1. Install all patches
Configure system to automatically install new updates.
Use MBSA, HFNetChk, or other similar utilities on a regular basis to identify patch status issues.
2. Convert all FAT32 drives to NTFS
From the command prompt, type this:
convert drive /FS:NTFS /V
3. Disable Automated Logins
4. turn on the windows firewall
5. turn on auditing
6. disable these services
FTP Publishing Service
IIS Admin Service
NetMeeting? Remote Desktop Sharing
Routing and Remote Access
Simple Mail Transfer Protocol (SMTP)
Simple Network Management Protocol (SNMP) Service
Simple Network Management Protocol (SNMP) Trap
World Wide Web Publishing Services.
8. Do not configure Wireless Auto Configuration to attempt to connect to any wireless network
9. Disable UPnP unless its dynamic updating feature is needed for compatibility with other devices,
such as firewalls.
10. Disable LM and NTLM v1 in enterprise and high security environments.
11. Use security templates to configure security settings on Windows XP systems. Modify the templates as necessary to conform to local security policy, and document all modifications.
12. Use the Security Templates and Security Configuration and Analysis MMC snap-ins to create, import, view, modify, and export template settings, and to compare template settings with actual system settings.
13. Use the Group Policy Object Editor, Group Policy Management Console, and Group Policy Modeling Wizard MMC snap-ins to automate the deployment of security settings to domain member systems.
14. Remove all users from the Remote Desktop Users and Power Users groups that do not specifically need to be members.
Contributors to this page: Michael Shinn .