Passwords are your first (perhaps only) line of defense:
- See SANS Security Tip --
be better than James Bond when you pick a password. Your
girlfriend's name is a really dumb password!
- Set a "system" ("BIOS" or "boottime") password to lock the system before
Windows even starts -- from
How to protect your laptop from thieves. But beware of vendor
backdoors to reset the password and know that the removable media
is not protected.
- Make sure the user "Administrator" has a very good password -- make it
a long one (up to 15 characters), and very complex. The
"Administrator" can do anything and default policies will not
lock the account after repeated failed logins.
- Make sure all users have very good passwords -- make it a long
one (up to 15 characters) and complex. A password complexity
policy will prevent guests from using really dumb
passwords. Security Policies are found at -- "Control Panel",
"Performance and Maintenance", "Administrative Tools", "Local
Security Policy" (you need to be an Administrator change
policies, not for the faint of heart).
