Vista Security Tweaks
Windows Vista is the most secure operating system that Microsoft has produced. With a multitude of features that make the operating system secure; this operating system like ALL operating systems can be made more secure by tweaking the inner workings of Vista. System tweaks for users is often found by the end user. This series explores different methodologies of protecting the operating system while allow the user to keep a work friendly workspace.
Vista Firewall Tweaks
The firewall control in Vista is one of the most important tweaks. Microsoft’s firewall in Windows Vista is one of the most secure and flexible software firewalls made in any operating system.
To further secure packets coming in and going out of your computer, click on the Start Button and type wf.msc (Windows Firewall Snap-in) and hit enter.
Each of these rules can be reviewed and configured independently. Users should change the default action for connections that are outbound from allow to block. Remember to only allow programs that need access to the internet. The only programs that should be allowed are programs needing updates or those controlled by the user.
Windows Vista Firewall
Policy Tweaks - Lockout
Creating an account lockout policy locks basic users out of workstations if the wrong password or username is entered. Rules can be set for the number of invalid login attempts. Although this tweak can be performed in Windows XP and will be carried over into Windows 7, it is often one of the most overlooked access control policies that should be put into place.
- Click on the Start Button and enter Secpol.msc
- Click on Account Policies - Account Lockout Policy.
- Right click on Account lockout threshold and select Properties. (You can also double click this option)
Tweaking the UAC
The user account control (UAC) was placed in Windows Vista to ‘help’ users when installing applications or making decisions about changes in the operating system. Tweaking security goes both ways. Too much security can hinder the average user or administrator while not enough security can compromise security on the workstation.
Below are the default values shown in the policy. Items in italics are the default settings.
1. Click on start and enter secpol.msc - this will bring up the security policy snapin.
(You can also get to this policy by navigating to the administrative tools group.)
2. Click on Local Policies - Security Options.
3. Navigate to User Account Protection settings.
- User Account Control: Admin Approval Mode for the Built-in Administrator account
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
- Elevate without prompting
- Prompt for credentials
- Prompt for consent
- User Account Control: Behavior of the elevation prompt for standard users
- Automatically deny elevation requests
- Prompt for credentials
- User Account Control: Detect application installations and prompt for elevation
- User Account Control: Only elevate executables that are signed and validated
- User Account Control: Only elevate UIAccess applications that are installed in secure locations
- User Account Control: Run all administrators in Admin Approval Mode
- User Account Control: Switch to the secure desktop when prompting for elevation
- User Account Control: Virtualize file and registry write failures to per-user locations
Remember that the UAC serves an important role and should not be disabled.
Tweaking can make you more secure or it can relieve security tasks and burdens that have an impact on production. Security should never be sacrificed for convenience. These are only three small tweaks that can help with the basic security needs in Windows Vista.
This post is part of the series: Windows Vista Security
Microsoft’s Vista is one of the most secure operating systems produced by Microsoft. Security with any operating system is set to defaults to allow users the luxury of being secure without interfering with production. Operating system security can always be tweaked to increase or decrease security