Windows Desktop Security Tips

Everybody likes to moan about Microsoft products (I do, too), but there are a number of security options available with the Windows operating system that are really quite phenomenal. As an administrator, you have the ability to control just about every aspect of the user's working environment, network or local. Windows is not famous for having a lot of effective default security settings to choose from, however and the Windows desktop is easily open to abuse because of this - if not tweaked properly.

This can be easily achieved by taking a few simple precautions, however. And here is a small collection of seven of my favorite Windows lockdown tips.

Tip 1: Keep your Email in simple text format. It's this simple: there is no way to stop all of that spam, adware, spyware and hacking if you don't give yourself a push and configure your mail as text. The mails containing HTML content might be beautiful to look at, but you are opening the door to abuse and trouble.

Tip 2: Don't keep potentially dangerous files closed for business. Have you ever stopped to think about locking away the System32 folder from Joe User? You ought to. There are way too many executable files in there that he or Joe Intruder can exploit. Just remove the unnecessary permissions.

Tip 3: Put the registry off-limits. Nobody needs to fool around with the registry, ever. Well, nobody except you, that is. Take the time to block access to potentially dangerous registry keys. These include the auto-run keys and startup folders - favorites for those who like to fiddle around with your system. Simply use the NTFS permissions to limit access to these files. Lock out the possibility of making file associations while you are at it. Make a list of types of files you do not want to run on your systems then take away their read and write permissions using NTFS (a group policy would be the best policy here).