Skip to content
Skip to navigation menu

 

Securing University Owned Windows Computers

Windows 95/98/ME/NT/2000

Pre windows XP operating systems should not be connected to the network and upgraded Immediately.


As these products are now no longer supported by Microsoft all security patches have been stopped. This means that security holes and vulnerabilities in these operating systems will remain open to be exploited. Many tools and viruses readily exploit these holes and in most cases will turn over control of the computer to the attackers.


If you have a system that has to remain on an early version of windows you will need to contact the security team via the Insrv Helpdesk for advice.


Please note: Without Microsoft security patches, should a worm type virus arrive on campus, these systems may be left inoperable and un-repairable. To protect the campus network, Windows 95/98/ME/NT/2000 systems suspected of being infected with a virus will be disconnected from the network without warning.

Back to top

 

 

Windows XP (with INSRV image)

Securing the System

Information Services produce a version of Windows XP tailored specifically for use on campus.  This customized version of Windows XP - known as the ‘INSRV XP image’ - can be quickly and easily installed on most campus desktop systems. 

The advantages of using the INSRV XP image include…

  • Speed of (re-)installation - Should any problem require a re-installation of the operating system, a working copy of Windows XP can be quickly reapplied.  Depending on the speed of the system, a user can be back working in under one hour.
  • Virus software - Virus software pre-installed and configured to update every 30 Min.
  • Windows Security Updates - Windows updates configured to automatically update daily. 
  • Windows Services - Un-necessary Windows services (often targeted by viruses or hackers) disabled by default.
  • Image lockdown - Imaged systems are ‘locked down’, restricting access to critical system components (again, often targeted by viruses or hackers)
  • Availability of software applications - by applying an INSRV image, staff instantly gain access to over 50 centrally licensed applications including packages such as Microsoft Office, Adobe Photoshop, Endnote or SPSS.
  • INSRV support - INSRV provide technical support for INSRV imaged systems only.  By using an INSRV image, Schools are able to call upon INSRV technical staff to resolve problems. 

There are two image releases per year ...

  • New Image (July annually) includes new technologies and major service packs ,major software upgrades, and client updates.
  • Interim Image (January annually) includes only patches and fixes to the July image for users forced to reimage. If you have a July image, there is no benefit in reimaging to an interim image, as they should be exactly the same after the installation and updates have completed.

The use of Non-INSRV imaged systems on campus is discouraged.  Should Schools choose to use a standard installation of Windows XP in place of the INSRV image, the burden of package installation, system security and technical support lies with the staff member or School local computing representative.

Virus Software for INSRV images 

INSRV imaged systems have Sophos Antivirus software pre-installed.

 

Please note:  If you have any problems with Sophos, please contact insrvConnect for assistance.  Do not install a standalone or ‘home’ configured version of Sophos.  Settings need to be changed to allow Sophos to function correctly on campus.  A ‘home’ configured version of the software will not work on campus.

 Back to top

 

Windows XP/Vista/Windows 7 (Non-INSRV image)

The use of ‘custom built’ or 'pre-installed' versions of Windows XP on campus is strongly discouraged. The INSRV XP image has been specifically designed and secured for use on campus.   Please report any issue preventing the use of the INSRV XP image to INSRV for investigation.  The XP image is constantly reviewed, and every effort will be made to accommodate requested changes in the next image release.

Custom built Windows XP systems in use on campus are not supported by INSRV, however where possible, assistance will be provided on a ‘best endeavours’ basis only.

The following advice is offered in an attempt to increase the awareness of the steps necessary to adequately protect custom built windows systems connected to the campus network.

Windows Update

Regular Microsoft security updates (known as ‘patches’) are essential in protecting a Windows system.  Custom built Windows XP systems must have automatic Windows updates enabled.  To check this feature is enabled…

  • Right Click the My Computer icon from the desktop (or start menu if this icon is not present on your desktop)
  • From the resulting shortcut menu, select Properties
  • From the resulting dialog box, click the ‘Automatic Updates’ tab

 

Windows Update

(the appearance of this dialog box may be slightly different on systems running Windows XP SP1)

Select one of the following two options from the automatic updates dialog box..

  • Select the ‘Automatic’ option, to have patches automatically downloaded and automatically installed,

or, if automatic installation may prove inconvenient,

  • Select 'Download updates for me, but let me choose when to install them'

To automatically download, but not install the patches.  With this option, installation is prompted via an installation 'bubble' or 'shield' (depending on version) in the system tray.  Please ensure minimum delay in installing patches.  Your system remains vulnerable until patches are installed.  

Please note: During Windows Update, you may be offered ‘Windows XP Service Pack 3 (SP3).  Information Services strongly recommends the installation of this important Windows update.  Windows XP SP3 will in future become a Microsoft pre-requisite, necessary for future security and application updates. 

Please note: For systems running specialist applications, or connected to specialist equipment, please verify with the software/hardware vendor that automatic installation of Windows updates, including XP SP3 is recommended.

Novell Client

Custom built systems requiring access to netware services will require a copy of the latest Novell networking client software.  Information Services currently recommend installation of Novell client 4.91SP1 available for download from http://download.novell.com.

Disable Microsoft file and print sharing

If you do not need to support Microsoft file and print sharing, disable this feature..

  • In Control panel, click the Network and Internet Connections icon, choose Network Connections.
  • Right-click Local Area Connections and choose Properties.
  • Clear the File and Print Sharing for Microsoft Networks box.

Disable unwanted services

Unused services can be a potential security vulnerability. You should enable only the services that are absolutely required to operate your system. 

To disable selected Windows services...

  • Right Click the My Computer icon from the desktop (or start menu if this icon is not present on your desktop) 
  • Click Manage
  • Expand the Services and Applications section
  • Click Services
  • For each service to be disabled, Right Click, select properties, change Startup Type to 'disabled'

Please note: Services should not be disabled without an understanding of their use and the impact disabling the service will have.  INSRV are unable to recommend services to be disabled on custom built systems, as the software installed on each system may differ.  If you are in doubt, INSRV recommend the use of the INSRV image .

 Anti-Virus software

Sophos

Systems purchased by the University are licensed to run Sophos anti-virus software.  Click the link below to access Sophos anti-virus software for University owned Windows systems. 

Depending on your location, you may be prompted to enter your Cardiff University username and password to access the software.

 

Your system will need to have all old antivirus software removed and be ready to be rebooted. You may need to download the removal tool from your old antivirus software vendor’s website. (For example: If you had Kaspersky installed go to the Kaspersky website and download and run the Kaspersky removal tool. If you had Norton 360 visit the Norton website and download and run the Norton removal tool.

Clicking the link will download a exe file, double click the downloaded file to install. 

Download is labeled as home but is suitable for all non imaged installs on campus.