HOW TO: Use Simple Procedures to Prevent Unauthorized Users from Accessing Your Computer in Windows 2000

This step-by-step article describes how to prevent unauthorized users from accessing either a stand-alone computer, a network computer, or a remote computer. Each of these types of computers has different security requirements and the topic of security is complex. This article describes some simple procedures to secure your computer.

For another user to access your computer, they must either be assigned to an administrative group or they must have the appropriate security rights and permissions.

How to Secure a Stand-Alone Computer

A stand-alone computer is a computer that is not connected to other computers or network devices. To prevent unauthorized users from accessing your computer, make sure that you lock your computer before you leave your desk and configure screen saver passwords.

Locking Your Computer Before You Leave Your Desk

1. Press CTRL+ALT+DEL, and then press ENTER.
   
   To unlock you computer, press CTRL+ALT+DEL, type your password, and then press ENTER.

Configuring a Screen Saver Password

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Display.
3. Click the Screen Saver tab, and then click the screen saver that you want to use in the Screen Saver box.
4. Click to select the Password protection check box.
5. Click OK.

How to Secure a Network Computer

A network computer is a computer that is connected to other computers or network devices. To prevent unauthorized users from accessing your computer over the network, turn off both the guest account and the File and Print Sharing functionality.

Turning Off the Guest Account

1. Click Start, point to Programs, and then click Active Directory Users and Computers.
2. Click Users in the left pane.
3. Right-click Guest in the details pane, and then click Disable.

Turning Off File and Print Sharing

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Network and Dial-up connections.
3. Right-click Local area connection, and then click Properties.
4. Click to clear File and Print Sharing for Microsoft Networks, and then click OK.
5. Restart the computer.

How to Secure a Remote Computer

A remote computer is a computer that connects to other computers or network devices by using either a phone line or a wireless connection. To prevent unauthorized users from accessing your computer if you are using Windows 2000 Terminal Services, set the encryption level to Highest on the computer that is running Terminal Services:

1. On the computer that is running Terminal Services, click Start, point to Programs, point to Administrative Tools, and then click Terminal Services Configuration.
2. Click Connections.
3. Right-click the connection that you want to modify in the details pane, and then click Properties.
4. On the General tab, click High in the Encryption level list.
5. Click OK.

NOTE: You can configure only one Remote Desktop Protocol (RDP) connection for each network adapter in a Terminal server. Typically, the RDP connection that is configured automatically when you install Terminal Services is the only connection that you require.

Troubleshooting

The topic of security is large and complex. Microsoft recommends that you review the Windows 2000 Resource Kit to fully understand Windows security issues.

For more information about how to secure a stand-alone computer and a network computer, see the following Microsoft Web site: For more information about how to configure and secure a remote computer, see the following Microsoft Web site: For additional information about how to secure a remote computer that is running Terminal Services, click the article number below to view the article in the Microsoft Knowledge Base: