INSTALLATION CHECKLIST FOR NEW WINDOWS COMPUTERS ------------------------------------------------ Author : Alain Fauconnet - Security Administrator - ITServ Revision date: 16-Jul-2004 NOTE: all this applies to English and Thai variants of Windows. For other language versions, the direct links to local downloads of service packs and updates are not the correct ones. You have to download them from Microsoft. * Windows 2000 ------------ 1) prefer a custom install, and install only the optional parts you really need e.g. no IIS (web publishing, FTP server) on a workstation, no SMTP server etc. 2) install service pack 4 of Windows 2000 from: http://itsec.ait.ac.th/download/updates/windows/w2k/sp/W2KSP4_EN.EXE 3) restart 4) install Internet Explorer 6 SP1: - download and open: http://itsec.ait.ac.th/download/tools/windows/browsers/ie6sp1/w2k/ie6sp1_w2k.exe - click 'unzip' - IT'S NOT FINISHED YET! - open the C:\IE6SP1 folder that the previous step has created, and run 'ie6setup.exe' Notes: - depending on the options that you have chosen, the installation program may have to download additional files from Microsoft - you can delete the C:\IE6SP1 folder when you are done, but keeping it may also be a good idea in the event the user has to reinstall Internet Explorer after some kind of corruption occurs. 5) restart 6) manually install the following Windows 2000 critical updates: http://itsec.ait.ac.th/download/updates/windows/w2k/sup/Windows2000-KB824146-x86-ENU.exe http://itsec.ait.ac.th/download/updates/windows/w2k/sup/Windows2000-KB828028-x86-ENU.EXE http://itsec.ait.ac.th/download/updates/windows/w2k/sup/Windows2000-KB837001-x86-ENU.EXE http://itsec.ait.ac.th/download/updates/windows/w2k/sup/Windows2000-KB828741-x86-ENU.EXE http://itsec.ait.ac.th/download/updates/windows/w2k/sup/Windows2000-KB835732-x86-ENU.EXE http://itsec.ait.ac.th/download/updates/windows/w2k/sup/Windows2000-KB329115-x86-ENU.exe http://itsec.ait.ac.th/download/updates/windows/w2k/sup/Windows2000-KB823559-x86-ENU.exe Note: although some updates may prompt you to restart your computer, you may delay the restart until step 8 below is finished 7) manually install the following Internet Explorer 6 SP1 critical update: http://itsec.ait.ac.th/download/updates/windows/ie6sp1/q824145.exe http://itsec.ait.ac.th/download/updates/windows/ie6sp1/IE6.0sp1-KB867801-x86-ENU.exe 8) manually install the following Outlook Express 6 SP1 critical updates: http://itsec.ait.ac.th/download/updates/windows/oe6sp1/q330994.exe http://itsec.ait.ac.th/download/updates/windows/ie6sp1/IE6.0sp1-KB823353-x86-ENU.exe http://itsec.ait.ac.th/download/updates/windows/ie6sp1/IE6.0sp1-KB833989-x86-ENU.exe 9) restart 10) configure Windows 2000 for automatic updates: - open the control panel - open 'automatic updates' - check the 'Keep my computer up to date...' box - check the 'Automatically download the updates and install them...' box unless you have a good reason not to do so. In that case check 'Automatically download the updates and notify me...' NOTE: in that case, it will be YOUR responsibility that a user with adminstrative privileges logs in at least once a week on this computer, checks for the icon in the task bar that announces new updates ready for installation AND does the installation 11) set automatic updates to download from our AIT server - open Internet Explorer and go to http://wuserv.ait.ac.th/#wu - read the next under 'AIT Windows Update server' and click on the link, following instructions on the page 12) install the Trend Micro OfficeScan anti-virus - open Internet Explorer and go to http://avserv.ait.ac.th/#av - read the next under 'AIT campus-wide anti-virus scanner' and click on the link, following instructions on the page Note: If the web-based installation fails for some reason, you can open and run http://avserv.ait.ac.th/download/Packages/OSCENT.exe Please report this case to the Helpdesk. 13) restart 14) Install the Microsoft Baseline Security Analyzer - open: http://itsec.ait.ac.th/download/tools/windows/scanners/MBSASetup-en.msi - if you are asked to install a more recent version of the Windows installer, open: http://itsec.ait.ac.th/download/tools/windows/misc/InstMsiW.exe - if the installer requires you to install the XML parser, open: http://itsec.ait.ac.th/download/tools/windows/scanners/msxml.msi The MBSA can be run by clicking on its desktop icon, then choosing 'scan a computer'. The name of this computer should appear as 'Computer name'. Then click 'Start scan'. It will check that the computer is up-to-date regarding Windows 2000, IE and OE security updates (not application software like Office). The entries with red icons must be checked