Export (0) Print
Expand All

Securing Windows XP Desktops Resource Guide

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
  1. Visit the Microsoft Update site and install the latest service packs and critical updates. Some updates must be installed alone, and will require a reboot. Visit Microsoft Update as many times as necessary to install all critical updates. Refer to the Microsoft Windows XP Service Pack Installation and Deployment Guide for detailed information about how to manually install service packs, uninstall service packs, and add them to an install directory.

  2. Configure Automatic Updates to automatically notify you of the availability of new security fixes. If possible, configure Automatic Updates to automatically download updates and install them without manual intervention. For more control over updates, use Microsoft Software Update Services, Microsoft Systems Management Server, or a similar solution to reduce the labor associated with deploying patches. .

  3. Understand the new security features of Windows XP Professional.

  4. Enable the Internet Connection Firewall.

  5. Enable EFS for files and folders that contain private information, as documented in Microsoft Knowledge Base articles 307877 and 308989.

  6. Keep up with the latest security hotfixes by using the Security Bulletins Search

  7. Follow the Microsoft Windows XP Professional Baseline Security Checklist.

  8. Familiarize yourself with these Best Practices in Enterprise Security.

  9. Update your anti-virus tools and signature files from viruses. Check out the Virus Alerts regularly.

  10. Use the Baseline Security Analyzer to scan and evaluate the security of your system.

Ongoing Security Maintenance

Without ongoing maintenance your system can become vulnerable to new forms of attacks. Further, the security of your system will degrade over time due to human error of administrators managing the system. Follow these recommended steps on a regular basis:

  1. Use the Baseline Security Analyzer regularly to scan and evaluate the security of your system.

  2. Subscribe to the Microsoft Security Notification Service. This is a free e-mail notification service that Microsoft uses to send information to subscribers about the security of Microsoft products.

  3. Use the Microsoft Update Web site to check for the latest Recommended and Critical updates.

  4. Configure Automatic Updates to automatically notify you of the availability of new security fixes. If possible, configure Automatic Updates to automatically download updates and install them without manual intervention. For more control over updates, use Microsoft Software Update Services, Microsoft Systems Management Server, or a similar solution to reduce the labor associated with deploying patches.

  5. As new security fixes become available, it is important to apply these new fixes. Microsoft has created the Qchain tool to chain hotfixes together in order for only one reboot to be required when installing several fixes.

Additional Security Resources

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft