slac2.gif (6526 bytes)

FAQ: Security Updates for Windows Home Computers and User-Managed Computers

10 August 2004
SLAC Windows Home FAQ

Computing security can be compromised at SLAC via an infected user-managed machine that is either:

  1. Brought in and connected to the SLAC network;
  2. Connected to SLAC via VPN/PPTP, ISDN or direct dial-up.

Security for home and other user-managed computers are the responsibility of the individual user.  Please ensure that all machines in the above two categories are patched and rebooted before connecting to SLAC.  If you do not do this you may be responsible for serious disruption of SLAC's work.  Computers that are not up-to-date with security requirements may have their SLAC network access and/or remote access cut off with little or no notice.

Operating system and application patches need to be kept up-to-date.  You need to set up automatic updates for critical patches from 'Windows Updates' for each Windows XP/2000 machine.  Do not attempt a shortcut by not rebooting when instructed to do so--the result may be a non-functional system.  You should also refer to the computer manufacturer's website, typically in the support download section, for device drivers that should be updated.

For Windows XP and Windows 2000 computers

Manually install all critical patches from 'Windows Update':

  1. Go to

  2. Scan for updates, install any critical updates and service packs that are listed.
    'Windows Update' may have several updates needing to be installed.  Follow the instructions until 'Windows Update' reports there are no more Critical Updates to be applied, rebooting as instructed. 

Configure the computer to automate future 'Windows Update' patching:

Default configurations of Windows XP and Windows 2000 (must be at least Windows 2000 Service Pack 3)  rely on the Windows Update mechanism to notify users of new critical patches, and to manage the download and installation of those patches. You will need to be logged in with system administrator privilege to configure and perform the updates.  To be sure you've got it running:

  1. Click on the Start button in the lower left hand corner of your screen.
  2. Select the Control Panel.
  3. Double-click on System.  (For Windows XP only)
  4. Select the Automatic Updates.
  5. Be sure that Keep my computer up to date is selected, and pick the notification and install option that best suits your needs (see notes)

You can confirm that your system is up to date by visiting

Install all critical patches from 'Office Update' (if you have Office installed):

  1. Go to, and select 'Office Update'

  2. Scan for updates, install any critical updates and service packs that are listed.

Configure your anti-virus software for automatic updates

See Anti-virus FAQ

For Windows NT 4

You should move to Windows XP Professional as soon as possible, this is no longer supported by Microsoft.

Notes on 'Windows Update':

For systems that is not set to install updates automatically (where the user may want to manually control the update schedule):

Info from Microsoft Security Bulletins.

Feedback: Desktop-Admin