The New Tech - View Single Post - HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA

**APK** · 09:43pm

Local Security Policies via ACL control & native tools to use to do that

7.) USE General LOCAL security policies (in gpedit.msc/secpol.msc - afaik though, these are NOT in XP "Home" edition, sorry)), these are VALUABLE tools (and will be needed & suggestions for it will be told to you by the CIS Tool noted above - great stuff!) and regedit.exe!

(Newly added - regedit.exe use is for registry ACL permissions, via its EDIT menu, PERMISSIONS submenu item (to add/remove users that have rights to regisry hives/values, & to establish their rights levels therein))

ALSO NEWLY ADDED - Explorer.exe "right-click" on drive letters/folders/files (for file access ACL permissions hardening) using its popup menu selection of "PROPERTIES", & in the next screen, the SECURITY tab (to add/remove users that have rights to said items, & to establish their rights levels therein), also - this is another requirement of CIS Tool 1.x & its suggestions for better security.

HOWEVER: Here, you may not be able to see the SECURITY TAB mentioned above. This is why (AND, HOW TO FIX THAT & straight from the horses mouth @ MS):

http://support.microsoft.com/kb/304040

==========

Turning on and turning off Simple File Sharing

Simple File Sharing is always turned on in Windows XP Home Edition-based computers. By default, the Simple File Sharing UI is turned on in Windows XP Professional-based computers that are joined to a workgroup. Windows XP Professional-based computers that are joined to a domain use only the classic file sharing and security interface. When you use the Simple File Sharing UI (that is located in the folder's properties), both share and file permissions are configured.

If you turn off Simple File Sharing, you have more control over the permissions to individual users. However, you must have advanced knowledge of NTFS and share permissions to help keep your folders and files more secure. If you turn off Simple File Sharing, the Shared Documents feature is not turned off.

To turn Simple File Sharing on or off in Windows XP Professional, follow these steps:

1. Double-click My Computer on the desktop.
2. On the Tools menu, click Folder Options.
3. Click the View tab, and then select the Use Simple File Sharing

(Recommended) check box to turn on Simple File Sharing. (Clear this check box to turn off this feature.)

==========

* That turns the ability to see the NTFS ACL SECURITY TAB, back on in Explorer.exe, for YOUR usage here, in the capacity of security-hardening your machine!

APK

Dec 6, 2007, 08:08pm	Local Security Policies via ACL control & native tools to use to do that
APK Elite Member Posts: 354 Name: The Duke of URL Karma:	Local Security Policies via ACL control & native tools to use to do that 7.) USE General LOCAL security policies (in gpedit.msc/secpol.msc - afaik though, these are NOT in XP "Home" edition, sorry)), these are VALUABLE tools (and will be needed & suggestions for it will be told to you by the CIS Tool noted above - great stuff!) and regedit.exe! (Newly added - regedit.exe use is for registry ACL permissions, via its EDIT menu, PERMISSIONS submenu item (to add/remove users that have rights to regisry hives/values, & to establish their rights levels therein)) ALSO NEWLY ADDED - Explorer.exe "right-click" on drive letters/folders/files (for file access ACL permissions hardening) using its popup menu selection of "PROPERTIES", & in the next screen, the SECURITY tab (to add/remove users that have rights to said items, & to establish their rights levels therein), also - this is another requirement of CIS Tool 1.x & its suggestions for better security. HOWEVER: Here, you may not be able to see the SECURITY TAB mentioned above. This is why (AND, HOW TO FIX THAT & straight from the horses mouth @ MS): http://support.microsoft.com/kb/304040 ========== Turning on and turning off Simple File Sharing Simple File Sharing is always turned on in Windows XP Home Edition-based computers. By default, the Simple File Sharing UI is turned on in Windows XP Professional-based computers that are joined to a workgroup. Windows XP Professional-based computers that are joined to a domain use only the classic file sharing and security interface. When you use the Simple File Sharing UI (that is located in the folder's properties), both share and file permissions are configured. If you turn off Simple File Sharing, you have more control over the permissions to individual users. However, you must have advanced knowledge of NTFS and share permissions to help keep your folders and files more secure. If you turn off Simple File Sharing, the Shared Documents feature is not turned off. To turn Simple File Sharing on or off in Windows XP Professional, follow these steps: 1. Double-click My Computer on the desktop. 2. On the Tools menu, click Folder Options. 3. Click the View tab, and then select the Use Simple File Sharing (Recommended) check box to turn on Simple File Sharing. (Clear this check box to turn off this feature.) ========== * That turns the ability to see the NTFS ACL SECURITY TAB, back on in Explorer.exe, for YOUR usage here, in the capacity of security-hardening your machine! APK Last edited by APK; May 23, 2008 at 09:43pm.