|
This tool is a set of scripts that user and Technical Liaisons can use to setup more secure Windows 2000 and Windows XP PCs.
Description/Purpose
This tool, or better set of tools, was developed by the IT Security Office in conjunction with the KU Field Security Officers. The goal of the project was to allow systems administrators to download a tool that would allow them to more easily harden computers that run the Windows 2000 or Windows XP operating systems. This tool will configure your computer to meet the IT Security Offices best practices for a windows workstation.
What it does
This tool hardens the four critical components of a properly configured Windows PC. These include:
- Password complexity and password rotation are turned on to meet the requirements of the KU password policy.
- Logging and Auditing are turned on and properly configured
- Services are hardened by removing many unused, unnecessary, or insecure services.
- Patch Installation by pointing the computers Autoupdate component to the central campus SUS server and configuring it to run daily
Download the tool
Windows Hardening Utility version 1.2.4
This tool is for Windows 2000 and Windows XP only. It includes documentation for the tool.
How it works
This tool utilizes multiple Windows Security Templates (.inf files). These coupled with the SECEDIT program in Windows can be used to import Group Policy configurations into the workstation quite easily.
Example:
secedit /configure /db password.sdb /cfg password.inf /overwrite /log password.log
This tool also utilizes a number of Registry Keys coupled with the REGEDIT program to import registry keys.
Example:
regedit /S .\data\windowsupdate.reg
For questions or assistance with this process please contact the IT Security Office:
Source
KU Field Security Officers
KU IT Security Office
http://www.security.ku.edu
|
