Secure and Lock down Computer against Unauthorised Access

    Secure and Lock down Computer against Unauthorised Access

    Secure and Lock down Computer against Unauthorised Access

    How to secure and Lock down your Computer against unauthorised access
    Published by
    Designer Media Ltd


       Note
    There are a number of steps that you can take to make your computer secure against unauthorised access, but remember that no method is 100% effective. The idea is to make it as difficult as possible.

    With that in mind, here are some steps that you can take to maximise your computer's security.

    BIOS and BIOS Passwords

    Let's start at the beginning with the BIOS. Here you can set passwords to prevent access to the computer when booting and also to the BIOS configuration/setup routine. In each case, you will need to enter the correct password to continue. For maximum security, both passwords should be set and should be different. See your motherboard manual, BIOS section, for full details on how to set these passwords.

       Warning
    Make a note of the password(s), as you will need it/them when you need to access the computer.

       Note
    This is actually quite easy to circumvent by means of removing the CR2032 battery or temorarily changing a motherboard jumper.

    Accounts, Passwords, Command Prompts, Control Panel, Login Prompts, and Parental Controls

    Accounts Tutorial and Links: https://www.sevenforums.com/tutorials...-accounts.html

    All computers require at least one Administrator account. This account gives the user full control over the computer, so it is important to make this account as secure as possible. To this end, give it a random name and a strong password. A good source for strong passwords is https://www.grc.com/passwords.htm, and you can use this to generate both your Administrator username and its password. Remember to revisit the mentioned link periodically and change the password for maximum security.

       Warning
    Make a note of both the username and password, as you will need these when you need to access this account.

    Log into the administrator account and, with reference to Regedit - Enable or Disable - Vista Forums, download the VBS file as mentioned in OPTION ONE. Later, you will be able to disable/enable the registry editor by following the instructions in the Tutorial. Don't disable it yet, as you still need it enabled for the rest of this procedure.

    Now go to Accounts and make all other accounts STANDARD (there should only be one Administrator account on your system). Login to each of the other accounts in turn and, with reference to Command Prompt - Enable or Disable - Vista Forums, disable the command prompt for each of the accounts using OPTION THREE. I suggest that you disable both the prompt and scripts.

    Log back into your Administrator account and download the files mentioned in OPTION ONE at both of these Tutorials: Log On with User Name and Password and Control Panel - Enable or Disable - Vista Forums

    You can also follow the instructions here Parental Controls - Set Time Limits and set time restrictions so that users only able to access/log in at certain times. You can also restrict their access to certain programs by following this Tutorial: Parental Controls - Allow or Block Specific Programs. Both of these are optional, but for maximum efficiency you can apply both of these features. Each Standard account can have different time and program access restricions, if you so wish.

    Access Restriction and Restoration

    Execute the following files in the order shown (see the above-mentioned Tutorials for instructions):

    Restrict Access:

    Disable_Control_Panel.reg
    Log_On_with_User_Name_and_Password.reg
    Enable-Disable_regedit.vbs

    Restore Access:

    Enable-Disable_regedit.vbs
    Enable_Control_Panel.reg
    Log_On_with_Default_Password_Only.reg

    Remember to restict access again once you have finished doing what you are doing that requires such access.

    AppLocker

       Note
    Only available in Windows 7 Ultimate and Enterprise editions.

    This is a feature which allows you to control how users access and use files. See AppLocker - Create New Rules for full details.

    BitLocker

       Note
    Only available in Windows 7 Ultimate and Enterprise editions.

    This is a system that locks the contents of the whole drive, and requires a key to unlock it before computer access is granted. See BitLocker Drive Encryption - Windows 7 Drive - Turn On or Off with no TPM for full details on how to apply this feature. Note that you will need registry access to turn this feature on/off, so ensure that it is enabled. If necessary, execute Enable_Disable_regedit.vbs so that you have registry access. Don't forget to disable the registry afterwards.

    AV Software and Firewall

    Always ensure that you have AV software installed, and that it is up to date and running. Your Firewall, whether it is Windows or a 3rd party, should also be enabled.

    Router and Internet Access

    For maximum security, you should use a wired connection via Ethernet and disable the wireless section of the router. If you do need to connect wirelessly, you should ensure that you are using either WEP, WPA, or WPA2 (recommended) encryption. Even though WEP is easily circumvented, if your router doesn't support anything else, you should still use it as it is better than nothing, and every obstacle, no matter how small, you put between you and a potential hacker, will increase your overall security. If you have MAC filtering enabled, this will also increase your security.

    You should also consider changing the router access name and password from the manufacturer-supplied default. Note that these will be reinstated should you ever need to perform a full reset to factory condition on your router.

    See your router manual and/or router manufacturer's website for details on how to make changes to these settings, and also how to enable/disable SSID. Note that you may need to temporarily connect via Ethernet to make these changes.

       Warning
    Don't forget to change your password(s) if your security is circumvented, irrespective of when you last changed it/them.



  1. Posts : 1,808
    Windows 7 64b Ultimate
       #1

    Thx! Well done!
      My Computer


  2. Posts : 9,582
    Windows 8.1 Pro RTM x64
    Thread Starter
       #2

    You're welcome. :)

    If anyone can think of anything I've missed, please let me know.
      My Computer


  3. Posts : 1,808
    Windows 7 64b Ultimate
       #3

    The only thing I thought after reading is... I've got one WIFI LAN here that needs to be very safe... So on top of wireless security, I only allow my selected MAC addresses on that router.... Safer than WEP /PKA
      My Computer


  4. Posts : 1,800
    Windows 7 Pro x64 SP1
       #4

    One problem with bios password access is that if it is a desktop, Just remove the battery or change the cmos jumpers and the system is back to square one and all passwords are removed.

    Laptops are a bit more complicated.

    Rich
      My Computer


  5. Posts : 9,582
    Windows 8.1 Pro RTM x64
    Thread Starter
       #5

    Updated. :)
      My Computer


  6. Posts : 55
    Windows 7
       #6

    richnrockville said:
    One problem with bios password access is that if it is a desktop, Just remove the battery or change the cmos jumpers and the system is back to square one and all passwords are removed.

    Laptops are a bit more complicated.

    Rich
    yes but luckily most people don't know about that, so this does protect against an average user :P
      My Computer


  7. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #7

    I never even knew this tutorial existed. Great work Dwarf - very useful little reference.
      My Computer


  8. Posts : 15
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
       #8

    Password block after Bios & before Login


    Dwarf said:
    You're welcome. :)

    If anyone can think of anything I've missed, please let me know.
    Different "password protection" from what seems to be in the Tutorial is something that I have only come across when I was recently attacked by a Scam, is that while inside (logged in by me) they set a password before windows could be started, but after a bios password. What is displayed to the user after windows first comes up but before Windows welcome screen is displayed to ask for a password as follows:

    "This computer is configured to require a password in order to start-up"

    Computer is running "Windows 7 Ultimate" :)

    Luckily I got the password out of them before I got rid of the scammer, otherwise I would have had to re-install Windows to use it, (after I had done a full check of the system, and a backup of important files).

    What I would really like to know is how to disable the block and password, so an addition to your excellent tutorial would help me greatly.

    Thanks
    Oldarnie
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:39.
Find Us