Solved

Advanced Computer Logon

Posted on 2006-11-06
10
164 Views
Last Modified: 2010-04-11
I'm looking for something real secure for logging on my PC.

I'd like something like a pin # required BEFORE the windows login screen can be accessed.

Even in safe mode would be extra helpful.
0
Comment
Question by:jqsolara
10 Comments
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Why don't you configure BIOS password.
0
 

Author Comment

by:jqsolara
Comment Utility
Because I'd like to utilize remote desktop connection from home.

However, I don't want people to get on my system at work if someone's there (i.e. log on to the domain we all use) via my computer.
0
 

Author Comment

by:jqsolara
Comment Utility
Yeah, I was really happy to see someone surfing NFl sites on my system under their domain login when I remoted to it yesterday.
0
 
LVL 27

Expert Comment

by:David-Howard
Comment Utility
Hey JGSolara,
You might give this a try. (Free and with a screenshot)
http://www.softforall.com/Utilities/SecurityEncryption/CompuSec_PC_Security_Suite09130085.htm
It uses pre-boot authentication, single-sign-on for windows Logon, full hard disk encryption,
encryption of floppy diskettes and other removable media.
This is shareware:
http://www.pcsoftland.com/utilities/encryption-tools/DCPP.htm
:-)
David
0
 
LVL 7

Expert Comment

by:instillmotion
Comment Utility
Assuming you have windows XP:

Control Panel > Display > Screensaver Tab > On Resume Password Protect. Set the screensaver on.

It will lock your machine and only an administrator or yourself would be able to log you off. Unless they force restart the machine off course.

It's the equivalent of locking your machine rather than loggin off. If you're logged off, a domain user can logon, but if you lock the machine, they have to force you out, and only an administrator would be able to do it.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 19

Expert Comment

by:CoccoBill
Comment Utility
If we are talking bout a corporate environement, wouldn't it be the administration's task to deal with this kind of issues, if they are regarded as policy breaches? Tell your superior about this, if your workstation is for your personal use only, it shouldn't be a problem to remove logon rights from Domain Users. Installing software that alters/restricts logon rights on the computer, which I'm assuming is company property, can be a breach of policy.
0
 

Author Comment

by:jqsolara
Comment Utility
Don't worry about company policy I have permission to do so but thanks for pointing that out for others.

And so far I've found http://www.dekart.com/   incase anyone here is looking
0
 
LVL 3

Expert Comment

by:MarkWYnne
Comment Utility
In a managed domain environment CoccoBill is spot on.

Admin can specify which users can log on to what computers via their AD account. In a situation where users
have static desks... Computers users can log on to can be specified on the AD account tab. Otherwise anyone can log into anyone's computer. Also log on rights can be denied for certain users.



I used to use the auld "System not compliant. Do not use" note stuck to the screen. Again this may twist somebody's biscuit so be sure you are within company policy boundaries so not to get in hot water with IT.



0
 

Author Comment

by:jqsolara
Comment Utility
I am the system administrator but I will probably end up changing the user policy for my system. It's just that my Predecessor has so much stuff I have to fix in group policies because it really is a mess.

This is why I was seeking some type of software to do this for myself. Sorry to not specify that this is indeed my system for work however I can do whatever I wish to do with this laptop.
0
 
LVL 19

Accepted Solution

by:
CoccoBill earned 500 total points
Comment Utility
Personally I wouldn't bother with extra gimmicks, just add your domain account to the local Administrators group (or better yet Users, principle of least privilege), then remove Domain Users from the local Users group and Domain Admins from the local Administrators group if you want to make sure noone users your laptop. Since you have access to the group policy you could also create a custom policy for yourself where you specify the users with Log on locally privileges.

By the way, I assume you mean the Dekart secure Logon application? From what I understand from reading it, it basically just provides an alternate logon method to regular windows password authentication. That itself doesn't block other users out nor change their permissions on the laptop. Even if it did block their local logons, I doubt it'll stop other user accounts from logging over the network or through remote desktop.

0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now