There are several things one can do to protect against intruders. Of course the old adage applies here as well, 'locks keep honest people out'; in other words, if they want in, they will keep trying and eventually will be able to get in through some kind of exploit. The following are some tips that can greatly slow them down and make it nearly impossible for them to get in. If you use file sharing or remote connections, don't make the local policy changes.
-
As it was mentioned before, set the Guest and Administrator account passwords. By default, the Guest account password is blank. Make it something difficult, such as a combination of letters and numbers, preferably not based on dictionary words. Control Panel\Administrative Tools\Computer Management\Local Users and Groups\ Highlight User Account, right-click, 'set password'.
-
Remove/Delete any unused accounts, especially any 'remote assistance' accounts.
-
Disable the Guest account since you can't delete it.
-
Rename the Guest and Administrator accounts to unique names. Remove the description of these accounts (in local users and groups). Control Panel\Administrative Tools\Local Security Policy\Local Policies\Security Options Account: Rename Guest Account - Double click and rename the account Account: Rename Administrator Account
-
If you do not need to connect to your computer from a remote machine, be sure to turn off this functionality. Control Panel\Administrative Tools\Local Security Policy\Local Policies\User rights Assessment\ "Access this computer from the network" - remove all users and groups. This should be blank "Deny access to this computer from the network" - this should include all users and groups. Double click on the policy, click Add User or group, click Advanced, click Find Now, highlight all the accounts and click OK.
-
Turn off the Microsoft File sharing in Network Neighborhood if it is not going to be used.
-
Under System Properties\Remote, Turn off Remote Desktop and Remote invitations.
-
Run a software firewall program.
-
Be sure to visit WindowsUpdate to get the latest hotfixes and security patches. There are a lot of them.
