Wednesday 23 May 2012

Defending WinXP Pro -with what win-xp has to offer



Today I will tell you about various ways to Securing WinXP Pro with what win-xp has to offer by default. No extra third party software to tweak things which might make your system unstable and push it into the verge of reinstalling soon often.

Note: These are just notes of the changes i made to win-xp pro using win-xp options after my default install. These changes will not secure your box 100% but they make a good couple of 1st steps. They are in no specific order other than the order that I performed them.

1. NTFS Partition.
2. Disable Error Reporting
3. Disable Automatic Updates (only if your XP copy is pirated)
4. Disable "Recent Documents" Viewed
5. Setup XP Firewall
6. Setup screensaver password
7. Setup BIOS password
8. Setup "AfterBios" login password
9. Account Modifications
-Rename Admin Account
-Disable Guest Account
-Disable Help_Assistant Account
-Disable Support Account
10. Install a virus scanner.
11. Change Login Screen (default shows user names)
12. Disable Remote Registry (and other services)
13. Disable/Change Auto-Search settings in IE.
-----------------------------------------------------------------------------------------
1. NTFS Partition (I like being God over system users)
-----------------------------------------------------------------------------------------

Be sure to install XP onto an NTFS partition so that you (the administrator) can take advantage
of file permissions. You want this option so that "you" can decide who reads, writes,
executes what files.

If you didn't install XP onto an NTFS partition. Convert It. To convert to NTFS follow
the instructions below.

Open a command prompt and type "convert c: /FT:NTFS /v"

This command will convert your c: partition from FAT to NTFS in verbose mode.

-----------------------------------------------------------------------------------------
2. Disable Error Reporting - we don't want microsft to know every time we fuck up.
especially if we didn't pay for winxp.
-----------------------------------------------------------------------------------------

control panel >> performance and maintenance >> system >> advanced >> error reporting
(disable all)

right click "my computer" >> manage >> services and applications >> services >> " stop
and disable" Error Reporting.

-----------------------------------------------------------------------------------------
3. Disable automatic updates - to update, they must know what we have. thats a NO NO!
-----------------------------------------------------------------------------------------

NOTE: DO THIS ONLY IF YOUR COPY OF XP IS PIRATED!! I suggest "auto update" if your copy
of XP is legal. If your copy is pirated then i suggest that you stay updated with
the latest fixes and patches manually.

control panel >> performance and maintenance >> system >> automatic updates
(disable updates)

right click "my computer" >> manage >> services and applications >> services >> " stop
and disable" Automatic Updates.

-----------------------------------------------------------------------------------------
4. Quit listing most recent documents opened under the start button - Don't want the
girlfriend or the parents to find that interesting things you being viewing lately.
-----------------------------------------------------------------------------------------

control panel >> appearance and themes >> task bar and start menu >> start menu >>
customize >> advanced

remove the check mark next to "List my most recently opened documents".

-----------------------------------------------------------------------------------------
5. Block incoming traffic to your winxp box. - Before this change, i scanned my xp box and
found it to have many ports wide open. After this change, I found nothing and xp logged
the attempts in c:\windows\pfirewall.log.
-----------------------------------------------------------------------------------------

control panel >> network connections >> right click "local area connection" >> properties
>> advanced >> check the box under "Internet Connection Firewall" then choose "settings".

Services Tab - leave all unchecked unless there is a service you are running that people
must be able to access.

Logging Options - Log everything.

ICMP - I left all these unchecked for the time being. (allowing nothing)

(this does not protect you from "Spy Ware". This only stops traffic from coming into
your win-xp box (not all traffic). It does not stop traffic from going out.) If you
need to stop traffic from going out and need a more secure firewall then download a real
firewall like "zone alarm or black ice".

-----------------------------------------------------------------------------------------
6. Setting a screensaver password in case you leave some of your sensitive documents open when you walk away.
-----------------------------------------------------------------------------------------
right click on the desktop >> properties >> screen saver >> check the box next to " On
Resume, Password Protect."

If you don't have a password set on your user account, you can do so in control panel >>
user accounts >> change account.

-----------------------------------------------------------------------------------------
7. Setting a BIOS password - We don't want anyone rebooting the computer or trying to sneak
into your system while we are away at school or work.
-----------------------------------------------------------------------------------------

I can't explain to one how this is done due to the differences between all computers and
how the BIOS settings are entered. If you know what I am talking about then do it. If you
don't know what I am talking about then learn how to do it. A screensaver password is useless
unless you setup a BIOS password.

------------------------------------------------------------------------------------------
8. Setting up the "AfterBios" password. Sometimes bios passwords are easily cracked. This
password will add extra local login security in case your bios pass is cracked. I don't
know bout you but i love having to type in 3 passwards and a username to login to my box.
------------------------------------------------------------------------------------------

Start >> run >> type "syskey" >> choose "update" >> choose "Password Startup" >> enter a
password and choose ok.

------------------------------------------------------------------------------------------
9. Renaming and Disabling Accounts for adminstrator, guest, help_assistant and support.
------------------------------------------------------------------------------------------
Right click my_computer >> manage >> local users and groups

rename administrator account
disable guest account
disable help_assistant account
disable support account

-------------------------------------------------------------------------------------------
10. Install Virus Protection............. (We like our uncorrupted data and trojan free system)
-------------------------------------------------------------------------------------------

Install a virus scanner. Your firewall might protect your system from unwanted hackers but
what about an unwanted virus or trojan?. I recommend installing a virus scanner such as
"Nortons" or "McAfee".

-------------------------------------------------------------------------------------------
11. Change Default Login Screen............ (why do we want to share usernames with anyone?)
-------------------------------------------------------------------------------------------

Xp uses the "welcome screen" by default. This screen has the names of all accounts on the
system so that the user only has to click on their name and type a password. Come on now....
We aren't that damn lazy. If we change this screen to the normal login, then prying eyes
will have to know a username and password to get in. Follow the instruction below to change
this.

control panel >> user accounts >> change the way users log on or off

uncheck the box next to "Use Welcome Screen" and choose "apply options".

-------------------------------------------------------------------------------------------
12. Disable Remote Registry..........(why would I need to edit my registry remotely anyway?)
-------------------------------------------------------------------------------------------

right click "my computer" >> manage >> services and applications >> services >> " stop
and disable" Remote Registry.

NOTE: disable any services running in this area that you aren't using.

-------------------------------------------------------------------------------------------
13. Disable/Change Auto-search in Internet Explorer. This is not really a security risk but it
is important to some people that prefer to keep their internet surfing to themselves and
away from microsoft.
-------------------------------------------------------------------------------------------

Open Internet Explorer >> Click the "search" button >> click the "customize" button >> click
"autosearch settings" >> FOLLOW INSTRUCTIONS BELOW...........

DISABLE: In the "When Searching" drop down menu, select "Do not search from the address bar".
>> click "ok" >> "ok". Type an invalid address in your address bar and see if it
takes you to the msn search page or if it gives a "page not found" error. In this
case, the "page not found" error is what we want.

CHANGE: If you wish not to disable, but you wish to change it to your favorite "google.com"
search page. Instead of following the "DISABLE" instructions, follow the instructions
below. Choose "Google Sites (or whatever you prefer)" from the "choose a search provider
to search from address bar" drop down menu >> click "ok" >> "ok"


I,myself personally believe that there is much more to securing your box than this. Maybe i will come up with more information soon. Don't miss them...

Posted by at No comments:
Labels: , ,

How to Hide the HDD Partitions?


This trick is for all those people who wants to hide tons of data into their box. So here it is, if you have very important data in your hard drive placed in some partition which you do not want anybody to see then this trick is only for you!!!
1. Just click on start>run type gpedit.msc
2. Now navigate through user configuration> administrative templates > windows components> windows explorer
3. Double click on “Hide these specified drives in My Computer” modify it accordingly.
4. Then just below you will find another option “Prevent access to drives from My Computer”, double click on this option and modify it accordingly.
5. To make it visible again select "disable" by double clicking on the “Hide these specified drives in My Computer” option.

WARNING:Don't try to experiment with other options in gpedit.msc if you don't know, what exactly your doing. Just have some patience and follow my tutorials regularly, i am going to tell you everything that is configurable in windows [and those also which you thought before, "Seems not possible to change ;-)" ].
Posted by at No comments:
Labels: , ,

Hide in the (Network) Neighborhood in Windows PC


Don't want your XP computer to show up in the network browse list (Network Neighborhood/My Network Places) to other users on your network? One way to accomplish that is to disable file sharing. To do this, click Start, right click My Network Places and select Properties. Right click your local area connection and click Properties. Uncheck the box that says File and Printer Sharing for Microsoft Networks. Click OK.
But what if you want to be able to share folders with some users; you just don't want everyone on the network to see your computer's shares? There's a way:

Click Start and select Run.
In the Run box, type net config server /hidden:yes
Click OK.
Now others who know the UNC path (\\computer name\share name) can connect to your computer's shares from the Run box, but it won't show up in the network browse list.
Posted by at No comments:
Labels: , ,

How to "Delete administrator Password" without any Software



Method 1
Boot up with DOS and delete the sam.exe and sam.log files from Windows\system32\config in your hard drive. Now when you boot up in NT the password on your built-in administrator account which will be blank (i.e No password). This solution works only if your hard drive is FAT kind.

Method 2

Step 1. Put your hard disk of your computer in any other pc .
Step 2. Boot that computer and use your hard disk as a secondary hard disk (Don't boot as primary hard disk ).
Step 3. Then open that drive in which the victim’s window(or your window) is installed.
Step 4. Go to location windows->system32->config
Step 5. And delete SAM.exe and SAM.log
Step 6. Now remove hard disk and put in your computer.
Step 7. And boot your computer

Posted by at No comments:
Labels: ,

CHANGE ANY WINDOWS USERS PASSWORD



This tweak gives a user the opportunity to use it for good or bad. It enables the user to re-password any account without having to know the existing password and also shows you every account that exists on the machine (even the ones that are hidden). This is a good tool to use if you forgot a password to say your administrator account and you needed to be logged into the admin account for any reason. 

>>To view all of the user accounts:

1) While logged onto the computer, click on Start>Run>and type in CMD. 
2) From the command prompt window, type in cmd net users 
This will show you every account that is made onto the computer whether it is hidden or not. 

To change an account password:
1) While logged into the computer to an account that has administrative rights, click on Start>Run>and type>>CMD>> 

2) Type in net user then the name of the account then * and press enter. heres an example: net user administrator * or net user "TRICKS GOD" * . Put the name in quotes if it contains spaces. 

3) From there it should ask for a new password. Type in your new password (type very carefully - the command window won't display what you type) and once more to confirm it. If you get the message that the command succeeded successfully you're all set!!


Posted by at No comments:
Labels: ,

Friday 11 May 2012

Cleaning Recent Docs Menu and the RUN MRU

You can easily remove recent Documents Menu and RUN MRU by doing little bit with registry through this tip.

To disable The Recent Docs menu can be easily disabled by editing the Registry. To do this go to the following Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer


Now in the right pane, create a new DWORD value by the name: NoRecentDocsMenu and set it's value to 1. Restart Explorer to save the changes.

You can also clear the RUN MRU history. All the listings are stored in the key:

HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

You can delete individual listings or the entire listing. To delete History of Find listings go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU and delete.

Source: Sohail Anwar 
Posted by at No comments:
Labels: , ,

RESTART WINDOWS WITHOUT RESTARTING YOUR COMPUTER


Mostly Computer takes lots of time for restart. Sometimes we need to restart our computer, that time it becomes necessity like after installing some software but when we have limited time and we are busy then it is very annoying to wait for it to restart.


So here is solution for this problem. In that case you need not to restart your computer but you can restart your windows without restarting computer. It will take very less time.
To restart windows without restarting computer you just need to hold Shift key down while clicking on shutdown or restart button.


Your computer would restart without restarting the Computer.



Restart Windows without Restarting PC, this term is known as Hot Booting.

Courtesy : Sohail Anwar  & http://sapost.blogspot.in/
Posted by at No comments:
Labels: ,

Tuesday 8 May 2012

MANAGEMENT STUDIO IN SQL SERVER 2005



On Yesterday I got a call from one of my post office saying that no applications are working . It shows an error that server is not exists. Firstly I thought that it is problem with network connections and I asked themto restart the server machine and try again but then also this error exists. I came to the office and tries to run theapplication. But seeing the error I thought that this problem with SQL server. On tryingto open the SQL server 2005 management studio I got an error. The error is as follows
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server wasnot found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.NetSqlClient Data Provider) “
First I wondered to see the error while connecting to server 2005. I never come up on such type of error during period as SA. While Contacting fellow Sys Admins they told that they had never come across such errors. While searching for the solutions on net But that not worked for me.

The main check points are

.Make sure your database engine is configured to accept remote connections
Start > All Programs > SQL Server 2005 > Configuration Tools > SQL Server Surface Area Configuration

Click on Surface Area Configuration for Services and Connections
Select the instance that is having a problem > Database Engine > Remote Connections
Enable local and remote connections

Enable the TCP/IP in surface area configuration

Check the fire wall status and off the firewall if it is on and allow exception for programsSQL server and SQL server browser

Enable SQL Server Browser (Start the SQL server browser n service)

But then also I am not able to connect to SQL server management studio. But while restarting the server machine I found that the windows server administrator password was missing. Earlier it requires a password for opening the windows server. Then I gotto users (By right clicking computer---Manage----Local User) and set pass word for Administrator (Recreated the earlier Password) and restarted the server.
After this SQL Server is working and I can open management studio correctly.
via : saparavur.blogspot.in & http://sapost.blogspot.in/
Posted by at 2 comments:
Labels: ,

Increase Your SATA Hard Drive Performance



Most of the latest machines supplied to Post offices using Vista operating system and SATA hard disks. Windows vista software has a built in support for SATA disk drives. You can speed up the performance of your serial ATA (SATA) disk drive by enabling write caching feature in windows vista. By default this feature is turned off. You can follow the below steps to increase the performance

  • Right Click on My computer (computer)
  • Select Manage
  • Select Device Manager
  • Open device manager go to disk drive portion
  • Right Click on the hard disk select option properties
  • Select the button policies tab
  • Please check the box 'Enable Advanced Performance'
Courtesy : saparavur.blogspot.in & http://sapost.blogspot.in/
Posted by at No comments:
Labels: ,

Enable / Disable Delete Confirmation


When we delete these files through right click and delete it always asks for confirmation. Are you tired of this pop up disable confirmation. You can easily get this out. One way is that Select the required files and Press Shift+ delete. But this permanently delete the file.

For disabling the delete Confirmation

Right Click on Recycle Bin

Select Properties

Uncheck the Delete Confirmation box

Press Apply and Click on OK

Courtesy : saparavur.blogspot.in & sapost.blogspot.com
Posted by at No comments:
Labels:

Tuesday 1 May 2012

Sign into Multiple Google Accounts at a time in Single Browser


Sign in to multiple accounts at once
If you’re tired of signing in and out, or opening up new browsers in order to check all of your accounts at the same time, you can use multiple sign-in. With multiple sign-in, you’re able to access different Google products with up to 10 accounts using tabs in the same browser. Multiple sign-in is automatically enabled for all Google Accounts.

Your default account

If you use multiple sign-in, the first account you use to sign in during that browser session will be your default account for the rest of that session. If you visit other Google products that don't support multiple accounts after you've signed in, you will automatically sign in to your default account for that product. If you sign out of any Google product while signed in to any account, you will be signed out of all your Google Accounts at once.

To sign in to additional accounts:

  1. Sign in to a product that supports multiple sign-in, using an account that has multiple sign-in enabled.
  2. Click your name or email address at the top of the page.
  3. Select Add account from the drop-down menu.On the page that opens, enter the email address and password for another account you wish to access, and click Sign in.
  4. Once you’re signed in to more than one account in the same browser, you can easily switch accounts in the same tab. Just click your name or email address at the top and click on the email address you’d like to sign in to.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)