It's simple. If you're running an account that they don't have a password to, they aren't going to access your stuff. Unless the are very swift with networking. I suspect that this is not the type of person/people you're worried about, correct?
To be on the safer side, turn off file and printer sharing, unless you're sharing a printer. Turn on password protected sharing. Turn off public folder sharing. And if no printer, disable netbios in your adapter settings for IPv4. Disable IPv6 and IP Helper service.
If you are very interested in keeping anyone out, run Zone Alarm. Put you network adapter in the interenet zone and do not give server permissions to anything. Use the setting to "block all servers." (Btw, ZA has free beta available.)
If you really want to get serious, you can use group policy to deny login to desktop after x number of unsuccessful attempts. If someone attempts x amounts of times, the pc will refuse to login for y amount of time you set it for.