Whether you’re sharing a computer with other family members or friends at home, or securing computers in a corporate environment, there may be many reasons why you need to protect the programs, data, and settings on the computers.
This article presents multiple ways of locking down a Windows 7 computer, depending on the type of usage being employed by the users. You may need to use a combination of several of the following methods to protect your programs, data, and settings.
Restrict Which Programs a User Can Run
If you have kids that use your computer, and you have programs on the computer that you don’t want them messing with, you can restrict them to using only certain programs. Say your kid tends to play games on the computer instead of doing his homework. You can set rules in AppLocker in the Group Policy Editor that prevents all games from being run.
NOTE: The Group Policy Editor is not available in the Home versions of Windows 7.
Lock Down the Firefox Web Browser
If you want to restrict the websites your child, or other family members or friends, can visit when surfing the internet on your computer, you can use the Public Fox extension in Firefox to block downloads and websites and prevent changes from being made to the browser. It locks down add-ons, preferences, about:config settings, and bookmarks. You apply a password to the extension so users cannot turn off these restrictions.
NOTE: You can restrict your child or other user to only using Firefox, so you can take advantage of Public Fox’s protections.
Lock Your Windows Account on Demand
If you’re logged in, but need to leave the computer for some time, you can quickly lock your account, so no one can access it. To do this, do one of the following things:
- Press the Windows logo key and the letter ‘L’ at the same time.
- Press Ctrl + Alt + Del and then click the Lock this computer option.
- Create a shortcut to lock the screen.
Use the Windows Built-in Screensaver to Lock Your Computer
You can set the screensaver settings so it locks your computer automatically when your away. Once you set the screensaver settings, you can prevent users from changing the screensaver (and also the wallpaper).
You may want to quickly disable the screensaver, if you’re doing something you don’t want interrupted, like watching a long video. To be able to do this, create shortcuts on the desktop to disable and enable the screensaver.
To start specific screensavers immediately, you can create icons for each of the screensavers that comes with Windows.
Temporarily Lock Your Computer if Someone Tries to Guess Your Password
If you share your computer with other family members or allow your friends to use it, you should have a password on your Windows account so no one else can log into it. However, someone may try to guess your password and log into your account. If this happens, you can temporarily lock your computer.
You should also periodically change your password.
Disable Writing to USB Drives
If you are in charge of the computers at your company you may be concerned about the security of the corporate data on the computers. Or, you may just not want your family members and friends to take files from your personal computer. There is a way, in Windows 7, to prevent users from copying files to an external USB drive using a registry hack.
Restrict Users from Using Cut, Copy, Paste, and Delete
If you would rather not disable writing to external USB drives, as described above, you can restrict users from using the Cut, Copy, and Paste commands, as well as the Delete command. There is a free, small program available on the Tweaking with Vishal site, called Stopper, that prevents access to these commands.
Stopper is a standalone .exe file. Simply unzip the downloaded file and run the .exe file to disable the Cut, Copy, Paste, and Delete functions. Other users will not be able to copy anything to an external USB drive and steal your data and programs. You can enable these functions again by opening the Task Manager, selecting Stopper.exe on the Processes tab, and clicking End Process.
NOTE: We recommend you change the name of the .exe file before you run it, so savvy users of your computer are confused when they look in the Task Manager. They shouldn’t be able to tell which process is Stopper, if they are knowledgeable enough to get into the Task Manager. We left the name of the .exe file as Stopper.exe in the image below for illustrative purposes.
Lock Minimized Programs
If you let someone briefly use your Windows account on your computer, you may not want them looking at any programs you have open. However, you may not be ready to close the programs. There is a free utility, called LockThis!, that allows you to lock down minimized program windows, so can’t be opened.
Use User Account Control to Protect Your PC
User Account Control (UAC) is a feature added to Windows as of Vista and continued in Windows 7. It’s designed to prevent unauthorized changes to your computer, thus making your computer much more secure. You can change the settings for UAC to provide different levels of security. You can read all about UAC to decide what level is appropriate for each computer you are trying to protect.
Use Parental Controls in Windows 7
If your children tend to get on the computer and play games when they should be doing their homework, you can use AppLocker to restrict the programs they use. However, if you want to control the amount of time they spend on the computer, you can use the Parental Control in Windows 7, as well as restrict access to programs.
Use the Local Group Policy Editor to Change Policies
If you are using Windows 7 Professional, Ultimate, or Enterprise, you can use the Local Group Policy Editor to change policies that affect the security of your computer. The Local Group Policy Editor is not available in the Home and Starter editions of Windows 7. For example, you can restrict access to drives in My Computer by changing a policies in the Local Group Policy Editor.
To access the Local Group Policy Editor, open the Start menu and enter “gpedit.msc” (without the quotes) in the Search box. Press Enter or click the gpedit.msc file when it displays in the results.
The following policies are some of the policies that can be changed to help secure your PC. For example, you can restrict access to the Control Panel, the registry, and the command prompt, and you can prevent users from changing their passwords and accessing the Task Manager. We have listed the name(s) of the policy item(s) from the right pane and then the path to the policy item(s) in the left pane.
- Show only specified Control Panel items / Hide specified Control Panel items / Prohibit access to the Control Panel – User Configuration | Administrative Templates | Control Panel.
- Prevent access to registry editing tools / Prevent access to the command prompt – User Configuration | Administrative Templates | System.
- Disable the Privacy Page / Disable the Security Page [in Internet Explorer] – User Configuration | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel.
- Remove Change Password / Lock Computer / Task Manager / Logoff – User Configuration | Administrative Templates | System | Ctrl+Alt+Del Options.
NOTE: Under User Configuration | Administrative Templates | System, you may notice that you can specify certain programs users will be able to run or not run. However, using AppLocker, as we discussed earlier in this article, is a more secure method of restricting access to programs for certain users.
Protect Your Data in an Encrypted File Vault
You can also protect your data files from prying eyes by storing them in an encrypted file vault. A very good, free program for that purpose is TrueCrypt. It allows you to create a very secure vault in which you can store your files and “lock it up” when you are done.
When securing your Windows account and your data and programs, remember to use good, strong passwords, and store them securely, when you have to record them. We also have additional tips for securing your data and backing up your data, which may not seem like it’s related to locking down your computer, but it’s important, as well. What do you do if another user of your PC does something to render the PC useless? If that happens, you’ll be happy you spent the time and effort to backup your data.