Tuesday, January 30, 2007

Customize Windows XP - Security

First some apologies...those 'advanced' security features I promised will not be covered in this post.They were just too many!!!And gettin the best is too much trouble for a lazy guy like me :D

Windows Installer


This can be found under Local Computer Policy>Computer Configuration>Administrative Templates>Windows Components

Now lets discuss each of the settings.

1.If you do not want new applications to be installed on your computer,then change the value of "Disable Windows Installer" to Enabled.

2.This is a important setting in case you are the admin for a network.This setting "Always install with elevated privileges" must be disabled to make sure that users with limited permissions are not given access to directories/settings in some very important computer.

Note:This setting is available in both "Computer Configuration" and "User Configuration". For the changes to be effective, this setting must be disabled under both.

3.The next setting discussed is the "Enable user control over installs". In most cases when a limited user tries to install software and tries to change the installation path,the installation would halt due to a security violation.However, the installation program must be running under a 'privileged security context' which would grant it permission to directories which the user himself does not have.
It must be set to "Enabled".

4.Enable "Allow Admin to install from Terminal Services Session" to give the admin the rights to install program through the Terminal Services.

5.Enable 'Logging' to specify the types of events you want the Installer to log into the file "msi.log" .This provides you with some very important info about the installation including the arguments given during the execution of the installation.

6.Do enable the "Prohibit the removal of Updates" to maintain a good control over program updates. If you enable this, neither an admin nor a user would be able to remove updates individually. If you disable this, the user can remove updates only if he has the rights.



I should make a safe bet that most of you have already moved on to Mozilla Firefox but in case you are using Internet Explorer, you can stop others cribbing about it lacking security. Just check out the settings available in Local Computer Policy> User Configuration>Administrative Templates>Windows Components>Internet Explorer.
Whoa! Check out the features.An exhaustive coverage is almost impossible but taking a day off improving your browser is sort of cool!

Thats it for now...Its [NpoWEr] signing off.