Office of Information Technology Secure your Windows XP Computer for Use on AU s Network Every member of the AU community has a shared responsibility for the safekeeping of our computer network. Since it is a common and limited resource intended primarily for academic and administrative use, everyone must observe certain computer configuration standards and usage limitations for it to remain available reliably. To help you maintain a properly updated computer configuration, a health check system, known as Cisco s Clean Access or CCA, has been implemented on the campus network. In those portions of the network where the new system is active, any connected computer will automatically undergo the health check, which will verify that the computer is not in a state that could result in disruption to the network or exposure of sensitive information. The health check system will automatically lead you through the steps necessary to update your computer configuration; however, this process could take a significant amount of time if your computer is not already in a secure state. Note that your computer will not be able to access the Internet or AU applications until all remediation has occurred. To help you speed the process along when you first access the network using CCA, we have provided the following instructions for securing your computer. We encourage you to follow these instructions before attempting to log into CCA. If you are uncomfortable with these steps, please contact the IT Help Desk at (202)885-2550 or helpdesk@american.edu to arrange to have a network analyst to assist you through the process. IMPORTANT: The university s recommended Web browser is Mozilla s Firefox; however, several of the steps below require the use of Internet Explorer. Please use Internet Explorer to fulfill these instructions. STEP 1: INSTALLING WINDOWS DEFENDER The first step to securing your machine for use on AU's network is to install and run Microsoft's Windows Defender software. This free software has proven to be most useful in locating and removing harmful spyware and adware. DOWNLOAD AND INSTALLING WINDOWS DEFENDER 1. Open INTERNET EXPLORER and go to download.microsoft.com. 2. Under RECOMMENDED DOWNLOADS, click the WINDOWS DEFENDER link. 3. If you do not see the link, click into the box labeled SEARCH ALL DOWNLOADS in the upper-left corner of the page. Type DEFENDER and press ENTER. In the results window, click the link for WINDOWS DEFENDER. 4. Click the link for WINDOWS DEFENDER. (Note: do NOT select the link for Windows Defender x64). 5. If you are prompted to validate your copy of Windows: Click the CONTINUE button in the VALIDATION REQUIRED window. Follow the on-screen instructions to install the Genuine Windows Validation Component. When validation completes, you will be taken to the download page. 6. Click the DOWNLOAD button.
7. A new File Dialog window should open. Select RUN to open the WINDOWSDEFENDER.MSI executable file. 8. When the download completes, click RUN to start the installation. 9. Click NEXT at the Welcome screen. 10. Click VALIDATE to run the required installer validation tool. 11. After reading the License Agreement, select the I ACCEPT THE TERMS OF THE LICENSING AGREEMENT radio button, and click NEXT. 12. Select USE RECOMMENDED SETTINGS and click NEXT. 13. COMPLETE should be selected by default. Click NEXT. 14. Click INSTALL to begin the installation. 15. When the installation is complete, click FINISH. 16. Windows Defender will launch automatically and start looking for updates. Once it is done with this, it will start running a quick scan of your system. 17. Once the scan is complete, it will display the results. If it says No Unwanted or Harmful Software Detected, click the CLOSE button to close the Windows Defender window. If it finds any suspicious software, click the button to take the recommended action (typically REMOVE). Then, click the CLOSE button to close the Windows Defender window. If you have questions or find that this software is unable to remove something that it identifies as a potential problem, please contact the IT Help Desk at (202) 885-2550 or send e-mail to helpdesk@american.edu. STEP 2: UPGRADING YOUR WINDOWS XP COMPUTER TO SERVICE PACK 2 The second step to securing your machine for use on AU's network is to verify that you have installed Service Pack 2 for Windows XP. This is a critical security patch. CHECKING TO SEE IF YOU HAVE SERVICE PACK 2 (SP2) INSTALLED 1. Click the START button. Then, select CONTROL PANEL (on some systems, you will need to click START, SETTINGS, and CONTROL PANEL instead). 2. Click PERFORMANCE AND MAINTENANCE (if you do not see this option, just look for SYSTEM as specified in the next step).
3. Then, click SYSTEM to open the System Properties dialog box. 4. On the GENERAL tab, locate the word SYSTEM to the right of the image of a computer monitor displaying a Windows logo. You should see a summary of your system, such as: Microsoft Windows XP Professional (OR Home) Version 2002 Service Pack 1 (or 2 or 3) 5. If you have Windows XP and the last line of that block reads SERVICE PACK 1, then you MUST install Service Pack 2 to use the AU network. 6. If you already have Service Pack 2 or 3 installed, you may skip this section and continue on to the next step in securing your computer to use AU's network. DOWNLOADING AND INSTALLING SP2 1. If you connect to the internet using a dial-up modem (rather than cable or DSL), you should not try to download SP2 due to its large file size. You should order a free SP2 upgrade CD from Microsoft by going to www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx. 2. If you have either a cable or DSL connection, open INTERNET EXPLORER. Go to update.microsoft.com/microsoftupdate. 3. IMPORTANT: this ONLY works in Internet Explorer. If you normally use another web browser, minimize or close it and open Internet Explorer. 4. The site will load and may present you with a prompt to download software. If you see this, follow the onscreen instructions to download the WINDOWS INSTALLER software necessary to use the Windows Update site. 5. On the Welcome page, click the EXPRESS INSTALL button to choose to download only critical software patches. 6. The Windows Update site will then scan your system to determine what patches/service packs need to be installed. 7. You will be presented with a list of high-priority updates that the Web site detected you did not have installed. 8. Click the INSTALL UPDATES button to begin the downloading and installation process. 9. If your computer had only SP1 installed, you will have to repeat this process more than once to get the necessary patches and upgrades for your system. You will also have to reboot your PC at least once during the upgrade process. 10. After each upgrade downloads and installs (and your PC reboots, if necessary), return to the WINDOWS UPDATE site and repeat the process until the scan returns with no High-priority updates for you to install. If you have questions or experience problems installing SP2, please contact the IT Help Desk at (202) 885-2550 or send e-mail to helpdesk@american.edu.
STEP3: ACTIVATING AUTOMATIC UPDATES FOR WINDOWS XP The third step to securing your machine for use on AU's network is to verify that you have enabled the automatic update feature within Windows. This ensures that new patches and updates will be automatically downloaded and installed. ENABLING THE AUTOMATIC UPDATES FEATURE 1. Click the START button. Then, select CONTROL PANEL (on some systems, you will need to click START, SETTINGS, and CONTROL PANEL instead). 2. Click PERFORMANCE AND MAINTENANCE (if you do not see this option, just look for SYSTEM as specified in the next step). 3. Then, click SYSTEM to open the System Properties dialog box. 4. Click the AUTOMATIC UPDATES tab. 5. Select your desired setting. We recommend selecting AUTOMATICALLY DOWNLOAD THE UPDATES, AND INSTALL THEM ON THE SCHEDULE THAT I SPECIFY. 6. Then, select a daily update time. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. Be sure to choose a time when you will not be using the computer for other tasks. If you have questions or experience problems enabling the automatic update feature, please contact the IT Help Desk at (202) 885-2550 or send e-mail to helpdesk@american.edu. STEP 4: ACTIVATING THE WINDOWS XP FIREWALL The fourth step to securing your machine for use on AU's network is to activate the firewall within Windows XP. This improves the security of your computer. ACTIVATING THE FIREWALL WITH WINDOWS XP-SP2 1. When you installed Service Pack 2, it should have activated the Firewall automatically. 2. To verify that your Firewall is activated, click the START button. Then, select CONTROL PANEL (on some systems, you will need to select START, SETTINGS, and CONTROL PANEL instead). 3. Click SECURITY CENTER (if you do not see this option, skip to step 5 below). 4. You should see ON beside the FIREWALL option.
5. Click the WINDOWS FIREWALL link at the bottom of the window to manage the firewall s security settings. 6. Click the ADVANCED tab. 7. Then, click the SETTINGS button in the ICMP section. 8. Check the box to ALLOW INCOMING ECHO REQUEST. 9. Then, click OK twice. 10. Close the Security Center window. If you have questions or experience a problem with activating the firewall, please contact the IT Help Desk at (202) 885-2550 or send e-mail to helpdesk@american.edu. STEP 5: INSTALLING THE AU-LICENSED SYMANTEC ANTIVIRUS The final step to securing your machine for use on AU's network is to install Symantec AntiVirus and enable the automatic update feature. INSTALLING SYMANTEC ANTIVIRUS IMPORTANT: Make sure you uninstall any old virus scanning software, before installing Symantec AntiVirus. You can use the uninstall utility, provided by most virus scanners, or the ADD/REMOVE PROGRAMS utility from the CONTROL PANEL. Then, reboot your computer before installing Symantec AntiVirus. 1. From the TECHNOLOGY section when you log on to the my.american.edu portal, click the DOWNLOAD SOFTWARE link. 2. Click on the link labeled SYMANTEC ANTIVIRUS CORPORATE EDITION 10 FOR WINDOWS XP. If you click the link and see nothing but random characters on the screen, it means your Web browser attempted to open the file directly. Get around this problem by right-clicking on the link and choosing the option to SAVE LINK TARGET AS. 3. Click SAVE to begin the download. 4. Double-click SAV10XPU.1.6.EXE to run the installer. 5. Click OK to continue. 6. After the files are copied to your system, the system will update the virus definition files. 7. After it finishes, click the CLOSE button to close the window. You may delete the installer file from your desktop. 8. Restart your computer.
You should run LiveUpdate at least weekly. If you forget, Symantec will prompt you to update when your virus definition files are more than 30 days old. If you have questions or experience problems installing Symantec AntiVirus, please contact the IT Help Desk at (202) 885-2550 or send e-mail to helpdesk@american.edu.