Skip to content
Skip to navigation menu

 

Securing University Owned Windows Computers

Windows 95/98/ME/NT/2000/XP

XP and Pre Windows XP operating systems should not be connected to the network and upgraded immediately.


As these products are now no longer supported by Microsoft all security patches have been stopped. This means that security holes and vulnerabilities in these operating systems will remain open to be exploited. Many tools and viruses readily exploit these holes and in most cases will turn over control of the computer to the attackers.


If you have a system that has to remain on an early version of Windows you will need to contact the security team via the IT Service Desk for advice.


Please note: Without Microsoft security patches, should a worm type virus arrive on campus, these systems may be left inoperable and un-repairable. To protect the campus network, Windows 95/98/ME/NT/2000/XP systems suspected of being infected with a virus will be disconnected from the network without warning.

Back to top

 

Windows Vista/Windows 7 (Non-INSRV image)

The use of 'custom built' or 'pre-installed' versions of Windows on campus is strongly discouraged. The INSRV image has been specifically designed and secured for use on campus. Please report any issue preventing the use of the INSRV image to INSRV for investigation. The image is constantly reviewed, and every effort will be made to accommodate requested changes in the next image release.

Custom built Windows systems in use on campus are not supported by INSRV, however where possible, assistance will be provided on a 'best endeavours' basis only.

The following advice is offered in an attempt to increase the awareness of the steps necessary to adequately protect custom built windows systems connected to the campus network.

Windows Update

Regular Microsoft security updates (known as 'patches') are essential in protecting a Windows system. Custom built Windows systems must have automatic Windows updates enabled.  To check this feature is enabled:

  • Right Click the My Computer icon from the desktop (or start menu if this icon is not present on your desktop)
  • From the resulting shortcut menu, select Properties
  • From the resulting dialog box, click the 'Automatic Updates' tab

 

Windows Update

(the appearance of this dialog box may be slightly different on systems running Windows XP SP1)

Select one of the following two options from the automatic updates dialog box.

  • Select the 'Automatic' option, to have patches automatically downloaded and automatically installed,

or, if automatic installation may prove inconvenient,

  • Select 'Download updates for me, but let me choose when to install them'

To automatically download, but not install the patches.  With this option, installation is prompted via an installation 'bubble' or 'shield' (depending on version) in the system tray.  Please ensure minimum delay in installing patches.  Your system remains vulnerable until patches are installed.  

Novell Client

Custom built systems requiring access to netware services will require a copy of the latest Novell networking client software.  Information Services currently recommend installation of Novell client 4.91SP1 available for download from http://download.novell.com.

Disable Microsoft file and print sharing

If you do not need to support Microsoft file and print sharing, disable this feature..

  • In Control panel, click the Network and Internet Connections icon, choose Network Connections.
  • Right-click Local Area Connections and choose Properties.
  • Clear the File and Print Sharing for Microsoft Networks box.

Disable unwanted services

Unused services can be a potential security vulnerability. You should enable only the services that are absolutely required to operate your system. 

To disable selected Windows services...

  • Right Click the My Computer icon from the desktop (or start menu if this icon is not present on your desktop) 
  • Click Manage
  • Expand the Services and Applications section
  • Click Services
  • For each service to be disabled, Right Click, select properties, change Startup Type to 'disabled'

Please note: Services should not be disabled without an understanding of their use and the impact disabling the service will have.  INSRV are unable to recommend services to be disabled on custom built systems, as the software installed on each system may differ.  If you are in doubt, INSRV recommend the use of the INSRV image .

 Anti-Virus software

Sophos

Systems purchased by the University are licensed to run Sophos anti-virus software.  Click the link below to access Sophos anti-virus software for University owned Windows systems. 

Depending on your location, you may be prompted to enter your Cardiff University username and password to access the software.

 

Your system will need to have all old antivirus software removed and be ready to be rebooted. You may need to download the removal tool from your old antivirus software vendor’s website. (For example: If you had Kaspersky installed go to the Kaspersky website and download and run the Kaspersky removal tool. If you had Norton 360 visit the Norton website and download and run the Norton removal tool.

Clicking the link will download a exe file, double click the downloaded file to install. 

Download is labelled as home but is suitable for all non imaged installs on campus.