
Uncheck Allow for all but “List Folder Contents”

secure folder

Congratulations!

Each user has a password protected account
Admin rights are not active during daily use
The Run As command is a safe way to administer the computer
File extensions are readily identified to the user
File associations link to safe programs
Important Windows folders are protected from general users

This was a basic security configuration tutorial related to user accounts for the Windows XP Home operating system.

Remember all the security configurations in the world won’t help a user with careless activity.

Tags: user accounts, Windows XP

Welcome!

An Information Security Professionals Blog to assist general users on Computer Security, and to explore with other InfoSec Professionals topics of Systems Security, Forensics, ethical hacking, and Incident Response.

Most Popular Posts
Do Not Fall Victim to Internet Auction Fraud

Setup a Secure Wireless Network at Home

Selling Used Computers Identity Theft Concerns

Barack Obama Denied National Security Clearance

Exciting Computer Security Career Jobs

CONTESTS:

Funniest Computer Security Story Contest

SERIES:

Do Not Fall Victim to Internet Scams

CISSP Study Sheets

SURVEY:
Which film is the Most Realistic Hacker Movie?