Windows XP Professional PCs which are not connected to Active Directory Domains will thereby not be controlled by central domain controller. This is a classic example for a Small business where there may ot may not be a System Administrator and PCs can be shared by multiple users. However, Windows XP Professional security can be configured with Local Security Policies just as the PC is connected and controlled by the Domain Controller.
Microsoft releases Windows XP Security Guide Tools and Templates packages which can be downloaded for free from here. This has different Security Templates that can be applied to the PCs. There are high security minimal functionality templates which can be very restrictive. So care has to be taken before applying these templates.
However, there are two security templates that provide not so restrictive but useful security settings.
These are the StandAlone Enterprose Client Desktop (for desktops) & StandAlone Enterprose Client Laptop (for laptops).
These give your Windows XP professional PC or Laptop with
The password policy template enforces the requirement that users choose complex passwords that are greater than 8 characters in length. In addition, it requires users to change their password every 42 days. The policy monitors for failed attempts to log on to the computer. If 50 failed logon attempts occur within 30 minutes, the account is locked for 30 minutes, or until an administrator manually unlocks it.
The security policy template configures settings that ensure only valid users can connect to the computer, that only administrators can back up and restore files on the computer, and that only administrators can add new drivers to the computer.
Now, let’s get to business.
1. Download the “Windows XP Security Guide Tools & Templates” from here. Extract the downloaded ZIP file, and run the “Windows XP Security Guide Tools and Templates.msi” file. This extracts the Securty tools and templates to the “Windows XP Security Guide Tools and Templates” under “My Documents”.
2. Navigate to the folder MyDocuments -Windows XP Security Guide Tools and Templates – Stand Alone Clients.
3. In this folder, you can find two files “Standalone-EC-Desktop.cmd” and “Standalone-EC-Laptop.cmd”.
4. The actual file extensions (.txt) is hidden and hence from Tools – Folder Options – View tab, clear the Hide extensions for known file types checkbox, and then click OK. Now, you should see the .txt extension. Rename the file for instance “Standalone-EC-Laptop.cmd.txt” to “Standalone-EC-Laptop.cmd”.
5. Now, double-click the file to install the Security templates.
6. Restart the computer and the policy should take effect.
What if something goes wrong??? Rollback…
Ok, a fair question that is. We can reset or rollback to the default settings by following the procedure below. This will take you back to square one.
1. Click Start – Run, type cmd and press enter.
2. Type “secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose” (without the quotation marks), and press ENTER.
This process may take several minutes to complete. After completion, you should see a message that states: “Task is completed. Some files in the configuration are not found on this system so security cannot be set/queried. It’s ok to ignore.” This message is expected and does not require you to do anything.
3. Reboot the system and the Local Security Policies are set to defaults.
Incoming search terms:
- windows xp security guide tools and templates msi (27)
- local security policy windows 7 (5)
- XP security guide tools and templates msi (2)
- windows xp policies DisableCachingOfSSLPages (1)
- Standalone-EC-Desktop cmd (1)
- standalone windows xp security (1)
- stand-alone windows xp security guides (1)
- security policy windows (1)
- require password login windows xp pro standalone (1)
- Local Security Policy (1)