Documentation:Windows XP Setup
From IOD SysWiki
Follow the steps below in order to set up your Windows XP computer. This will insure that your computer meets the security standards required by IOD.
Contents |
Install patches from CD
All patches from the IOD Windows XP Patch CD must be installed before connecting your computer to the network. You can obtain the Patch CD in two ways:
- You can create the CD yourself by connecting to \\coast\public\WindowsPatchCD\ and burning the XPWindowsPatches.iso image to a CD.
- You can pick up a CD from our office in CCS 211. Please email help@coast.ucsd.edu to let us know that you'll need a Patch CD.
Do not auto-update from Microsoft's site until all the latest patches are installed and the firewall rules are in place. It is imperative that you use the CD so that there is no risk of attack while the computer is being updated.
Set up Automatic Updates
Workstations
1. Click on the Start menu and choose Run. In the popup window, enter gpedit.msc and click OK. This opens the Group Policy Editor.
2. In the Group Policy Editor, expand Computer Configuration, Administrative Templates, and Windows Components. Click on Windows Update.
3. In the right panel, double-click on Configure Automatic Updates. In the popup window, make this setting Enabled. Under Configure Automatic Updating, choose option 4 - Auto download and schedule the install. When you are done, click OK.
4. In the right panel, double-click on No restart for scheduled Automatic Update installations. In the popup window, make this setting Enabled. When you are done, click OK.
5. In the right panel, double-click on Re-prompt for restart with scheduled installations. In the popup window, make this setting Enabled. Set the wait period to 10 minutes. When you are done, click OK.
Laptops
1. Click on the Start Menu and go to Settings, and open Control Panel. Open Automatic Updates.
2. Choose the Download updates for me, but letme choose when to install them option. When you've done this, click OK.
Win2k - install CCS/H-Lab firewall rules
( Win2k only, WinXP optional )
1. Click on the Start Menu and go to Settings, and open Control Panel. Under Administrative Tools, open Local Security Policy.
2. In the left panel, choose IP Security Policies on Local Machine.
3. From the Action menu, choose Import Policies.
4. Browse to the CD and open the Win2K-ipsec folder. Open the CCS_Firewall.ipsec file.
ftp://iod.ucsd.edu/software/MS_Windows/win2k-ipsec/CCS_Firewall.ipsec
5. Click on the entry labeled CCS Firewall in the right panel. From the action menu, choose Assign.
Windows XP Set up Firewall
( Must have at least Service Pack 2 installed )
1. Open the Windows Firewall control panel. Start Menu -> Control Panel -> Security Center.
2. Click on "Windows Firewall". Make sure the firewall is turned on and the Don't allow exceptions is not checked.
3. If you run services that require ports to be open in the firewall please contact IOD computer support mailto:help@coast.ucsd.edu for assistance.
4. In addition, for more advanced configuration options see the UC San Diego Network Operations page:
http://www-no.ucsd.edu/security/xpfirewall.html
Create sweep user
1. Open the Users and Passwords control panel.
2. Click the Add... button.
3. Set the Username to 'sweep' and the Full Name to 'IOD Sweep Account', then click Next.
4. Set the password to the sweep password supplied by a network administrator, then click Next.
5. Set the level of access to Other: Administrators, then click Finish.
Install Sophos Anti-Virus
1. Uninstall any previously installed anti-virus software.
2. Go to the UCSD Sophos download page and fill in the requested information. Download and install Sophos according to the the instructions on the UCSD software site.
3. After Sophos has been installed and updated, go to the Start menu and open Sophos Anti-virus.
4. Click on the Immediate tab, then open the Options menu and choose Configuration.
5. Click on the Scanning tab. Check Scan inside archive files, Include Macintosh viruses, and Scan mailboxes.
6. Click on the Disinfection tab. Check Disinfect boot sectors, Disinfect documents, Disinfect programs, and Disinfect mailboxes. Check Infected files and choose the Delete option. When you are done, click OK.
7. Repeat steps 5 and 6 for the Scheduled and On-access tabs.
8. Open the Options menu and choose Alerts.
9. Go to the SMTP Email tab and uncheck Disable SMTP email. Click Configure SMTP. Set the SMTP Server to 'smtp.ucsd.edu' and the SMTP Sender address to 'admin@coast.ucsd.edu', then click OK. Under Recipient email address, type in 'sophos@coast.ucsd.edu' then click Add. When you are done, click OK and close Sophos Anti-virus.
Install Security Software
Microsoft Baseline Security Analyzer
1. Open the "Baseline_Security_Analyzer" folder from the Patch CD and run MBSASetup-EN.msi. Alternatively, you can download the file from Microsoft's website.
2. Follow the onscreen instructions to install the software.
3. Once installed, you can use MBSA to check your computer for missing updates and other security vulnerabilities. You should run this check immediately after installing the software, and again at monthly intervals. You must be connected to the network for this program to work correctly.
Spybot Search & Destroy
1. Open the "Anti-spyware" folder from the Patch CD and run spybotsd13.exe. Alternatively, you can download the file from the Spybot website.
2. Follow the onscreen instructions to install the software. At the end of the installation, choose to run Spyboy.
3. Follow the instructions in the Spybot-S&D Wizard to backup your registry, then search for and download updates. Spybot will restart a the end of this process.
4. Go to the Update menu on the right and click 'Search for Updates Now.'
5. Go to the Search & Destroy menu and click 'Check Now' (this check may take several minutes to run). If any problems are found, choose to 'Fix selected problems'.
6. Go to the Immunize menu and click 'Immunize.'
7. Repeat steps 4-6 on a monthly basis to make sure your installation of Spybot is up to date and there is no malicious software on your computer.
