Skip to main content

Security: Disabling services, Posix, and OS/2

Posted June 2003 by Steve Sinchak

Heed the following from Winguides' website:

"Disable OS/2 and POSIX Subsystems (Windows 2000/XP)
To conserve system resources you may want to prevent the Windows session manager (SMSS) from loading any optional subsystems, such as OS/2 or POSIX. This tweak can be used to disable these optional subsystems.

"Warning: Make sure you use REGEDT32 to changes this value. Using Regedit may cause the system to crash.
Open your registry using REGEDT32 and find the key below.

"When the OS/2 and Posix sub-systems are enabled the value called "Optional" will be set to "Posix" or "OS2 Posix". To disable those sub-systems double-click on the "Optional" value and delete the "Posix" data in the window.

"Restart Windows for the change to take effect.

"Note: The benefits of not loading these subsystems can be increased memory and system resources."

Heed also the following from PC Magazines' website:

"  POSIX. Windows XP still ships with a subsystem called POSIX, which allows the use of Unix commands. Disabling POSIX prevents hackers from using Unix commands against your system. Go to Run and type regedt32 (not regedit). Find HKEY_ local_machine\system\currentcontrolset\Control\Session Manager\SubSystems and click on the multistring called Optional in the right-hand pane. By default, the multistring's value will be POSIX; delete that value and leave the space empty (but don't delete the Optional multistring). Then click on the actual POSIX multistring in the same pane. Note that it points to a file in your Windows System32 directory called Psxss.exe. Delete that file using Windows Explorer, use the Registry Editor to delete the POSIX string, and then reboot."

Always back up your registry, and set a System Restore point, before applying these tweaks.

Heed also, from PC Magazines' website:

" Other services. Unless you need one of them, it's a good idea to disable several services that may open up back doors to your system: NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager, Remote Registry, Routing and Remote Access, SSDP Discovery Service, telnet, and Universal Plug and Play Device Host. Go to Control Panel | Administrative Tools and click on the services you don't need and select Stop this service in the left-hand pane."

Related Posts

If you own a Google Chromecast streaming device, you can easily share a browser tab in Chrome browser or even your entire desktop.  This can be very useful when presenting from your laptop or if you just want to watch something on a big screen that is only on your PC.  The only requirement is you must be on the same network as your Chromecast...

Read More

If you are a fan of minimalist desktop experiences, hiding the desktop icons are an easy way to clean up the Windows interface.  Instead of saving everything to your desktop, use the default profile folders such as downloads and documents.  Actually hiding all the icons on your desktop is a very simple customization hidden in the right-click context menu.  Just right-click on the desktop, select View...

Read More

Google security researchers have published details about a major security flaw found in the SSL protocol that is used to encrypt data transferred between your browser and a web server. SSL is typically used in situations where logon credentials are validated...

Read More

Enabling two-factor authentication is a great way to add an additional level of protection to your Microsoft account.  Even if your password is stolen, your account is still protected because two-factor authetication requires an additional level of verification to log in. Microsoft calls their version of two-factor authentication "two-step verification" and it works by providing you with a random code...

Read More