Note
There are a number of steps that you can take to make your computer secure against unauthorised access, but remember that no method is 100% effective. The idea is to make it as difficult as possible.
With that in mind, here are some steps that you can take to maximise your computer's security.
BIOS and BIOS Passwords
Let's start at the beginning with the BIOS. Here you can set passwords to prevent access to the computer when booting and also to the BIOS configuration/setup routine. In each case, you will need to enter the correct password to continue. For maximum security, both passwords should be set and should be different. See your motherboard manual, BIOS section, for full details on how to set these passwords.
Warning
Make a note of the password(s), as you will need it/them when you need to access the computer.
Note
This is actually quite easy to circumvent by means of removing the CR2032 battery or temorarily changing a motherboard jumper.
Accounts, Passwords, Command Prompts, Control Panel, Login Prompts, and Parental Controls
Accounts Tutorial and Links: http://www.sevenforums.com/tutorials/2974-user-accounts.html
All computers require at least one Administrator account. This account gives the user full control over the computer, so it is important to make this account as secure as possible. To this end, give it a random name and a strong password. A good source for strong passwords is https://www.grc.com/passwords.htm, and you can use this to generate both your Administrator username and its password. Remember to revisit the mentioned link periodically and change the password for maximum security.
Warning
Make a note of both the username and password, as you will need these when you need to access this account.
Log into the administrator account and, with reference to Regedit - Enable or Disable - Vista Forums, download the VBS file as mentioned in OPTION ONE. Later, you will be able to disable/enable the registry editor by following the instructions in the Tutorial. Don't disable it yet, as you still need it enabled for the rest of this procedure.
Now go to Accounts and make all other accounts STANDARD (there should only be one Administrator account on your system). Login to each of the other accounts in turn and, with reference to Command Prompt - Enable or Disable - Vista Forums, disable the command prompt for each of the accounts using OPTION THREE. I suggest that you disable both the prompt and scripts.
Log back into your Administrator account and download the files mentioned in OPTION ONE at both of these Tutorials: http://www.sevenforums.com/tutorials/61650-log-user-name-password.html and Control Panel - Enable or Disable - Vista Forums
You can also follow the instructions here http://www.sevenforums.com/tutorials/54369-parental-controls-set-time-limits.html and set time restrictions so that users only able to access/log in at certain times. You can also restrict their access to certain programs by following this Tutorial: http://www.sevenforums.com/tutorials/54397-parental-controls-allow-block-specific-programs.html. Both of these are optional, but for maximum efficiency you can apply both of these features. Each Standard account can have different time and program access restricions, if you so wish.
Access Restriction and Restoration
Execute the following files in the order shown (see the above-mentioned Tutorials for instructions):
Restrict Access:
Disable_Control_Panel.reg
Log_On_with_User_Name_and_Password.reg
Enable-Disable_regedit.vbs
Restore Access:
Enable-Disable_regedit.vbs
Enable_Control_Panel.reg
Log_On_with_Default_Password_Only.reg
Remember to restict access again once you have finished doing what you are doing that requires such access.
AppLocker
Note
Only available in Windows 7 Ultimate and Enterprise editions.
This is a feature which allows you to control how users access and use files. See AppLocker - Create New Rules for full details.
BitLocker
Note
Only available in Windows 7 Ultimate and Enterprise editions.
This is a system that locks the contents of the whole drive, and requires a key to unlock it before computer access is granted. See http://www.sevenforums.com/tutorial...cryption-windows-7-drive-turn-off-no-tpm.html for full details on how to apply this feature. Note that you will need registry access to turn this feature on/off, so ensure that it is enabled. If necessary, execute Enable_Disable_regedit.vbs so that you have registry access. Don't forget to disable the registry afterwards.
AV Software and Firewall
Always ensure that you have AV software installed, and that it is up to date and running. Your Firewall, whether it is Windows or a 3rd party, should also be enabled.
Router and Internet Access
For maximum security, you should use a wired connection via Ethernet and disable the wireless section of the router. If you do need to connect wirelessly, you should ensure that you are using either WEP, WPA, or WPA2 (recommended) encryption. Even though WEP is easily circumvented, if your router doesn't support anything else, you should still use it as it is better than nothing, and every obstacle, no matter how small, you put between you and a potential hacker, will increase your overall security. If you have MAC filtering enabled, this will also increase your security.
You should also consider changing the router access name and password from the manufacturer-supplied default. Note that these will be reinstated should you ever need to perform a full reset to factory condition on your router.
See your router manual and/or router manufacturer's website for details on how to make changes to these settings, and also how to enable/disable SSID. Note that you may need to temporarily connect via Ethernet to make these changes.
Warning
Don't forget to change your password(s) if your security is circumvented, irrespective of when you last changed it/them.
Last edited:
