Sharing Your Computer Securely
If you're the only person who uses your computer, you don't have to worry all that much about "profile security," a phrase we use to describe the security of your user profile-that is, your files and Windows XP settings. However, if you share your computer with other people, either at home or at the office, then you'll need to set up some kind of security to ensure that users each have their "own" Windows and can't mess with anyone else's (either purposely or accidentally). Here's a list of security precautions to set up when sharing your computer:
- Create an account for each user. Everyone who uses the computer, even if they use it only occasionally, should have their own user account. (If a user needs to access the computer rarely, or only once, activate the Guest account and let him or her use that. You should disable the Guest account after the user has finished his or her session.)
- Remove unused accounts. If you have accounts set up for users who no longer require access to the computer, you should delete those accounts.
- Limit the number of Administrators. Members of the Administrators group can do just about anything in Windows XP, including granting themselves privileges that they might not have by default. These all-powerful accounts should be kept to a minimum. Ideally, your system should have just one: the Administrator account.
- Rename the Administrator account. Renaming the Administrator account ensures that no other user can be certain of the name of the computer's top-level user.
- Don't display the last logged-on user. Use the Classic logon, and tell Windows XP not to display the name of the user who last logged on to the system.
- Put all other accounts in the Users (Limited) group. Most users can perform almost all of their everyday chores with the permissions and rights assigned to the Users group, so that's the group you should use for all other accounts.
- Use strong passwords on all accounts. Supply each account with a strong password so that no user can access another's account by logging on with a blank or simple password.
- Set up each account with a screen saver and be sure the screen saver resumes to the Unlock Computer screen. To do this, launch Control Panel's Display icon, select the Screen Saver tab, choose a screen saver, and then select the On Resume, Password Protect check box.
- Use disk quotas. To prevent users from taking up an inordinate amount of hard disk space (think: MP3 downloads), set up disk quotas for each user. To enable quotas, right-click a hard disk in Windows Explorer, and then select Properties. On the Quota tab, select the Enable Quota Management check box. Select and set options in this dialog box consistent with your needs.
In this tutorial:
- Managing Logons and Users
- Useful Windows XP Logon Strategies
- Setting Up an Automatic Logon
- Setting Logon Policies
- More Logon Registry Tweaks
- Getting the Most Out of User Accounts
- Control Panel's User Accounts Icon
- The Local Users And Groups Snap-In
- Setting Account Policies
- Working with Users and Groups from the Command Line
- Creating and Enforcing Bulletproof Passwords
- User Account Password Options
- Recovering a Forgotten Password
- Sharing Your Computer Securely