A great deal of (windows) security depends upon your login-id which is ONLY protected by the login password – so pick a good one.

Password choices to avoid:

• · Your name, spouse’s name, children’s name, address, birth date, and surely your ssn (or any part thereof).
  · Simple sequences (123456) or repetitions (aaaaa)
  · ANY dictionary word!

These are always the first choices of a hacker and given sufficient time, he’ll get you!

Good choices include combinations of :

• · UpperLower case
  · One or more numbers and
  · One or more special characters eg: # $ % - _ *

See MS Password best practices

You can change your password using the Control Panel (CP) ->User Accounts tool.

If you are a Computer Administrator and create a user password for your account by using the User Accounts Control Panel tool, you are prompted to make your files and folder private. ALWAYS make your files private.

While you’re there, create a new login (eg zMaster ) with ADMIN privileges using and create a password for it
(hint: to make passwords easier to remember, add a prefix to your regular user login password).
If your login password was 12345678 (very bad by the way), then you might add Adm- to it and then be able to login with Adm-12345678. Notice this fits the good choices noted above To actually create the users profile, you need to login to the new user id.

There is one more account you need to modify: GUEST. This account can be accessed remotely and if not protected, you can get into trouble with File Sharing. First, set a password for the account (eg: guest- prefix to your normal password). Now DISABLE the account. Sounds crazy I know (but hey, you have to click START to shutdown the system too ) but disable only inhibits using the keyboard to login, not access by the network.

By the way, there’s a hidden admin account and you ought to secure it too.

• · Boot into Safe Mode. As the system starts, tap F8 once/second until you get the VGA screen with the Safe Mode choice. Use it and if you get a prompt for a password (which I doubt), just hit the <enter> key. When the system initializes, you just discovered that the Administrator account was totally unprotected
  · Now use the CP ->User Accounts tool to set the password for that account!
  · Make life easy; use the same password that you used for the new account you created.

To allow easy access to your login names, change the way users login:

• · Using an Admin login, Start->run-> >NUSRMGR.CPL
  · Check both boxes

Now you can pick a login at boot time OR switch users without logging off

• · Start->LogOff->Switch User

There are other ticks with user switching, but that’s discussed under the topic LUA vs. Admin.

While we’re on login security, did you know Windows login passwords are easily hacked!
The problem lies in the LMHASH technique of storing passwords. To thwart the hackers, there are three techniques you can use to protect your system.

• 1- GPO policy Do not store LAN Manager hash value on next password change (Win/XP Pro or Vista; Win/XP Home will not be able to use the GPO technique).
  2- Implement the NoLMHash Policy by Editing the Registry
  3- Use a password of more that 15 characters (may be difficult to remember).

See lmhash protection

Also see NTLM version 2 (NTLMv2)
and btw: compatibility to Win/98, Macintosh and Linux shares needs the setting
· Level 1, Send LM and NTLM—use NTLMv2 session security if negotiated

Security 101 table of contents
next ->1.c Print/File Sharing
contributed by jobeard
[last edit] Jan 6, 2009[/edit]

__________________
J. O. Beard; you + tech-101.com => synergism. Secure your system now