Secure Out of the box?

  • Thread starter Thread starter GX
  • Start date Start date
G

GX

Hello All,

I have a couple of questions for all Windows XP security guys here.

We (my company) purchased 30 brand new machines from Dell.
Before you introduce those machines to your network,which if these two
option would you do and why?

a. Boot them up and add them to the domain and do all extra
configurations to the machine as you along with the end user?
b. Wipe out a machine, re-install a clean copy of Windows XP and Office
XP, do all OS and Office updates, do the nessesary changes to the registry
for misc items, then extract an image of the machine. Now do the same step
above and and install production applications and reimage so you can keep
one with clean WinXP and another one with all production apps. Then deploy
to all new and future workstations.

Is this me the only one thinking this way or is there's anyone outthere that
thinks this is a MUST do for any organization in order to mantain platform
consistency?

I just don't believe in all the 3rd party applications that comes preloaded
with vendords PC.

Thanks
HecG
 
-----Original Message-----
Hello All,

I have a couple of questions for all Windows XP security guys here.

We (my company) purchased 30 brand new machines from Dell.
Before you introduce those machines to your network,which if these two
option would you do and why?

a. Boot them up and add them to the domain and do all extra
configurations to the machine as you along with the end user?
b. Wipe out a machine, re-install a clean copy of Windows XP and Office
XP, do all OS and Office updates, do the nessesary changes to the registry
for misc items, then extract an image of the machine. Now do the same step
above and and install production applications and reimage so you can keep
one with clean WinXP and another one with all production apps. Then deploy
to all new and future workstations.

Is this me the only one thinking this way or is there's anyone outthere that
thinks this is a MUST do for any organization in order to mantain platform
consistency?

I just don't believe in all the 3rd party applications that comes preloaded
with vendords PC.

Thanks
HecG

Grizz --do yourself a favour and load win 98


.
Click to expand...
 
wipe it out.
all your computers should be from a very similar image
when given out, so they are easiest to maintain. Ideally,
all have the same hardware too. Preloaded systems often
have systray (always running) junkware and services that
really cut performance (hey, you need a faster processor
and more memory!)...
 
GX said:
Hello All,

I have a couple of questions for all Windows XP security guys here.

We (my company) purchased 30 brand new machines from Dell.
Before you introduce those machines to your network,which if these two
option would you do and why?

a. Boot them up and add them to the domain and do all extra
configurations to the machine as you along with the end user?
b. Wipe out a machine, re-install a clean copy of Windows XP and Office
XP, do all OS and Office updates, do the nessesary changes to the registry
for misc items, then extract an image of the machine. Now do the same step
above and and install production applications and reimage so you can keep
one with clean WinXP and another one with all production apps. Then deploy
to all new and future workstations.

Is this me the only one thinking this way or is there's anyone outthere that
thinks this is a MUST do for any organization in order to mantain platform
consistency?

I just don't believe in all the 3rd party applications that comes preloaded
with vendords PC.

Thanks
HecG
Click to expand...
HecG-
Plan B is the only way to go, and here is some required reading for securing
Windows XP. SP2 will be much more secure out of the box, until then pay
attention to security issues!
Windows XP Security Guide
http://www.microsoft.com/downloads/...BC-F434-4CC6-A5A7-09A8A229F118&displaylang=en

Good Luck!
PS
 
If you're deploying a bunch of workstations with virtually identical
hardware, I'd use ghost - set up a machine as you wish, patch it, install
whatever you need, take it out of the domain, create a ghost image to the
server, run ghost to deploy it to the workstations, change the names as you
need to, run ghostwalker to change the SIDs, and then rejoin to the domain.
 
One or another variation of your plan B.

Your issues in deployment will all stem from what is
on the machines, so you do want to exercise control
over the base image that defines what you will support.

RIS works nicely for fresh or imaged installs.

If your purchases are large enough, the major vendors
will take your image and lay it on for you.
 
Back
Top