Windows XP Security Guide
Overview
Any IT environment is only as secure as its weakest link. Unfortunately, client operating systems are often overlooked during security projects. As your organization plans to implement Microsoft® Windows® XP Professional with Service Pack 2 (SP2), ensure that security is an integral part of your deployment plans. Although the default installation of Windows XP is quite secure, it is important to remember the trade-offs that exist between security, usability, and functionality of the client computers in your environment. A thorough understanding of these trade-offs places your organization in a position to maximize the security of your Windows XP deployment. The Windows XP Security Guide provides specific recommendations about how to harden computers that run Windows XP with SP2 in three distinct environments:
This guide was developed, reviewed, and approved by teams of authoritative experts in security. This guide and other security guidance topics are available at the Microsoft TechNet Security Center at http://www.microsoft.com/technet/security/default.mspx. This guide comprises seven chapters and two appendices. On This PageChapter 1: Introduction to the Windows XP Security GuideThis chapter includes an overview of the guide, descriptions of the intended audience, the problems that are discussed in the guide, and the overall intent of the guide. Chapter 2: Configuring the Active Directory Domain InfrastructureYou can use Group Policy to manage user and computer environments in Windows Server 2003 and Windows 2000 domains. It is an essential tool for securing Windows XP, and can be used to apply and maintain a consistent Security policy across a network from a central location. This chapter discusses the preliminary steps that must be performed in your domain before you apply Group Policy to your Windows XP client computers. Group Policy settings are stored in Group Policy objects (GPOs) on domain controllers. GPOs are linked to sites, domains, and OUs within the Active Directory structure. Because Group Policy is so closely integrated with Active Directory, it is important to have a basic understanding of your Active Directory structure and security implications before you implement Group Policy. Chapter 3: Security Settings for Windows XP ClientsThis chapter describes the security settings for Windows XP client computers that may be set through Group Policy in a Windows 2000 or Windows Server 2003 Active Directory domain. Guidance is not provided for all of the available settings—only those settings that will help secure an environment from most current threats are provided. The guidance also allows users to continue to perform typical job functions on their computers. The settings that you configure should be based on your organization’s security goals. Chapter 4: Administrative Templates for Windows XPIn this chapter, settings that can be added to Windows XP by using Administrative Templates are discussed. Administrative Templates are Unicode files that you can use to configure the registry–based settings that govern the behavior of many services, applications, and operating system components. There are many Administrative Templates that can be used with Windows XP, and they contain hundreds of settings. Chapter 5: Securing Stand-Alone Windows XP ClientsAlthough most of this guide focuses on the Enterprise Client (EC) and Specialized Security – Limited Functionality (SSLF) environments, this chapter also discusses the configuration of stand-alone Windows XP client computers. Microsoft recommends that Windows XP be deployed in an Active Directory domain infrastructure, but recognizes that it is not always possible to do so. This chapter provides guidance about how to apply the recommended configurations to Windows XP with SP2 client computers that are not members of a Windows 2000 or Windows Server 2003 domain. Chapter 6: Software Restriction Policy for Windows XP ClientsThis chapter provides a basic overview of software restriction policy, which provides administrators with a policy-driven mechanism to identify and limit the software that can be run in their domain. Administrators can use a software restriction policy to prevent unwanted programs from running and prevent viruses, Trojan horses, or other malicious code from spreading. Software restriction policies fully integrate with Active Directory and Group Policy, and they can also be used in an environment without a Windows Server 2003 domain infrastructure when applied to only the local computer. Chapter 7: ConclusionThe final chapter reviews the important points of the guide in a brief overview of everything that is discussed in the previous chapters. Appendix A: Key Settings to ConsiderAlthough this guide discusses many security countermeasures and security settings, it is important to understand a small number of them are especially important. This appendix discusses the settings that will have the biggest impact on the security of computers that run Windows XP with SP2. Appendix B: Testing the Windows XP Security GuideThis appendix explains how the Windows XP Security Guide was tested in a lab environment to ensure that the guidance works as expected. Related ResourcesFor additional information about the security settings prescribed in this guide, see the companion guide, Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP at http://go.microsoft.com/fwlink/?LinkId=15159. Read other security solutions from the Microsoft Solutions for Security and Compliance (MSSC) team. Give Us Your FeedbackThe Microsoft Solutions for Security and Compliance (MSSC) team would appreciate your thoughts about this and other security solutions. Have an opinion? Let us know on the Security Solutions Blog for the IT Professional. Or e-mail your feedback to the following address: SecWish@microsoft.com. We respond often to feedback that is sent to this mailbox. We look forward to hearing from you.
|
In This Article
|
