XP system with no vulnerabilities perfect system security 10 tips

(1) Select the NTFS format to partition

It is best that all partitions are in NTFS format because the NTFS-formatted partitions are more secure. Even if other partitions are in other formats (such as FAT32), they should be in NTFS format at least in the partition where the system resides. In addition, applications should not be placed in the same partition as the system, so that an attacker could exploit application vulnerabilities (such as Microsoft's IIS vulnerabilities) to cause system files to leak, and even allow intruders to remotely obtain administrator privileges.

(2) Optimizing the customization of components

Windows XP installs some commonly used components by default, but it is very dangerous for this default installation, you should know exactly what services you need, and just install the services you really need, according to security principles, minimal service + minimal permissions = maximum security.

(3) Manage system and resource permissions

Each user has the appropriate permissions on Windows XP, the corresponding permissions users can do different operations on the system, such as the installation of hardware and software configuration, the addition of the document directory to delete. Therefore, the user's permissions must be controlled to ensure that the system is secure by default there are many permission groups in Windows XP, and the user added to these permission groups will be given the appropriate permissions as shown below.

The common group features are described below:

Administrators group: This group has unrestricted full access to the entire system, allowing the user to specify the highest level of permissions in the user group.

PowerUser Group: This group can perform any action other than the Administrators group retention task, and the default permissions assigned to the PowerUser group allow it to modify the settings of the entire computer, but cannot add themselves to the Administrators group. The permissions of this group are second only to administrators.

Users group: The user of this group cannot modify the operating system settings, registry, or user information. It can only run validated applications or create local groups, but only local groups that are created.

Guests group: The permissions of this group have the same access as the Users group, but the operating system has more restrictions on it.

(4) Security settings for user accounts

Check user account, stop unwanted account number, recommend to change the default account name.

Disable the Guest account to disable the Guest account in a computer-managed user. For insurance purposes, it's a good idea to add a complex password to the guest.

Limit unnecessary users to remove all duplicate user users, test users, shared users, and so on. User Group Policy sets the appropriate permissions and frequently checks the users of the system to remove users that are no longer in use.

Create two administrator accounts create a general permission user to receive letters and handle some day-to-day things, and another user with administrator privileges is only used when needed.

Renaming the system administrator account to Windows XP users cannot be disabled, which means that others can try the user's password over and over again. Try to disguise it as a regular user, such as GUESYCLUDX.

Do not let the system display the last Logged-on user name Open Registry Editor and locate the registry key Hklmsoftwaremicrosoftwindowstcurrentversionwinlogondont-displaylastusername. Change the key value to 1.

System account/Shared list the default installation of Windows XP allows any user to get all the account/share lists of the system through empty users, which is intended to facilitate the sharing of files by users of the LAN, but a remote user can also get your list of users and use brute force to crack the user's password. You can disable 139 null connections by changing the registry local_machinesystemcurrentcontrolsetcontrollsa-restrictanonymous =, and you can also use the Windows XP Local Security policy ( If the domain server is in Domain Server security and domain security policy, there are options restrictanonymous (additional restrictions on anonymous connections).