A Secure Windows Installation Recipe
Once I got past the hang problem I blogged about here when rebuilding a WinXP system, I switched my regular login to least privilege, of course. Then, logged in as Administrator (the name of which I had changed, of course), I installed my many apps. It blows my mind the number of setup apps that have no respect for the user profile they’re installed against. To their credit, some have the setup screen that asks whether to install the app for all users or just the current user. Running as the Administrator user you want to select all users, of course. But even in those cases sometimes the Program Files item on the start menu was only in the Administrator.
It’s hard enough to install a new app every so often on a machine that has been long since configured and used on a daily basis. Every week or three when you have to install a new app you have to put up with the hassles of finding the right trick to use to get it installed correctly under least privilege. But to spend half a day installing app after app and having to fight it all along the way just isn’t worth it.
So at this point I have to recommend that you build a new machine with admin privileges while logged in as your regular, non-admin login. That way you don't have to fight setup programs that act like they were designed before security was invented (well, because most were) and your configuration settings are properly installed for your everyday login.
The pattern would look something like this:
- Install Windows and configure its components logged in as Administrator.
- Go to Windows Update and install everything but SP2.
- Create your regular user login and make it a member of both the Administrators and Users group.
- Log in under that login and install security-related utilities, including a firewall if you’ll not use the Windows firewall, antivirus software, adware protection, antispam software, and anything else that gives you a warm, fuzzy, secure feeling.
- Install Office, Visual Studio, and all your other apps and tools.
- At the very least, startup all those applications and do whatever configuration dance they require. Some apps write config data in protected areas, so you need to do this with admin privileges. This gets your apps configured without hassle.
- Use the machine for a day or three with your login still a member of the Administrator group. It pains me to no end to write this, but it’s the best balance between security and sanity.
- Once you’re reasonably satisfied that things are configured the way you want, install SP2 and then remove yourself from the Administrators group. Put a reminder in Outlook to do this so you don’t forget.
Voila! A secure Windows installation.
I think this recipe is a reasonable compromise between security and sanity. If you have any ideas for better ways to do things, I’m all ears!
Footnote: Somewhere I have a reference for steps you can follow to prevent attacks while connecting to the Internet with an unpatched Windows install in order to connect to Windows Update. Does anyone know of such a thing? If not, I’ll poke around and post it when I find it again.