Hardening Windows XP Server

1. Install all patches

Configure system to automatically install new updates.

Use MBSA, HFNetChk, or other similar utilities on a regular basis to identify patch status issues.

2. Convert all FAT32 drives to NTFS

From the command prompt, type this:

convert drive /FS:NTFS /V

3. Disable Automated Logins

4. turn on the windows firewall

5. turn on auditing

6. disable these services



FTP Publishing Service

IIS Admin Service


NetMeeting? Remote Desktop Sharing

Routing and Remote Access

Simple Mail Transfer Protocol (SMTP)

Simple Network Management Protocol (SNMP) Service

Simple Network Management Protocol (SNMP) Trap


World Wide Web Publishing Services.

8. Do not configure Wireless Auto Configuration to attempt to connect to any wireless network


9. Disable UPnP unless its dynamic updating feature is needed for compatibility with other devices,

such as firewalls.

10. Disable LM and NTLM v1 in enterprise and high security environments.

11. Use security templates to configure security settings on Windows XP systems. Modify the templates as necessary to conform to local security policy, and document all modifications.

12. Use the Security Templates and Security Configuration and Analysis MMC snap-ins to create, import, view, modify, and export template settings, and to compare template settings with actual system settings.

13. Use the Group Policy Object Editor, Group Policy Management Console, and Group Policy Modeling Wizard MMC snap-ins to automate the deployment of security settings to domain member systems.

14. Remove all users from the Remote Desktop Users and Power Users groups that do not specifically need to be members.

Contributors to this page: Michael Shinn .




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s