HOW TO: Use Simple Procedures to Prevent Unauthorized Users from Accessing Your Computer in Windows 2000 (300957)

SUMMARY

This step-by-step article describes how to prevent unauthorized users from accessing either a stand-alone computer, a network computer, or a remote computer. Each of these types of computers has different security requirements and the topic of security is complex. This article describes some simple procedures to secure your computer.

For another user to access your computer, they must either be assigned to an administrative group or they must have the appropriate security rights and permissions.

back to the top

How to Secure a Stand-Alone Computer

A stand-alone computer is a computer that is not connected to other computers or network devices. To prevent unauthorized users from accessing your computer, make sure that you lock your computer before you leave your desk and configure screen saver passwords.

back to the top

Locking Your Computer Before You Leave Your Desk

1. Press CTRL+ALT+DEL, and then press ENTER.
   
   To unlock you computer, press CTRL+ALT+DEL, type your password, and then press ENTER.

Configuring a Screen Saver Password

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Display.
3. Click the Screen Saver tab, and then click the screen saver that you want to use in the Screen Saver box.
4. Click to select the Password protection check box.
5. Click OK.

back to the top

How to Secure a Network Computer

A network computer is a computer that is connected to other computers or network devices. To prevent unauthorized users from accessing your computer over the network, turn off both the guest account and the File and Print Sharing functionality.

back to the top

Turning Off the Guest Account

1. Click Start, point to Programs, and then click Active Directory Users and Computers.
2. Click Users in the left pane.
3. Right-click Guest in the details pane, and then click Disable.

back to the top

Turning Off File and Print Sharing

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Network and Dial-up connections.
3. Right-click Local area connection, and then click Properties.
4. Click to clear File and Print Sharing for Microsoft Networks, and then click OK.
5. Restart the computer.

back to the top

How to Secure a Remote Computer

A remote computer is a computer that connects to other computers or network devices by using either a phone line or a wireless connection. To prevent unauthorized users from accessing your computer if you are using Windows 2000 Terminal Services, set the encryption level to Highest on the computer that is running Terminal Services:

1. On the computer that is running Terminal Services, click Start, point to Programs, point to Administrative Tools, and then click Terminal Services Configuration.
2. Click Connections.
3. Right-click the connection that you want to modify in the details pane, and then click Properties.
4. On the General tab, click High in the Encryption level list.
5. Click OK.

NOTE: You can configure only one Remote Desktop Protocol (RDP) connection for each network adapter in a Terminal server. Typically, the RDP connection that is configured automatically when you install Terminal Services is the only connection that you require.

back to the top

Troubleshooting

The topic of security is large and complex. Microsoft recommends that you review the Windows 2000 Resource Kit to fully understand Windows security issues.

back to the top