Locking workstation - locks everything or just screen?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I have an XP box with an ADSL connection. At the moment, despite having a
firewall, I log off the machine if I leave it for any length of time. My
reasoning for doing this is that if anyone from the internet does manage to
get onto my network, they won't be able to access the PC (ie it will at least
slow them down hopefully).

What I'm wondering is, if I lock the machine instead (windows key + L),
would this accomplish the same effect? Does that just lock the input through
my keyboard and mouse, or does it completely lock the machine, prevent any
applications running etc?

I don't think I explained that very well, hopefully you'll understand what I
mean!
 
Locking a computer only prevents someone from walking up to your keyboard
and accessing the computer as you. Logging off does not do much to protect
your computer from the network if you have file and print sharing and/or
Remote Desktop enabled though making sure the guest account and using strong
passwords would help in preventing access to a network share such as the
built in hidden administrative shares. The command net share will show your
available shares. Having said that I have more than a few computer running
and the firewall protects them just fine. Be sure to follow other best
practices such as using a quality antivirus program that is kept current
with virus definitions, configure it to scan all emails and downloads, and
keep current with critical security updates as Windows Updates as shown in
the link below. -- Steve

http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
--- Protect Your PC tips
 
haydnw said:
Hi,

I have an XP box with an ADSL connection. At the moment, despite having a
firewall, I log off the machine if I leave it for any length of time. My
reasoning for doing this is that if anyone from the internet does manage
to
get onto my network, they won't be able to access the PC (ie it will at
least
slow them down hopefully).

What I'm wondering is, if I lock the machine instead (windows key + L),
would this accomplish the same effect? Does that just lock the input
through
my keyboard and mouse, or does it completely lock the machine, prevent any
applications running etc?
Click to expand...


Don't know how you have your Windows XP setup. Mine will present the
Ctrl+Alt+Del window (i.e., the Login Screen) when it locks up. Lockup can
be performed by using a screen saver (with password protection enabled),
using the Windows+L key combination, or running [using a shortcut that runs]
"%windir%\system32\rundll32.exe user32.dll,LockWorkStation".

If you want users to login after the lockup, set the option in the group
policy. Run gpedit.msc and navigate to the following node:

Computer Configuration
Windows Settings
Security Settings
Local Policies
Security Options

and *DISABLE* the following setting:

Interactive Logon: Do not require CTRL+ALT+DEL

You are disabling the disable, so you are requiring users to use the Login
Screen. You might also want to to *enable* the following setting:

Interactive Logon: Do not display last user name

Normally the username is displayed in the Login Screen (after you hit
Ctrl+Alt+Del). No point in giving away half of your login credentials;
i.e., make the hacker guess at both your username and password instead of
just the password.

Obviously if you are setting this for a local login, it won't be effected
when you login under a domain (which will push whatever policies they want
when you login, but you can define a .reg file to run after logging in since
policies are pushed only during the logon).
 
Back
Top