Dancing over the Windows, Day I

Reinstalled Windows NT 5.1.2600 / XP Media Center Edition.

After rebooting, the machine gave a message that it was prepairing windows for start up; it was obviously trying to establish a network connection, assumably in order to phone hone registration data. That didn’t work, so the computer restarted itself and tried again, when that failed, it finally put up, shup up, and let me go through the boring setup screen.

As usual, I set the machine up for a U.S. environment but with GMT time zone and no DST adjustments, this gives me accurate enough GMT/UTC settings :-).

Was forced to create a “Regular user account” which also happened to be created as a passwordless adminisrator account: oh what a wonderful defualt! Named it “appeasement” and moved on. On the first ‘usable’ boot up, I used the double ccntl+alt+del trick to login as the pseudo-hidden Administrator, and get to work on setting up the machine. I created my limited user account, locked it with a password — then locked the forced-admin account with a ~90char password and locked it, generated manually useding my usual algorithim for creating pseduo-random passwords. Then I did like wise to the guest account, setting a random ~150char password. Both appeasement and guest were doubly checked to ensure they were properly locked down. I’ve elected to make use of Adminisrator directly for setting things up, since I’ve always used a separate admin account in the past and really see much value in hiding Adminisrator; however I do admit a temptation to rename it “Bill” as a joke between friends.

I also took the liberty of forcing Windows XP to use the classic login dialog, rather then the XP welcome screen; it’s a shame that it remembers the last used user name though, which kind of defaults the point of not listing user names (which was mentioned in the CPL). My reason for switching to the classic login screen however, is because I find it more convientant for quickly logging into the system, then having to play with the icons on the welcome screen.

Disabled Windows Firewall and installed my wifi adapters drivers, but had no luck in getting a connection to my home network :-(. After a bit of abuse, I killed the poorly written network management utility that came with the driver, along with all the programs and service it created. After that, I was able to get a clean connection to my AP :-). Personally, I think any time a network device driver tries to override the systems network configuration software by default, means either they were assholes or the system has terrible network support. Over the years, I’ve found that Windows does have terrible network support (compared to FOSS unix systems) but configuring network settings, especially wireless: is very painless under XP.

To avoid nagging, I turned off Windows auto update crap, and fired up IE6; hitting update.microsoft.com I jumped through the hoops to download/install Service Pack 3. After the rebooting dance that followed, I then returned to update.microsoft.com in order to update things. That resulting in installing _60_ updates for my computer and another reboot, after that was taken care of, I turned on Windows updates. Guess what it told me after that? There are more updatse for your computer ^_^. It has been nagging me to reboot every couple minutes since then. Two cool comments: nVidia and Creative drivers were listed, speeding up my installation of the latest nVidia drivers xD.

Kicked off cmd, explorer, control, regedit, and mmc (Micro$oft Management Console) so I could start work on making Some changes:

 Set IE8 to a higher security level for Internet use
Set IE8 to reject third party cookies
Prevent Winsucks Explorer from hiding file extensions - come one, seriously?
Automatically search[ing] for network folders and printers turned off in Explorer
*.js? *.reg, *.sh?, *.vb?, *.ws? file associations remapped to Notepad
Error Reporting set to MS/Win crap onnly
Tell Security Center not to whine about FW/AV.
Killed sticky keys & compatriates; made this default for new users
Data Execution Prevention (DEP) on for all programs
Remote Assistence / Remote Desktop / NetMeeting RDS / Remote Desktop Help Session Manager turned off
UPnP & SSDP services disabled
Remote Registry service disabled
Net Logon service disabled
Media Centre services disabled
Aleter service disabled
Computer Browser service disabled - I don't want it
Distributed Link Tracking Client disabled
Help & Support set to manual - FWIW
Network Location Awareness (NLA) set to automatic
Network Provisioning Service disabed
Print Spooler service set to manual - I rarely print stuff
Security Center service disabled
Server service disalbed
Shell Hardware Detection (autoplay) service disabled
TCP/IP NetBIOS Helper service disabled - just piss off lou
changed Windows Time server from MS to NIST
Cleared the "Register this connection's addresses in DNS" thing Disabled LMHOSTS lookup on my wifi connection
Disabled NetBIOS over TCP/IP on my wifi connection
Don't auto-restart after crash
Don't dump core on crash
Disabled hibernation support
Configured Windows to clear the pagefile on shutdown
Set power mangemenet policy to minimal (just kill monitor)
Set the system to use the Metric system by default.
Set the system to use ISO standard date/time format by default.
Turned off the advanced language/text stuff; I don't need to input Hanzi/Cyrillic

At this point, I rebooted the system:

 shutdown -t 2 -r

and logged in with my limited user account. Ahh, the passionate joys of bending computer software to your evil bidding!!! The first thing I did was double check IE8 settings, and go install Google Chrome ;-). The second thing was open a Command Prompt — I never go without having one available.

I could configure Internet Explorer 8 more diliengly for secure operation, but I don’t use the bloody thing, except when programs (like XFire) require embedding IE or when visiting update.micro$oft.com. My life is spread across Chrome, Firefox, lynx, and links; but Chrome is my preferred beast of surfing burden.

From here on in, it was time to get cracking! C:2install was setup for storing downloaded files. After taking a few moments to get Chrome hooked up, my next stop was downloading PuTTY, making it a painless process to gain access to my OpenBSD server down the hall. Namely, the cute girl holding all of my backup data lol. When I took backups of SAL1600 today, I made saved a file named software.list with a table of every thing I need to fetch & install, written as: programtt-turl and sorted in sequence.

Although my PuTTY settings are unreachable without PuTTY, since the exported registry keys for all my sessions are on Vectra, I have sufficant memory to reach her manually.

Oh yeah, now I could finally hit 949thebull.

Because of my insane nack for planning these things better then NASA can launch a space shuttle, it was a rapid file breeze downloading most of the software I need to install, and the last 9 hours have been pretty interesting. All that is left to fetch, is basically Microsoft compiler/ide/runtime stuff and my mouse drivers. Most of tomorrow will likely be spent installing/configuring everything while waiting for the backups to SCP back over. Right now only the most minimal kit is setup and as soon as this virus scan completes, I’m hitting the hay, it’s already after 0830 in the morning….

There is also one more thing that I need to do, start checking more in depth the default access control and system policies. Despite often presenting pure idoicy as a matter of standard operating procedure, Windows NT does have some very nice security features; they’re just hidden so far from the average desktop user, that most will likely never discover them :-/. One of these days, I really need to setup some custom templates in order to speed all this crap up!

To be continued…