Subscribe to this blogI set up Windows to require a password to log on, but then I discovered that anyone could bypass this simply by clicking Cancel at the password prompt. How can I protect my PC?
Lee F. Martin, Rocky Mount, Missouri
The Windows password doesn't do much--especially in Windows 98 and Me (things are better in Windows 2000 and XP, but not perfect). Here's some security advice for each version of Windows, and some general advice for all versions.
Windows 98: This trick is bound to scare interlopers who try to log on to your Windows 98 computer--unless they've read this article. Select Start, Shut Down, Restart in MS-DOS mode and click OK. At the C:\WINDOWS prompt, type ren win.com xyz.com and press Enter. From now on, when anyone turns on your computer, instead of Windows they'll get an error message and a C> prompt. You'll know that you can load Windows by typing xyz and pressing Enter, but others trying to log on will think they broke something.
To reverse this arrangement and return to a regular boot, simply go to the MS-DOS mode, type ren xyz.com win.com, press Enter, and reboot.
Windows 2000 and XP: You can't press <Esc> to bypass the password prompt in these versions of Windows, but anyone who isn't set up as a user beforehand may be able to log on as a guest. Even though guests have no access to your data, you may want to disable the Guest account just to play it safe. In Windows 2000, select Start, Settings, Control Panel, Users and Passwords. Click the Advanced tab and then the Advanced button. In the left pane, click Users. In the right pane, double-click Guest. Check Account is disabled and then click OK. In Windows XP, select Start, Control Panel, User Accounts, Guest, Turn off the guest account (as shown in FIGURE 1 ).
Can other people who use the system (with their own log-on names and passwords) see your data files? They can if they have an Administrator-level account, but anyone with a more limited account cannot. If there are two administrator accounts on the system, each can see the other's files.
If you have XP, you can shut other administrators out of your files. (Though the other administrators can override this block, doing so is a hassle, and you'd know if they did it.) To protect all of your data and settings files, for example, right-click your folder inside Documents and Settings (such as C:\Documents and Settings\yourname), select Sharing and Security, Make this folder private, and click OK.
All versions: You can password-protect your screen saver in any version of Windows to keep people off your PC when you leave it on while you're away from your desk. Right-click the desktop and select Properties, Screen Saver. Choose a screen saver (if one isn't active already) and check Password protected (in XP, On resume, password protect). In Windows 98 and Me, click the Change button to select a password; Windows 2000 and XP use your existing log-on password. Make any other choices you want, and click OK.
For the best protection of sensitive files, use third-party encryption software. Yes, Windows 2000 and XP have built-in file encryption, but the third-party programs are more versatile. My favorite file encryption program is Steganos Safe, which you can purchase for $25 ($30 for the boxed version). When the safe is open, it acts as another disk drive that you can read from and write to. When the safe is closed, it's password-protected with 128-bit Advanced Encryption Standard encryption.
Last but not least, you can use a boot password to protect your system before Windows even loads. Go to Kirk Steers's "Boot Passwords Put Your PC Under Lock and Key" from the September 2003 Hardware Tips column for instructions on creating a boot password.
