Windows 7 Hardening Guide

windows 7 hardening guideIf you’re looking for a detailed, definitive guide to hardening Windows 7, you can’t beat this security guide from Microsoft. It’s called the Threats and Countermeasures Guide: Security Settings in Windows 7 and Windows Server 2008 R2 and you can download it here.

It’s a massive 387 pages long and it includes specific descriptions and recommendations for every Windows 7 security setting. Here’s an example:

Accounts: Guest account status
This policy setting enables or disables the Guest account.

Possible values:

  • Enabled
  • Disabled
  • Not Defined

Vulnerability
The default Guest account allows unauthenticated network users to log on as Guest with no password. These unauthorized users could access any resources that are accessible to the Guest account over the network. This capability means that any shared folders with permissions that allow access to the Guest account, the Guests group, or the Everyone group are accessible over the network, which could lead to the exposure or corruption of data.

Countermeasure
Disable the Accounts: Guest account status policy setting so that the built-in Guest account cannot be used.

Potential impact
All network users must be authenticated before they can access shared resources. If you disable the Guest account and the Network Access: Sharing and Security Model option is set to Guest Only, network logons fail, such as those performed by the Microsoft Network Server (SMB Service). This policy setting should have little impact on most organizations because Disabled is the default setting.

If you’re developing your own Windows 7 Hardening Guide or Windows 7 Hardening Standard, use this document as your reference and you won’t go wrong.

{ 1 comment… read it below or add one }

Eman December 24, 2015 at 3:43 pm

Our site is built with WordPress and having had isseus with the 3.01 to 3.02 upgrade, I always look around to see what others are saying every time the next one comes out. I looked at the change log for 3.05 and I didn’t think anything really applied to me, but then I’m the sort of person who likes to have the most up to date version. I’m particularly concerned by the post above where all categories get reset to uncategorized. That would be a nightmare to correct for us. Seems it’s hard sometimes to ascertain the impact of an upgrade especially with so many different themes and plugins. I think I’ll wait to 3.1 then!

Leave a Comment

Previous post:

Next post: