Create your own system security weapon

Security has been a very hot topic. In order for the computer system to be safe before any threat requires users to research and invest a lot of effort to carefully edit each security parameter in Windows. Doing that is not easy because no one dares to "pat the chest" on their own.

Fortunately, Windows XP and Windows 2000 have provided the necessary tools so that we can protect our systems more safely. You must learn and take advantage of the utilities available in Windows and turn them into their own tools. This article will help you by using Windows' Security Configuration and Analysis tool, although this utility cannot secure e-mail or other applications.

Changing Windows' security configuration sometimes makes your computer unable to connect to your local network, Internet access, or some other application inactive. So before you follow the instructions in the following sections, you need to equip yourself with the knowledge of 'rescue' Windows mentioned in the article 'Care and maintenance of the Windows Registry', TGV A month. 05/2002, t.90 or 'How to recover the Windows Registry', April 2003, AOCT, t.106. In addition, you can also quickly look at the two articles on the website www.pcworld.com.vn with the search ID by the article is A0205_90 and A0304_126.

Create tools yourself

To create a system security tool, first log into Windows with the highest administrator rights.From the Windows interface, select Start, Run, type mmc and press Enter.If you are using Windows XP, in the Console window select File.Add / Remove Snap-in (or Console.Add / Remove Snap-in in Windows 2000).Next in the Add / Remove Snap-in window, click the Add button and select the item called Security Configuration and Analysis.Then, click the Add button, then Close and finally OK to finish.Now an item called Security Configuration and Analysis will appear just below the Console Root icon in the directory tree format.

 

Figure 1: Select the security level with the Windows configuration files.

 

The next job is to configure the tool for the newly created tool by right-clicking on the Security Configuration and Analysis item and selecting Open Database.In the Open Database window, enter the database name eg my security settings, then press Enter.You will see a list of template configuration files provided by Windows in the Import Template window.There is also another procedure that works similarly by right-clicking Security Configuration and Analysis, selecting Import template.The sample configuration files are arranged from a simple security configuration (setup security.inf file) to a high configuration (hisecws.inf file).Unless you are a professional network administrator or system security expert, please select the template file with a normal security configuration and therefore, select the file setup security.inf and click Open (Figure 1 ).

To save the newly created tool, select File, Save As (or Console.Save As if using Windows 2000) and declare the path to save the file on the hard disk. If you save to the Administrative Tools folder located in the Start Menu folder, the path is actually C: Documents and SettingsAll UsersStart MenuPrograms Administrative Tools, then the recorded file name will appear on the Administrative Tools menu (Start.Program. Administrative Tools or All Programs. Administrative Tools. If you don't want other users (logging into non-Administrator systems) to use this function from the Start menu, you should write this file to another folder on your hard disk. Enter a name for the file, for example Security Analyzer, and then press Enter.

Analysis of system security status

 

Figure 2: Starting the security analysis function of the system.

To analyze the current security level of the system, right-click on the Security Configuration and Analysis item and select Analyze Computer Now (Figure 2).Declare the path to save the result file, or simply press the OK key to accept the path chosen by Windows.

When the analysis is complete, you will see a new screen like Windows' Windows Explorer file browser utility. On the screen to the left under Security Configuration and Analysis, a list of information that is directly related to the safety of the system such as Account Policies, Local Policies . and the right screen shows the parameters. In the section on the left, click on the icons with the cross sign to browse the lists below the selected item (Figure 3).

The icons that come with the parameters indicate the status of each parameter in the Windows system compared to the same content in the sample file.

 

The meaning of symbols in the Security Configuration and Analysis tool.

 

 

Symbol

 

 

Meaning

 

 

 

 

Configuration of Windows system in accordance with the requirements of the sample configuration file just applied.

 

 

 

 

The configuration of the Windows system does not match the requirements of the newly formatted configuration file.

 

 

 

 

The configuration of the Windows system is not found in the configuration file that has been applied.

 

 

 

 

Configure the settings for the Windows system to be included in the format format configuration file you just applied, but not in your Windows system.

 

Refine the configuration

If you see almost all of the items in the list on the left or right of the screen have a green tick icon, it means that your Windows system satisfies the pre-established security configuration requirements. in the security.inf setup file just selected. Otherwise, if you see too many red danger symbols, your system is very unsafe. So how to handle this case?

Accept what is there: If the system is working properly and there are no abnormal signs that Windows has security issues, it should keep the current status.Only when you feel your Windows system has problems will you need to fine-tune the red-marked configuration.

Figure 3: List of security functions declared after running security analysis tool.

 

Using other security formats: The appearance of many red icons may also mean that the selected configuration file does not match the way we set the working mode in the Windows system.To choose the correct system security configuration to suit your requirements, you should consult the instructions provided by Microsoft in the Windows Help section.Here's how: In Windows XP, select Start, Help and Support, enter the Predefined security templates into the search text box and press Enter.Then, click on the Predefined security templates phrases listed in the results window on the left and you will see the meaning of each sample configuration file for the system security mode that Windows provides to be displayed in the area. right window.With Windows 2000, the procedure is a bit different, choose Start, Administrator Tools.Local Security Policy, in the Local Security Settings screen, click on the icon with a question mark in the top right corner of the icon set. in the corner of the screen.In the Contents tab, select Security Configuration and Analysis.Advanced Topics.Predefined templates.Any information you need to find will appear on the right side of the screen similar to the one in Windows XP.

If you find a template file that matches your requirements, follow these steps. In the Console window, select the Security Configuration and Analysis item, then select Action.Import Template (faster way is to right-click the Security Configuration and Analysis item and select Import Template). Check the Clear this database before importing option if you want to remove the old configuration parameters, otherwise the result will be a combination of the old configuration with the new configuration. Click to select the sample configuration file to use, finally click Open and redo the steps to analyze the security status of the system mentioned above.

Use of specialized utilities: If you want to declare or modify some specific system security parameters yourself, you should not lose and edit each parameter one by one created by the sample files, but should use other system administration tools for Windows. For example, to manage user rights and work environment for each user, you should use the available tools such as Account Policies or Local Policies by selecting Start, Programs, Administrative Tools, Local Security Policy or Start.All Programs. Administrative Tools.Local Security Policy. Alternatively, choose Start, Run, type secpol.msc / s, and press Enter.

However, it should be noted that all changes are made through the Local Security Policy tool (in Windows 2000, this tool called Local Security Settings) is valid only for the Windows system you are using.The change of a parameter in the Windows configuration file can affect not only the scope of the file that has been edited, but also many of the parameters in the configuration file. else we can't know it all.You can find out the meaning of each item in Account Policies, Local Policies in the Local Security Policy tool and Security Configuration and Analysis by referring to the Help section of

 

 

Ignore the Log-in screen
If you are the only person using the computer and have installed Microsoft .Net Framework upgrade, you no longer have to stop to log in to Windows.To remove this action, select Start, Run, type control userpasswords2, and press Enter.In the User Accounts dialog box, select your own username from the four listed names (others are Administrator, ASPNET and Guest), leaving the 'User must enter a user name and password option to use this computer' and Click OK.In the resulting dialog box, check to make sure your username is correct in the username, leave both password boxes blank and finally click OK.

 

Windows.For example, if you want to know the meaning of Account and Local policies, follow these steps.Click Start.Help and Support, enter Account and local policies in the search dialog box, press Enter and wait a bit for the machine to complete the search.Click the Full-text Search Matches tab and then select Account and local policies.The right window area will display the content of the selected item.Windows 2000 alone is not as detailed and detailed as in Windows XP, the overall system security content is only encapsulated in the Advanced Topics section of the Security Configuration and Analysis section.

Precise adjustment of each parameter: If you prefer to manually tweak each parameter to make the system more secure or want to change some parameters of the current configuration file that is currently applied to the system, you should do so immediately. on the Security Configuration and Analysis tool.To edit any parameters of the current configuration, double-click each parameter in the window on the right of the screen and select or uncheck the option or increase or decrease the value on each parameter in the Properties dialog.When done, click OK and then choose File, Save to record your edit.To apply the modified modifications to the system, select the Security Configuration and Analysis item, then choose Action, Configure Computer Now.Enter the name and path to save the result (click OK if you accept the default value provided by Windows).When the computer is done, perform the system analysis process as mentioned above to know the results of applying these changes.If the number of red danger symbols appears less than before, it means your system is more secure.Try connecting to the Internet, reading e-mails or launching applications related to the changed parameters to re-test your work results.If you find that you do not want to do so, you should perform a procedure to restore the Windows Registry of Windows and then re-edit the configuration again until successful.

 

UTILITIES WINDOWS FREE CONFIGURATION

 

 

The new version of the Fresh UI utility has improved a number of features that help users to change almost every configuration parameter in the system, in addition to adding many features that make your computer work. more safe and stable.
The interface of the utility has two main parts, the left pane is the list of Windows configuration parameters and the main applications are presented hierarchically according to the directory tree model.The right pane details the selected configuration parameters and allows you to change them.The window area above the two mentioned windows has the effect of explaining the main function of each configuration parameter in the left pane.You can download this utility for free at www.find.pcworld.com, ID: 45634.However, you will have to perform some additional procedures as required by the company.

 

 

Le Thu
PC World USA 03/2005