Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer


Windows XP Security Tweaking for the paranoid

Require Alphanumeric Windows Password
Alphanumeric passwords mean that you MUST use a combination of both letters and numbers for your passwords. This is a VERY good idea. Passwords with just letters or just numbers is very easy for things such as password crackers to figure out.If you combine use 3l1t3 speak passwords with passwords that are long you'll really make it hard on brute force crackers. Sure it takes you longer to type in, but it's worth it on anything that is important.


Set the Minimum Password Length
This one the title says everything that needs to be said. It will force people to use a password that is beyond a certain length. Alot of people use simple password such as dog which would take a brute force cracker nearly no time at all to figure out. This should be used alongside the alphanumeric passwords.


Disable Password Caching in Internet Explorer
I don't like IE storing passwords. I don't believe in trusting Microsoft with storing data like that anywhere on my system. This tweak disables the option to even allow IE to store your password.

Microsoft Doc can be found here. Quote:

"When you attempt to view a password-protected site, you are prompted to type your security credentials in the Enter Network Password dialog box. If you click the Save this password in your password list check box in this dialog box, your computer saves your password so you do not have to type the password again when you attempt to use the same document. This is known as password caching."

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]

Disable Password Caching
This is a HUGE issue in the win 9x OS's that isn't nearly as bad in 2k/XP. This means the users passwords are not cached locally. This setting also removes the second Windows password screen and also removes the possibility of network passwords of getting out of sync.

Dialup users may not want to use this since your dialup password will no longer be cached while using this tweak

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

Password when returning from screensaver
only in 1.0+ By default users can change whether they want to enter their password to unlock the system after a screensaver has been running. We believe a password should always be entered to return to the system. This will force a password ;) This is really only for people who have other people around their systems.

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop]

Written By: Martin Krohn
Printer Friendly

Article Index:
Page 3 -->