Re: FW: Checklist for securing Windows XP systems

["Weeks, Calvin W." <cweeks () OU EDU>]

There is no way for me to know what your current settings are on the
workstation you are applying the script to, so I cannot do a comparison,
but the attached Excel spreadsheet will tell you what the settings will
be after you apply the script.

Also, the NIST, NSA, and Microsoft make it very clear that you MUST be
logged in as Administrator level privileges to apply security settings
properly or at all. Our script or applying the settings manually will
not work if you are not logged in as Administrator or I cannot guaranty
that it will work properly or shut down properly.

Hope this helps.

Calvin 

-----Original Message-----
From: Brent Sweeny [mailto:sweeny () indiana edu] 
Sent: Thursday, July 29, 2004 10:04 AM
To: Weeks, Calvin W.
Cc: The EDUCAUSE Security Discussion Group Listserv
Subject: Re: [SECURITY] FW: Checklist for securing Windows XP systems

what do your scripts do, exactly?  there are lots of options in
the NIST and NSA guides, and yours has type-of-use options so I
presume there are multiple classes of settings.   I tried it 
with a non-administrator account and it doesn't seem to fail
very gracefully, and I'd hate to try it--even on a non-critical
system--with an admin account before I knew what it was doing.
        thanks.

On Thu, Jul 29, 2004 at 09:33:03AM -0500, Weeks, Calvin W. wrote:
> We have used the NIST and the NSA guides over the past four years at
the
> University of Oklahoma and have found them to be very valuable to our
> security efforts. We spent some time working with our public access
> areas, labs, residential housing, and research community and have put
> together a script that will automatically apply the NIST
recommendations
> to workstations. This version is our public version that we distribute
> too our non-university owned workstations and you are welcome to use
as
> you wish:
>
> http://security.ou.edu/distribution/OU_BP_Security_Scripts_2.exe 
> Hash Value:  bca4ef56f26e1e44d6082ab7416dfb7b
>
> Please, test on a non production machine before using and pay
attention
> to comments when you run the script. This can be applied to Win 2000
> Pro/Server, Win XP, and Win 2003; however we have found that you
should
> always apply the security settings manually on servers and we only use
> this script for workstations. We are working on customizing scripts
that
> will work for servers, but you have to make a script for each type of
> server that you have (i.e., webserver, file/print server, Domain
> controller, DNS, DHCP, etc.)
>
> If you of you have any questions you may contact myself or Jason
Britton
> (fulco () ou edu) and please, give us feedback for improvements to the
> script.
>
> Calvin Weeks, EnCE, CISSP, CISM
> Director, OU Cyber Forensics Lab
> University of Oklahoma
> Phone:  405-325-8334
> http://cfl.ou.edu <http://cfl.ou.edu/> 
> http://security.ou.edu <http://security.ou.edu/> 


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Attachment: Security Script Setting Export - DISTRO_2.xls
Description: Security Script Setting Export - DISTRO_2.xls