Your computer's physical security, as well as online security, depends on how easy it is to access your accounts. This book is going to show you many ways that you can protect your computer but almost all of them can be defeated by an account on your computer that has a poor password or no password at all. This is why it is critical to ensure that you computer is protected by accounts with strong passwords. Anything less will weaken your entire security defense.
This section will show you how you can manage your user accounts in Windows Vista to make sure they are all well protected.
Windows Vista includes various accounts that are set up when you install or buy a Windows Vista computer. These accounts are usually disabled by default, but there are few quick tips that will ensure they can never be used to again. The other accounts on your computer can be protected, too. Follow the steps in the next few sections to secure all your accounts.
All the accounts on your computer should have a complex password associated with them in case your computer is ever exposed to the Internet. Passwords such as easy-to-remember words and predictable key combinations such as "asdf" just do not cut it. These types of passwords are vulnerable to brute force dictionary attacks where an intruder can use special software to try hundreds of combinations to hack into your account.
A complex password is a password that is at least eight characters long and consists of uppercase and lowercase letters, as well as numbers or other symbols. “Ftm3D8&-“is an example of a complex password. Something like that is impossible to guess and will take quite some time for a brute force technique to crack it.
Using complex passwords on all your accounts might not be easy at first, but after a while they will grow on you and you will have no problem remembering them. To prevent losing access to any encrypted files, it is best to log onto each account on your computer that does not already have a complex password and then change it. If you use the Set Password function in Computer Manager, as you did for setting the passwords for the Guest and Administrator accounts, you risk losing access to any files that were encrypted under the user's account.
Follow these steps to safely change a user's account password:
Log onto the user's account you want to change the password for.
Press and hold Ctrl+Alt+Delete so that the secure desktop is shown (see Figure 14-4).
Figure 14-4: Windows Vista's secure desktop
Click the Change a password button.
Type the old password once and then the new password for the user twice, and click the blue arrow button.
The password for the account has now been changed.
One of the default accounts set up in Windows Vista is the Guest account. This account can be useful if your computer is in a public place such as a library and a low rights account is needed. However, for most of us, this account is just another possible security hole because it cannot be deleted. It is disabled by default but it could be enabled again by a virus or malware if your computer ever gets infected. The best way to neutralize this account is to give it a random password and rename it to eliminate the chances that some script will be able to use it.
Follow these steps to protect this account:
Click the Start menu, right-click Computer, and then select Manage.
After Computer Manager loads, expand Local Users and Groups and select the Users folder. All the local computer accounts will be listed, as shown in Figure 14-5.
Figure 14-5: Computer Manager listing local computer accounts
Right-click the Guest account on the list and select Set Password.
A warning screen will appear, telling you about what may happen if you proceed. Disregard this message and click Proceed.
When the Set Password window appears, type in a completely random password that is a complex password and is also at least 20 characters long in both boxes and click OK. The new password will now be set.
Rename the account to confuse any malicious scripts that might be looking for it. Right-click the Guest account again and select Rename.
Type a new name for this account that has some random letters and numbers in it. You just want to make it different from Guest.
When you are done renaming it, click Enter and you are finished.
Your Guest account is now more secure than ever.
The Administrator account is the most important account on the computer because it has the highest permissions and can do anything it wants to the configuration and settings of your computer. Securing this valuable account is critical to the overall security of your computer.
This can be accomplished by ensuring the account is disabled, setting a strong password, and renaming it so that it is harder for malicious scripts and viruses to try to use. Doing this is very similar to securing the Guest account as you just did in the last section.
Follow these steps to protect your Administrator account:
Click the Start menu, right-click Computer, and select Manage.
After Computer Manager loads, expand Local Users and Groups and select the Users folder.
Right-click the Administrator account and select Properties.
Check the Account is disabled option if it is not already selected, as shown in Figure 14-6. Then, click OK to save the changes.
Figure 14-6: Disabling the Administrator account
Right-click the Administrator account and select Set Password.
A warning screen will appear, telling you about what might happen if you proceed. Disregard this message and click Proceed.
When the Set Password window appears, type a completely random complex password that is at least 20 characters long in both boxes and click OK. The new password will now be set.
Rename the account to confuse any malicious scripts that might be looking for it. Right-click the Administrator account again and select Rename.
Type a new name for the account that has some random letters and numbers in it. I like to use AdminDisabled2341 as a new name.
Press Enter and you are finished.
Now both of the built-in Windows Vista accounts are secured.
If you use your computer in a corporate environment or are just forced to use the classic Windows 2000 style logon screen, it is very important to clear your username from the user-name box so that potential intruders will not be able to figure out your username before they can even try to break your password. Using the local security policy to your advantage, you can configure a setting that will automatically clear the username of the last person that logged in. This will add another layer of protection on your account by putting it in stealth mode.
Follow these instructions to turn on this setting:
Click the Start button, type secpol.msc in the Search box, and then press Enter.
After the Local Security Policy editor has loaded, expand Local Policy and then select Security Options.
Scroll through the list and right-click "Interactive logon: Do not display last username" and select Properties.
Select the Enable box, as shown in Figure 14-7, and then click OK.
Figure 14-7: Hiding your username with the Local Security Policy editor
Close the Local Security Policy editor and you are finished.
The next time you reboot, your username will be hidden.
To complement the new complex password that your accounts now have, I recommend configuring the Account Lockout Policy to add even more security to your accounts. The Account Lockout Policy enables you to protect your account from an intruder trying dozens or even thousands of possible password combinations to try to guess you password. When this policy is configured, after the intruder has entered the wrong password a set number of times, the account will then be locked out for a set amount of time. After that time interval has passed, the account is unlocked and the whole process is reset.
This provides valuable additional security for your accounts that will eliminate the effectiveness of certain brute force tools that will try every possible combination to hack into your account. By using the Account Lockout Policy, you can increase the amount of time required to try every possible combination into an unfeasible amount of time required.
Setting the Account Lockout Policy is very similar to configuring your computer to not show the last username that was used to log in. Follow these steps to configure the lockout policy for your computer:
Click the Start button, type secpol.msc in the Search box, and then press Enter.
After the Local Security Policy editor has loaded, expand Account Policies and then select Account Lockout Policy.
Right-click Account lockout threshold and select Properties.
Increase the number of invalid logon attempts from 0 to a higher value to enable the feature. I like to use 5 as my number of invalid logon attempts before my account is locked out.
Click OK to save the setting. A Suggested Value Settings window pops up that will automatically populate the two other settings, Account lockout duration and Reset account lockout counter after. Click OK here as well to use the default values.
If the 30-minute duration of the account lockout and before the account lockout counter is reset is too long for you, just right-click each setting, select Properties, and modify the value. I typically use 10 minutes for both of these settings because I think it is a nice balance between added security and inconvenience when I may be using my computer half asleep and type in the wrong password more than five times.
Your Account Lockout policy is now set up and will begin protecting your computer immediately.
You are probably very familiar with User Account Control (UAC) by now because almost every time that you make a change directed by this book you get a UAC box popping up asking you to confirm the changes. This is a great new security feature in Windows Vista but is also probably one of the most annoying for new users. It provides standard users an easy way to do things that only administrators have access to by prompting them for an admin account while also confirming with an administrator any changes that are occurring to a system when they are logged on.
User Account Control provides total control over all changes to a system. If you try to install a program, install a plug-in, or access any application that has the capability to change critical system settings, UAC goes into action and makes sure that you really want to do what an application is trying to do on your computer. In terms of the security of your computer, UAC is great because it catches when applications, scripts, and even Web sites try to do things to your computer that cause a critical change. However, if you initiate the change, such as trying to install a program or modify a Windows setting, you also have to deal with the pop-ups because of the way UAC is designed.
User Account Control works by monitoring the Application Programming Interface (API), system components, and application configuration files, to find out if an action needs higher privileges. If an action is found, then it prompts a UAC box for your authorization. The method UAC uses to detect the actions is the reason why you are sometimes bombarded with UAC authorization pop-ups because to the system it is no different if a user initiated the action or if a script generated it. Because of the design of UAC, it is impossible for Microsoft to cut down on certain types of pop-ups. However, they have built in the functionality that allows power users such as you the ability to change the behavior of UAC and even disable it completely. Although I am against completely disabling UAC because of the value that it does add for protecting your computer, it can use a little tweaking and the next section is going to show you just that.
The new User Account Control in Windows Vista plays a big role in the overall security of the operating system. No longer do you have to worry about software secretly getting installed or scripts running that change critical system data running without your knowledge. Instead, you have to worry about getting bombarded with UAC pop-ups that require you to authorize almost every change this book asks you to do. Thankfully, Microsoft did not implement this feature without adding the ability for power users to tweak it to make their lives easier while still benefiting from some of the protections of UAC.
Configuring UAC is done through modifying the Local Security Policy. You have already done something similar with the Local Security Policy editor when you set the logon screen to clear the last logon and set up the Account Lockout Policy. You can tweak nine different settings for the UAC, as described in Table 14-1.
User Account Control: Admin Approval Mode for the Built-in Administrator account
This determines whether an Administrator that is logged on and working will get UAC prompts. This account is usually disabled, so this setting is useless.
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
This determines which type of prompt an Administrator receives. You can choose between just prompting for consent, a prompt asking for the admin password, or disabling the prompting altogether.
User Account Control: Behavior of the elevation prompt for standard users
This determines the type of UAC prompt standard users receive. By default, this is set to prompt for credentials, but it can be set to disable prompting.
User Account Control: Detect application installations and prompt for elevation
This allows you to disable UAC prompts for installing new applications.
User Account Control: Only elevate executables that are signed and validated
This setting is disabled by default, but if you want a super-secure system that can run only applications that are signed with a certificate, you can enable this.
User Account Control: Only elevate UIAccess applications that are installed in secure locations
This allows UAC to elevate only those applications that are in secure locations such as your local hard drive. An unsecured location may be an untrusted network drive.
User Account Control: Run all administrators in Admin Approval Mode
Similar to the Admin Approval Mode for the built-in Administrator account, this setting applies to all accounts that are members of the Administrator security group.
User Account Control: Switch to the secure desktop when prompting for elevation
Allows you to specify if you want to switch to a secure desktop, one where other applications and scripts do not have access, to protect the UAC prompts from being manipulated by scripts and applications instead of end users.
User Account Control: Virtualize file and registry write failures to per-user locations
Provides the ability for users running as standard users to be able to still run applications that might previously have required administrative rights. This redirects system registry entries that are protected by admin permissions to local user locations so the application will still run.
Changing the UAC settings is easy to do with the Local Security Policy editor. Just follow these steps to modify the settings:
Click the Start button, type secpol.msc in the Search box, and then press Enter.
After the Local Security Policy editor loads, expand Local Policy and select Security Options.
Scroll to the bottom of the list to see all the UAC security policies. Right-click a policy and select Properties to modify it.
When you're finished, click OK to save the changes.
As you can see, editing the User Account Control's settings is very simple. If you are fed up with the User Account Control and want to completely disable it, all you need to do is set both the "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" and "User Account Control: Behavior of the elevation prompt for standard users" policies to no prompt and you will no longer have any annoying prompts. However, you will have just killed one of the best security features in Windows Vista. That is why I believe that it is possible to still use User Account Control while decreasing some of the annoying prompts. The next section will show you how I like to configure my UAC settings for a good balance.
While many people want to disable UAC completely, I am against this because of the added security it provides to Windows Vista. Instead, I like to configure my computer in a way that I can get the best of both worlds-being able to install applications and freely configure Windows settings without getting bombarded with UAC prompts, while still getting the security of UAC. How is this possible? Use two accounts!
All too often people like to use their computer logged on with a user that is a member of the Administrators group. They do this accidentally or without even knowing it because when your account is created as part of the end of the Windows Vista setup, it automatically adds it to the local Administrator security group. The end result is a situation in which you have to be treated as a standard user and authorize every single change in order to secure the system. I offer a better solution to secure the system that will greatly reduce the number of prompts you see that is very simple and almost easier to use once you get the hang of it.
This is how it works: You will have two accounts on your machine. One for your day-to-day use that will be a low-rights standard user account with UAC running, and another account that will have full admin rights with UAC disabled so that you can easily install and change system settings with it when needed.
To do this, you need to convert your administrator level account down to a standard user account. Next, create a new administrator account that is for the sole purpose of installing and managing applications and changing system settings. You will then configure UAC to not prompt authorizations on that special admin account so that you can be free of the UAC annoyances when using it.
After creating your two accounts, you will have your standard user level account that you will use 99 percent of the time for your day-to-day work that is protected with UAC, ensuring your computer is secure. Then, when you need to make a bunch of system changes or install a bunch of applications, you can use fast user switching to switch into the system configuration admin account you created to quickly make your changes without having to worry about UAC.
Follow these detailed steps to configure your computer this way to get the best of both worlds:
Convert your account to a standard user account. Click the Start button and select Control Panel.
Under the User Accounts and Family Safety section, select Add or remove user accounts.
Select your account from the list of accounts.
Under Make changes to your user account, select Change the account type.
Select Standard user instead of Administrator and click Change Account type. You have now finished converting your account to a standard user account.
Create a new account that you are going to use only for installing and managing applications and changing system settings. Go back to Control Panel and select Add or remove user accounts again. This time select Create a new account.
Type the name of the account; I like to use System Configuration as the name of my account. Then, select Administrator as the type of account and click Create Account. You are now finished creating the separate administrator account. Now, the only part left to do is configure UAC to not show prompts to your new admin configuration account.
Go back into the Local Security Policy editor by clicking the Start button, typing secpol.msc in the Search box, and pressing Enter.
Navigate through Local Policies and Security Options and locate "User Account Control: Run all administrators in Admin Approval Mode." Right-click this policy and select Properties.
Select Disable and click OK to save the changes. You are now finished setting up UAC to not run for your system configuration account.
After you are finished with these steps, you can easily switch to the configuration account with higher rights by pressing and holding Ctrl+Alt+Delete. Then click Switch User and select the configuration account. When you are finished doing your work that required higher rights, just press Ctrl+Alt+Delete again and switch back to your low rights session.