Re: keep others out of my computer

From: NeoSadist (neos@dist)
Date: 10/11/02 

From: "NeoSadist" <neos@dist>
Date: Fri, 11 Oct 2002 14:49:38 -0600

"Debbie" <debbiek92@attbi.com> wrote in message
news:1d7a01c27136$5bc8e3a0$36ef2ecf@tkmsftngxa12...
> Is there a program or some setting that whenever my
> computer boots up, the user MUST use a password before
> they can get to my desktop? The only passwords I can find
> are the network passwords & all you have to do is click
> cancel & you can bypass the password & still get on my
> desktop & all my files.
>
> This would be much easier than trying to set passwords on
> each of my programs and some of my programs don't have
> that capability so someone could get into them.
>
> Thanks

This is what I would do:
I would use a BIOS password.
I would use SYSKEY to force password before log-in.
I would also make control-alt-delete mandatory for login.
I would also tell windows not to display last user name.
I would also use a cryptic password for Admin.
Admin would be the only user, and would be renamed.
Guest account would be disabled, with no password change.
I would then select all files on hard drive (one group), and change the
permissions from Everyone to Admin account and Administrators, leaving any
other system or other default permissions alone. Be sure you give all
admins full access. Then I would create a backup admin account.
I would then encrypt my entire hard drive (ignoring files that cannot be
encrypted).
If this sounds weird, just pick up a copy of "Hardening Windows 2000" by
Philip Cox over at www.sans.org

Relevant Pages

  • Re: writing to registry in vista from guest account
    ... Once again, I bring you back to *Virtualization* on Vista, because based on each user, they will have their own VirtualStore in the registry or in case of something happening with the file-system such as a folder. ... By making your application to work with Standard user rights, no UAC escalation or prompt is required for the solution to execute. ... You also don't need a manifest for the application, if it's made to run with Standard user rights and not Admin user rights. ... Like I said, even with UAC disabled, your user admin account is not an account that has full admin rights on Vista. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Error message trying to download
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... I can not apply any updates on any machine in the domain. ... I also tried to log on as the local admin account - still ... I then logged on locally with a local admin account. ...
    (microsoft.public.windowsmedia)
  • Re: How can I change the admin password of all our XP PCs on the doma
    ... You don't go to each workstation and check if that user changed the local admin password. ... If the box has a problem that means you can't use a domain admin account to logon, it is usually quicker to rebuild than troubleshoot. ... If you want to control the Local Administrators on the workstations, just disable the Local Administrator, and then use another GPO or Script that adds a existing security group in your AD as member of the local Administrators on the workstations. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group Policy Editor
    ... don't want to let guests run in an admin account. ... If you mean *some* programs - group policy isn't where you do stuff ... Oh - and don't forget to complain to the product developers about ...
    (microsoft.public.windowsxp.security_admin)
  • Re: keep others out of my computer
    ... encrypting stage.. ... > Admin would be the only user, ... > other system or other default permissions alone. ... Then I would create a backup admin account. ...
    (microsoft.public.win2000.security)