I’m getting ready to help repave a family member’s PC (Windows XP). Too many questionable things have been installed and some nasty thing is blocking https pages and pages that lead to diagnostic tools. When something is actively blocking Sysinternals, then you know you have something malevolent on board. The usual suspects haven’t been able to clean it, so it’s time to sanction the spyware/hijackers/cruft with extreme prejudice.
As part of the OS installation, I’m going to push to have the user accounts created with limited user access (LUA). That should help keep the nasties from getting a toehold again. There’s a good article on why you should do this on Aaron Margosis’s blog with a tool named MakeMeAdmin. This will let the users run as LUA, but with the ability to launch a command shell with admin rights. For more information on why you should run with LUA, check out the rest of Aaron’s posts, starting at the top.
The Microsoft Solutions for Security and Compliance group (MSSC) has just released a white paper about the principles behind LUA, it’s a good starting place. You can download it from “Applying the Principle of Least Privilege to User Accounts on Windows XP” or view it online right here.
Scott Hanselman has a checklist for the après repaving before the machine is really usable. It’s geared for a dev type of box, but the concept can be applied to civilian uses. For dev boxes, Scott also has the Ultimate Developer and Power User Tools List, which is pretty cool.
Another good checklist is at AngryPets.com, I like the idea of having base images to restore to. That would save a lot of time. CNet Australia has a checklist for the top ten things to do before connecting to the Internet. Oddly enough, I couldn’t find that article on their US site.
If the repaving goes relatively painless, I may do the same for my home PC. It’s slowly filling up with more cruft. On the other hand, it’s running just fine so I probably wont repave until something seriously breaks.
Technorati Tags: XP LUA Repaving
[edited on 1/19/06 and 2/7/06]