Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Secure and Lock down Computer against Unauthorised Access



Secure and Lock down Computer against Unauthorised Access

How to secure and Lock down your Computer against unauthorised access
Published by Dwarf
21 Jul 2011
Published by

Note   Note
There are a number of steps that you can take to make your computer secure against unauthorised access, but remember that no method is 100% effective. The idea is to make it as difficult as possible.

With that in mind, here are some steps that you can take to maximise your computer's security.

BIOS and BIOS Passwords

Let's start at the beginning with the BIOS. Here you can set passwords to prevent access to the computer when booting and also to the BIOS configuration/setup routine. In each case, you will need to enter the correct password to continue. For maximum security, both passwords should be set and should be different. See your motherboard manual, BIOS section, for full details on how to set these passwords.

warning   Warning
Make a note of the password(s), as you will need it/them when you need to access the computer.

Note   Note
This is actually quite easy to circumvent by means of removing the CR2032 battery or temorarily changing a motherboard jumper.

Accounts, Passwords, Command Prompts, Control Panel, Login Prompts, and Parental Controls

Accounts Tutorial and Links: http://www.sevenforums.com/tutorials...-accounts.html

All computers require at least one Administrator account. This account gives the user full control over the computer, so it is important to make this account as secure as possible. To this end, give it a random name and a strong password. A good source for strong passwords is https://www.grc.com/passwords.htm, and you can use this to generate both your Administrator username and its password. Remember to revisit the mentioned link periodically and change the password for maximum security.

warning   Warning
Make a note of both the username and password, as you will need these when you need to access this account.

Log into the administrator account and, with reference to Regedit - Enable or Disable - Vista Forums, download the VBS file as mentioned in OPTION ONE. Later, you will be able to disable/enable the registry editor by following the instructions in the Tutorial. Don't disable it yet, as you still need it enabled for the rest of this procedure.

Now go to Accounts and make all other accounts STANDARD (there should only be one Administrator account on your system). Login to each of the other accounts in turn and, with reference to Command Prompt - Enable or Disable - Vista Forums, disable the command prompt for each of the accounts using OPTION THREE. I suggest that you disable both the prompt and scripts.

Log back into your Administrator account and download the files mentioned in OPTION ONE at both of these Tutorials: Log On with User Name and Password and Control Panel - Enable or Disable - Vista Forums

You can also follow the instructions here Parental Controls - Set Time Limits and set time restrictions so that users only able to access/log in at certain times. You can also restrict their access to certain programs by following this Tutorial: Parental Controls - Allow or Block Specific Programs. Both of these are optional, but for maximum efficiency you can apply both of these features. Each Standard account can have different time and program access restricions, if you so wish.

Access Restriction and Restoration

Execute the following files in the order shown (see the above-mentioned Tutorials for instructions):

Restrict Access:

Disable_Control_Panel.reg
Log_On_with_User_Name_and_Password.reg
Enable-Disable_regedit.vbs

Restore Access:

Enable-Disable_regedit.vbs
Enable_Control_Panel.reg
Log_On_with_Default_Password_Only.reg

Remember to restict access again once you have finished doing what you are doing that requires such access.

AppLocker

Note   Note
Only available in Windows 7 Ultimate and Enterprise editions.

This is a feature which allows you to control how users access and use files. See AppLocker - Create New Rules for full details.

BitLocker

Note   Note
Only available in Windows 7 Ultimate and Enterprise editions.

This is a system that locks the contents of the whole drive, and requires a key to unlock it before computer access is granted. See BitLocker Drive Encryption - Windows 7 Drive - Turn On or Off with no TPM for full details on how to apply this feature. Note that you will need registry access to turn this feature on/off, so ensure that it is enabled. If necessary, execute Enable_Disable_regedit.vbs so that you have registry access. Don't forget to disable the registry afterwards.

AV Software and Firewall

Always ensure that you have AV software installed, and that it is up to date and running. Your Firewall, whether it is Windows or a 3rd party, should also be enabled.

Router and Internet Access

For maximum security, you should use a wired connection via Ethernet and disable the wireless section of the router. If you do need to connect wirelessly, you should ensure that you are using either WEP, WPA, or WPA2 (recommended) encryption. Even though WEP is easily circumvented, if your router doesn't support anything else, you should still use it as it is better than nothing, and every obstacle, no matter how small, you put between you and a potential hacker, will increase your overall security. If you have MAC filtering enabled, this will also increase your security.

You should also consider changing the router access name and password from the manufacturer-supplied default. Note that these will be reinstated should you ever need to perform a full reset to factory condition on your router.

See your router manual and/or router manufacturer's website for details on how to make changes to these settings, and also how to enable/disable SSID. Note that you may need to temporarily connect via Ethernet to make these changes.

warning   Warning
Don't forget to change your password(s) if your security is circumvented, irrespective of when you last changed it/them.
23 Jul 2011   #1
MvdB

Windows 7 64b Ultimate
 
 

Thx! Well done!

My System SpecsSystem Spec
23 Jul 2011   #2
Dwarf

Windows 8.1 Pro RTM x64
 
 

You're welcome.

If anyone can think of anything I've missed, please let me know.
My System SpecsSystem Spec
24 Jul 2011   #3
MvdB

Windows 7 64b Ultimate
 
 

The only thing I thought after reading is... I've got one WIFI LAN here that needs to be very safe... So on top of wireless security, I only allow my selected MAC addresses on that router.... Safer than WEP /PKA
My System SpecsSystem Spec
.


24 Jul 2011   #4
richnrockville

Windows 7 Pro x64 SP1
 
 

One problem with bios password access is that if it is a desktop, Just remove the battery or change the cmos jumpers and the system is back to square one and all passwords are removed.

Laptops are a bit more complicated.

Rich
My System SpecsSystem Spec
24 Jul 2011   #5
Dwarf

Windows 8.1 Pro RTM x64
 
 

Updated.
My System SpecsSystem Spec
04 Mar 2012   #6
Hell Bomb

 

Quote   Quote: Originally Posted by richnrockville View Post
One problem with bios password access is that if it is a desktop, Just remove the battery or change the cmos jumpers and the system is back to square one and all passwords are removed.

Laptops are a bit more complicated.

Rich
yes but luckily most people don't know about that, so this does protect against an average user :P
My System SpecsSystem Spec
04 Mar 2012   #7
Golden

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

I never even knew this tutorial existed. Great work Dwarf - very useful little reference.
My System SpecsSystem Spec
2 Weeks Ago   #8
Oldarnie

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Password block after Bios & before Login

Quote   Quote: Originally Posted by Dwarf View Post
You're welcome.

If anyone can think of anything I've missed, please let me know.
Different "password protection" from what seems to be in the Tutorial is something that I have only come across when I was recently attacked by a Scam, is that while inside (logged in by me) they set a password before windows could be started, but after a bios password. What is displayed to the user after windows first comes up but before Windows welcome screen is displayed to ask for a password as follows:

"This computer is configured to require a password in order to start-up"

Computer is running "Windows 7 Ultimate"

Luckily I got the password out of them before I got rid of the scammer, otherwise I would have had to re-install Windows to use it, (after I had done a full check of the system, and a backup of important files).

What I would really like to know is how to disable the block and password, so an addition to your excellent tutorial would help me greatly.

Thanks
Oldarnie
My System SpecsSystem Spec
Comment

 Secure and Lock down Computer against Unauthorised Access




Tutorial Tools



Similar help and support threads for2: Secure and Lock down Computer against Unauthorised Access
Windows 7 Tutorial Category
Solved Folder lock,I:/ is not accessible,access is denied. Hardware & Devices
Access Denied opening file in shared folder, lock on the icon Network & Sharing
Lock out of my computer General Discussion
How can I lock down my computer? General Discussion
Caps lock, num lock, scroll lock screen messages General Discussion
How do i lock my computer General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:14 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33