There are a number of steps that you can take to make your computer secure against unauthorised access, but remember that no method is 100% effective. The idea is to make it as difficult as possible.
With that in mind, here are some steps that you can take to maximise your computer's security.
BIOS and BIOS Passwords
Let's start at the beginning with the BIOS. Here you can set passwords to prevent access to the computer when booting and also to the BIOS configuration/setup routine. In each case, you will need to enter the correct password to continue. For maximum security, both passwords should be set and should be different. See your motherboard manual, BIOS section, for full details on how to set these passwords.
Warning
Make a note of the password(s), as you will need it/them when you need to access the computer.
Note
This is actually quite easy to circumvent by means of removing the CR2032 battery or temorarily changing a motherboard jumper.
Accounts, Passwords, Command Prompts, Control Panel, Login Prompts, and Parental Controls
All computers require at least one Administrator account. This account gives the user full control over the computer, so it is important to make this account as secure as possible. To this end, give it a random name and a strong password. A good source for strong passwords is https://www.grc.com/passwords.htm, and you can use this to generate both your Administrator username and its password. Remember to revisit the mentioned link periodically and change the password for maximum security.
Warning
Make a note of both the username and password, as you will need these when you need to access this account.
Log into the administrator account and, with reference to Regedit - Enable or Disable - Vista Forums, download the VBS file as mentioned in OPTION ONE. Later, you will be able to disable/enable the registry editor by following the instructions in the Tutorial. Don't disable it yet, as you still need it enabled for the rest of this procedure.
Now go to Accounts and make all other accounts STANDARD (there should only be one Administrator account on your system). Login to each of the other accounts in turn and, with reference to Command Prompt - Enable or Disable - Vista Forums, disable the command prompt for each of the accounts using OPTION THREE. I suggest that you disable both the prompt and scripts.
You can also follow the instructions here Parental Controls - Set Time Limits and set time restrictions so that users only able to access/log in at certain times. You can also restrict their access to certain programs by following this Tutorial: Parental Controls - Allow or Block Specific Programs. Both of these are optional, but for maximum efficiency you can apply both of these features. Each Standard account can have different time and program access restricions, if you so wish.
Access Restriction and Restoration
Execute the following files in the order shown (see the above-mentioned Tutorials for instructions):
Remember to restict access again once you have finished doing what you are doing that requires such access.
AppLocker
Note
Only available in Windows 7 Ultimate and Enterprise editions.
This is a feature which allows you to control how users access and use files. See AppLocker - Create New Rules for full details.
BitLocker
Note
Only available in Windows 7 Ultimate and Enterprise editions.
This is a system that locks the contents of the whole drive, and requires a key to unlock it before computer access is granted. See BitLocker Drive Encryption - Windows 7 Drive - Turn On or Off with no TPM for full details on how to apply this feature. Note that you will need registry access to turn this feature on/off, so ensure that it is enabled. If necessary, execute Enable_Disable_regedit.vbs so that you have registry access. Don't forget to disable the registry afterwards.
AV Software and Firewall
Always ensure that you have AV software installed, and that it is up to date and running. Your Firewall, whether it is Windows or a 3rd party, should also be enabled.
Router and Internet Access
For maximum security, you should use a wired connection via Ethernet and disable the wireless section of the router. If you do need to connect wirelessly, you should ensure that you are using either WEP, WPA, or WPA2 (recommended) encryption. Even though WEP is easily circumvented, if your router doesn't support anything else, you should still use it as it is better than nothing, and every obstacle, no matter how small, you put between you and a potential hacker, will increase your overall security. If you have MAC filtering enabled, this will also increase your security.
You should also consider changing the router access name and password from the manufacturer-supplied default. Note that these will be reinstated should you ever need to perform a full reset to factory condition on your router.
See your router manual and/or router manufacturer's website for details on how to make changes to these settings, and also how to enable/disable SSID. Note that you may need to temporarily connect via Ethernet to make these changes.
Warning
Don't forget to change your password(s) if your security is circumvented, irrespective of when you last changed it/them.
Need more help? Try searching our extensive help and support site.
System Manufacturer/Model Number custom build OS Windows 7 64b Ultimate CPU I7-2600 3.40GHz - testing various OC levels.. Motherboard ASUS Sabretooth Memory 2x 4Gb DDR3/1333 Graphics Card GTX570 - testing OC levels Sound Card motherboard 7.1 DIG. Monitor(s) Displays 2x Ilyama 24" E2409HDS-B1 2ms/DVI Screen Resolution 1920 x 1080
Keyboard Logitech G110 Mouse Logitech G700 PSU Corsair Pro HX850W Cooling Coolermaster Hyper V8 Hard Drives 120 GB Intel Elmcrest SSD
1 TB SATAII 7200RPM/32MB
External 2TB USB3 Internet Speed 25Mb Other Info CPU: 7,7 RAM: 7,7 GTX: 7,9 GTX 3D : 7,9 SSD 7,6
Overall 7,6 ...... now to speed up the SSD... ;)
Also use a Dell XPS M1710 on Vista 32b
Asus LT on Vista 32
3 older machines still doing fine on Linux/ubuntu but not used much anymore...
Computer type PC/Desktop System Manufacturer/Model Number Dwarf Dwf/11/2012 OS Windows 7 Ultimate x64 Service Pack 1 CPU Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Bridge) (OC 4.2GHz) Motherboard ASRock Z77 Extreme4-M Memory 4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2A1600C9B (16GB) Graphics Card 2 x AMD Radeon HD7770 1GB CrossFired (OC 1100MHz/1250MHz) Sound Card Realtek High Definition on board solution (ALC 898) Monitor(s) Displays ViewSonic VA1912w Widescreen (VGA) Screen Resolution 1440x900
Keyboard Microsoft Comfort Curve Keyboard 3000 (USB) Mouse Microsoft Comfort Mouse 3000 for Business (USB) PSU XFX Pro Series 850W Semi-Modular Case Gigabyte IF233 Cooling 1 x 120mm Front Inlet 1 x 120mm Rear Exhaust Hard Drives OCZ Agility 3 SSD 120GB SATA III x2 (RAID 0)
Samsung HD501LJ 500GB SATA II x2
Hitachi HDS721010CLA332 1TB SATA II
Iomega 1.5TB Ext USB 2.0
WD 2.0TB Ext USB 3.0 Internet Speed NetGear DG834Gv3 ADSL Modem/Router (Ethernet) ~4.0 Mb/s (O2) Antivirus Avast! 8.0.1483 Browser IE 9 Other Info Optical Drive: HL-DT-ST BD-RE BH10LS30 SATA Bluray
Lexmark S305 Printer/Scanner/Copier (USB)
CTF-430 Tablet & Pen
WEI Score: 7.7/7.9/7.4/7.4/7.9
Asus Eee PC 1011PX Netbook (Windows 7 x86 Starter)
The only thing I thought after reading is... I've got one WIFI LAN here that needs to be very safe... So on top of wireless security, I only allow my selected MAC addresses on that router.... Safer than WEP /PKA
System Manufacturer/Model Number custom build OS Windows 7 64b Ultimate CPU I7-2600 3.40GHz - testing various OC levels.. Motherboard ASUS Sabretooth Memory 2x 4Gb DDR3/1333 Graphics Card GTX570 - testing OC levels Sound Card motherboard 7.1 DIG. Monitor(s) Displays 2x Ilyama 24" E2409HDS-B1 2ms/DVI Screen Resolution 1920 x 1080
Keyboard Logitech G110 Mouse Logitech G700 PSU Corsair Pro HX850W Cooling Coolermaster Hyper V8 Hard Drives 120 GB Intel Elmcrest SSD
1 TB SATAII 7200RPM/32MB
External 2TB USB3 Internet Speed 25Mb Other Info CPU: 7,7 RAM: 7,7 GTX: 7,9 GTX 3D : 7,9 SSD 7,6
Overall 7,6 ...... now to speed up the SSD... ;)
Also use a Dell XPS M1710 on Vista 32b
Asus LT on Vista 32
3 older machines still doing fine on Linux/ubuntu but not used much anymore...
One problem with bios password access is that if it is a desktop, Just remove the battery or change the cmos jumpers and the system is back to square one and all passwords are removed.
Computer type Laptop System Manufacturer/Model Number Toshiba Laptop Qosimo X870 OS Windows 7 Pro x64 SP1 CPU Intel Core I7 Motherboard Toshiba Memory 16 Gigs Graphics Card NVIDIA GeForce GTX 670M Monitor(s) Displays 17.7" laptop Screen Resolution 1600 x 900
Hard Drives 256 Gig SanDisk SSD for C
256 Gig Intel SSD for D Internet Speed 50/25 FIOS Antivirus Vipre (all you can eat for 10 machines) Browser IE and FF Other Info I have dos 6.22, wfwg 3.11, win98, 2000 and xp VHD's available for testing. MS's Virtual PC works great.
Computer type PC/Desktop System Manufacturer/Model Number Dwarf Dwf/11/2012 OS Windows 7 Ultimate x64 Service Pack 1 CPU Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Bridge) (OC 4.2GHz) Motherboard ASRock Z77 Extreme4-M Memory 4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2A1600C9B (16GB) Graphics Card 2 x AMD Radeon HD7770 1GB CrossFired (OC 1100MHz/1250MHz) Sound Card Realtek High Definition on board solution (ALC 898) Monitor(s) Displays ViewSonic VA1912w Widescreen (VGA) Screen Resolution 1440x900
Keyboard Microsoft Comfort Curve Keyboard 3000 (USB) Mouse Microsoft Comfort Mouse 3000 for Business (USB) PSU XFX Pro Series 850W Semi-Modular Case Gigabyte IF233 Cooling 1 x 120mm Front Inlet 1 x 120mm Rear Exhaust Hard Drives OCZ Agility 3 SSD 120GB SATA III x2 (RAID 0)
Samsung HD501LJ 500GB SATA II x2
Hitachi HDS721010CLA332 1TB SATA II
Iomega 1.5TB Ext USB 2.0
WD 2.0TB Ext USB 3.0 Internet Speed NetGear DG834Gv3 ADSL Modem/Router (Ethernet) ~4.0 Mb/s (O2) Antivirus Avast! 8.0.1483 Browser IE 9 Other Info Optical Drive: HL-DT-ST BD-RE BH10LS30 SATA Bluray
Lexmark S305 Printer/Scanner/Copier (USB)
CTF-430 Tablet & Pen
WEI Score: 7.7/7.9/7.4/7.4/7.9
Asus Eee PC 1011PX Netbook (Windows 7 x86 Starter)
One problem with bios password access is that if it is a desktop, Just remove the battery or change the cmos jumpers and the system is back to square one and all passwords are removed.
Laptops are a bit more complicated.
Rich
yes but luckily most people don't know about that, so this does protect against an average user :P
Computer type PC/Desktop System Manufacturer/Model Number Golden Mk. I.3 OS Windows 7 Ultimate SP1 (x64) CPU Intel i7 860 @ 2.80 GHz Motherboard Gigabyte P55A-UD3R Rev.1. Award BIOS F13 Memory 16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24) Graphics Card EVGA NVidia GTX 560 1024MB Sound Card Realtek Integrated Monitor(s) Displays Dual Samsung SyncMaster 2494HS Screen Resolution 1920*1080 and 1920*1080
Keyboard Logitech G110 Mouse Logitech MX518 PSU Thermaltake ToughPower QFan 750W Case Thermaltake Element S VK60001W2Z Cooling Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans Hard Drives 1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
3*Samsung F1 SpinPoint 1TB in RAID5;
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0 Internet Speed Not fast enough!!! Antivirus MSE and Malwarebytes Pro Browser Chrome Version 25 Other Info Laptop: ASUS X54C, Intel Core i3-2330M @ 2.0Ghz, 4GB RAM, Intel HD on-board graphics, Windows 7 Professional SP1 (x64), LinuxMint 14 (x64), PepperMint 3 (x86)
Note
Warning
Quote: Originally Posted by richnrockville 
Folder lock,I:/ is not accessible,access is denied. 
