Advanced Computer Logon

I'm looking for something real secure for logging on my PC.

I'd like something like a pin # required BEFORE the windows login screen can be accessed.

Even in safe mode would be extra helpful.
jqsolaraAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
CoccoBillConnect With a Mentor Commented:
Personally I wouldn't bother with extra gimmicks, just add your domain account to the local Administrators group (or better yet Users, principle of least privilege), then remove Domain Users from the local Users group and Domain Admins from the local Administrators group if you want to make sure noone users your laptop. Since you have access to the group policy you could also create a custom policy for yourself where you specify the users with Log on locally privileges.

By the way, I assume you mean the Dekart secure Logon application? From what I understand from reading it, it basically just provides an alternate logon method to regular windows password authentication. That itself doesn't block other users out nor change their permissions on the laptop. Even if it did block their local logons, I doubt it'll stop other user accounts from logging over the network or through remote desktop.

0
 
prashsaxCommented:
Why don't you configure BIOS password.
0
 
jqsolaraAuthor Commented:
Because I'd like to utilize remote desktop connection from home.

However, I don't want people to get on my system at work if someone's there (i.e. log on to the domain we all use) via my computer.
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
jqsolaraAuthor Commented:
Yeah, I was really happy to see someone surfing NFl sites on my system under their domain login when I remoted to it yesterday.
0
 
David-HowardCommented:
Hey JGSolara,
You might give this a try. (Free and with a screenshot)
http://www.softforall.com/Utilities/SecurityEncryption/CompuSec_PC_Security_Suite09130085.htm
It uses pre-boot authentication, single-sign-on for windows Logon, full hard disk encryption,
encryption of floppy diskettes and other removable media.
This is shareware:
http://www.pcsoftland.com/utilities/encryption-tools/DCPP.htm
:-)
David
0
 
Yves AccadNetwork Security EngineerCommented:
Assuming you have windows XP:

Control Panel > Display > Screensaver Tab > On Resume Password Protect. Set the screensaver on.

It will lock your machine and only an administrator or yourself would be able to log you off. Unless they force restart the machine off course.

It's the equivalent of locking your machine rather than loggin off. If you're logged off, a domain user can logon, but if you lock the machine, they have to force you out, and only an administrator would be able to do it.
0
 
CoccoBillCommented:
If we are talking bout a corporate environement, wouldn't it be the administration's task to deal with this kind of issues, if they are regarded as policy breaches? Tell your superior about this, if your workstation is for your personal use only, it shouldn't be a problem to remove logon rights from Domain Users. Installing software that alters/restricts logon rights on the computer, which I'm assuming is company property, can be a breach of policy.
0
 
jqsolaraAuthor Commented:
Don't worry about company policy I have permission to do so but thanks for pointing that out for others.

And so far I've found http://www.dekart.com/   incase anyone here is looking
0
 
MarkWYnneCommented:
In a managed domain environment CoccoBill is spot on.

Admin can specify which users can log on to what computers via their AD account. In a situation where users
have static desks... Computers users can log on to can be specified on the AD account tab. Otherwise anyone can log into anyone's computer. Also log on rights can be denied for certain users.



I used to use the auld "System not compliant. Do not use" note stuck to the screen. Again this may twist somebody's biscuit so be sure you are within company policy boundaries so not to get in hot water with IT.



0
 
jqsolaraAuthor Commented:
I am the system administrator but I will probably end up changing the user policy for my system. It's just that my Predecessor has so much stuff I have to fix in group policies because it really is a mess.

This is why I was seeking some type of software to do this for myself. Sorry to not specify that this is indeed my system for work however I can do whatever I wish to do with this laptop.
0
All Courses

From novice to tech pro — start learning today.