Laptop Security Best Practices

Posted on 2005-05-12
Last Modified: 2013-12-04
Hello All...

I am in search of a 'best practices' white paper for covering most, if not all, aspects of securing laptops running XP. These laptops will be used 'in-house' as well as on the road. Any and all suggestions will be appreciated.

Thank you...

Question by:nealmcdonald
    LVL 38

    Accepted Solution

    NSA's paper on securing XP

    There are best practices for all sorts of setups, but in this case, I think the bestpractices your looking for are:
    1) Having documented policies and proceedure, you can obtain great examples here:
    2) Do not let users run as admins of their machines, this can be tougher for laptop users, as they may need to change things on the LT that a normal PC user would not. Try to get them fimilar with RunAs, or maybe try my runas vbe scripts here:
    3) Regular OS and Applicaiton upgrades, such as windows update and office updates.
    4) Daily AV scan's and updates
    5) A firewall such as zonealarm should be used, as it has an extra layer of protection over other firewalls, in that it can pause/stop process's that wish to act as a server or request access to the NIC that are not approved. ZA will alert with a pop-up of the program's intent, and ask you to approve or deny, if approve is selected, then a password must be entered to allow the action.
    6) Going beyond the NSA paper, these are always settings we implement-(can't remember if any of these are listed, I do not think they are)
    Turn off the following services, "remote registry", "messenger", "secondary logon" and set to disable
    Go to LanMan level 2 (actually it's 3... 0, 1, 2)
    7) Enable more than the default logging events! very important, and even more important is Auditing them!

    Author Comment


    Thanks! The links are what I was looking for. I will research them today and then either post a follow up question or else close this thread tomorrow.


    Author Comment

    That is exactly what I needed. The NSA papaer on securing XP is great. And of course SANS is a killer place for just about anything security related. Thanks so much richrumble.



    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Suggested Solutions

    In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
    Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now