Config 1

This is a first page (of two all in all) of the "configuration settings" section and it's mainly (more or less) regarding various security related configuration settings except for the "ENVIRONMENT VARIABLES CONFIG", and also "THE HARD-DISK'S WRITE-CACHING" entries. Well, the latter one is a sort of security-related, but I would rather call that general computer safety precaution measure.

As first, here below is a list of a few special locations where you can change security and various other settings with (Local) Group Policy (i.e. "gpedit.msc"), which is a MMC type of program:

Local Computer Policy - Computer Configuration - Administrative Templates

Windows Components, System, Network Printers


Local Computer Policy - User Configuration - Administrative Templates

Windows Components, Start Menu and Taskbar, Desktop, Control Panel, Shared Folders, Network, System


And here a list of few locations where you can change security and various other settings with Local Security Settings (i.e. "secpol.msc"), which is, as its name implies, also a MMC program:

Security Settings - Account Policies

Password Policy, Account Lockout Policy


Security Settings - Local Policies

Audit Policy, User Rights Assignment, Security Options

ENVIRONMENT VARIABLES CONFIG

Next is a bit about the custom and/or optional Environment Variables that I use. For instance I am talking about entries like the variable name: dircmd with variable value: /-n which sets the display of directories/filenames in a CMD window on/under Windows XP (i.e. "command prompt" or "DOS prompt") to the left hand side when you run the dir command as it was in trevious versions of Windows, the variable name: PROMPT or prompt with more or less optional values (I usually set it to: $P\-$G or $P\-\$G, while $P$G is the default value) to set what's displayed in a CMD window; the value "$P\-$G" above would result in "D:\Software\->" instead of the default "D:\Software>" that's shown if the default "$P$G" value is used.

Then there are the variable name: TEMP and TEP which I both set to value: B:\Cache\Temp\ so that it points to my RAM-drive. And finally are the variable name: devmgr_show_nonpresent_devices with value: 1, which shows also hidden devices under "Non-Plug and Play Drivers" in Device Manager so that you can for instance stop or uninstall/remove old unused drivers (see also "Removing unused device drivers from Windows XP" article: http://techrepublic.com.com/5100-10877_11-6017628.html?tag=nl.e103 on Techrepublic website), and the variable name: MOZ_NO_REMOTE with value: 1 which is used for Mozilla Firefox respectively (see "THE FIREFOX-PROFILE PRINCIPLE" entry on the "principles1.html" page for details)

THE HARD-DISK'S WRITE-CACHING

And finally about the hard-disk related preventive measure that I recommend you all to take. This is/was originally a "blog-entry" on my slovenian Sopca blog entitled Ukrep za preprecitev sesutja trdega diska: http://tadej.sopca.com/2008/01/08/ukrep-za-preprecitev-sesutja-trdega-diska. It is all very very simple and it's about disabling the so-called "write caching" functions which is (at least as far as I know) enabled by defaultu on all new/fresh Windows installations. As you can see in the example screenshots below, you need to open Control Panel -- System (or System Properties) -- Harware tab -- Device Manager, then under "Disk drives" double-click on the hard-disk you're using (mine is for instance "Western Digital, WD Caviar SE"), then in "WDC WD800JB-00JJA0 Properties" sub-window (of course, only in my cases) go to v "Policies" tab, and finally under "Write caching and Safe Removal" UN-CHECK the "Enable write caching on the disk" checkbox.

This preventive measure prevents the data that wouldn't have time to be written from it's internal cache to the hard-disk (in case of a BSOD, an electricity failure etc.) to become lost or corrupted, which in some cases could even cause a total hard-disk or at least partition/drive corruption.

SET TERMINAL-WINDOW SETTINGS

I urge anyone with a dial-up connection (or other types too, if they have these two options) to always set you computer for the one particular connection (free ISP account) that you are mostly using to "Never dial a connection" but especially to "Show terminal window" before dialing. This way, there is no chance for those malicious "dialer" programs to do any harm. Here are the links to screenshots of these two settings/windows stored at CastleCops (where I've used the graphic in one of my posts back then):  http://castlecops.com/modules.php?name=Forums&file=download&id=5725,  http://castlecops.com/modules.php?name=Forums&file=download&id=5726.

Hmmm, if I remember correctly, there is yet another setting called "Show Pre-dial Terminal Screen" which is not the same as "Show terminal window" mentioned above. Anyways, if the thumbnails above are not displayed OK in your browser, then you can try with these two direct links to the screenshots hosted on Imageshack: http://img259.imageshack.us/img259/5233/terminalwindow0gb.gif, http://img259.imageshack.us/img259/8858/connection2qc.gif.

DNS-SERVER AND NETWORK CONFIG

Well, it's all about the great OpenDNS: http://www.opendns.com alternative DNS service (for more about it, see also page "diverse.html"), which you can use instead of your ISP's name-servers. First let me provide a few related links for you to get more details about it: http://www.opendns.com/start, https://www.opendns.com/start/device/windows-xp, http://www.opendns.com/faq, http://www.opendns.com/what, http://www.opendns.com/who, http://www.opendns.com/blog, http://system.opendns.com, http://www.opendns.com/stats. But also for more information regarding it, see about setting the "Default and Alternate DNS Server" settings (to other than my ISP's) under section dedicated to DNSKong: http://pyrenean.com/?page_value=-1 program; namely, in my case with my own very specific configuration, with setting the "Alternate DNS Server", I could use OpenDNS only when DNSKong is filtering (this would provide a totally high security), or use it always nomather if DNSKong is running or not.

FYI, there was one thing that was bothering me on the beginning though. You see, on the OpenDNS website it says that OpenDNS uses huge caches (of IPs resolved to host-names) and that this is one of the factors for OpenDNS being so fast (or at least faster than ISP's DNS servers), therefore I started to wonder: isn't it like that with caches in general (if they are really huge), this "takes away" all the meaning/advantage of the cache, since the cache needs to be searched/queried too, and in case of (too) huge caches this might in fact take longer that resolving an IP in a "standard manner" (i.e. by contacting the "normal" ISP's name-server)

Oh and I almost forgot to mention my own "invention" about which I also write on my Sopca blog (in an "blog-entry" titled Moj sistem za pohitritev DNS operacij: http://tadej.sopca.com/2006/10/23/moj-sistem-za-pohitritev-dns-operacij), i.e. a "two/three layer local DNS caching system", i.e. in my case, the resolved DNS queries (i.e. IP to hostname and vice versa) are first locally cached in the OS's "hosts" file (located under the "%systemroot%\system32\drivers\etc\" directory on XP), then are keept in DNSKong's cache (a data structure called a completely balanced AVL tree along with a dynamic cache in the computer heap storage) and in its "presets.txt" file, and then finally in OpenDNS's huge caches.