Setting up adequate password control in Windows XP to 7. (DRAFT)

Setting up adequate password control in Windows XP to 7.

Probably will work in 8 as well

Normal users

[ol]- Go to All Programs ~ Accessories ~ Command prompt. Type in commands and set settings as below.

  • Type Control UserPasswords , and chose to create or change the account password. Ideally make it 15 characters or more long and use lower and upper case, and at least one punctuation mark. (Using 15 chracters or more is especially critical in Winodws XP as it prevents the password being stored insecurely by Windows). Choose to create a password reset disk, and store this securely. Check that only people you trust absolutely have administrator accounts on the computer, and check that they too have password control set like this. Exit the Window.
  • EITHER Type Control PowerCfg.cpl and choose that your computer should sleep after 15 minutes max (5 is better), and choose that it should require a password on waking. Log in to and do this in all other administrator accounts as well. Exit the Window.
  • AND/OR Type Control Desktop and choose screensaver settings, and choose to create a screensaver password. Set this to 15 minutes max (5 is better). Log into and do this in all other administrator accounts as well. Exit the Window.
  • Carefully check what you are sharing with other users in your network sharing settings and folder properties. In Windows XP one setting can grant all users access to all documents in all user accounts![/ol]

Advanced users

[ol]- From the command line, run Gpedit.msc and go to Computer config ~ Windows Settings ~ Security Policy ~ Account Policy ~ Password Policy ~ Password Must Meet Complexity Requirements, and enable it. Note that it is not possible in Win XP-7 to enforce a password length longer than 14 Characters.

  • Consider setting a bios password. To do this consult your computer’s instruction manual (to enter the Bios you usually press F8 during the initial boot stages). Please note that setting a bios password and forgetting it will probably mean you cannot use the machine again without replacing the motherboard. Changing other Bios settings may have similarly dire consequences if you don’t know what you are doing.[/ol]

This FAQ has been prepared by a volunteer moderator – with input from many other moderators (Thanks everyone). It has been produced on a best endeavours basis - it will be added to and corrected as we find out more. Please note that I am not a member of staff and therefore cannot speak on behalf of Comodo. My particular thanks for treefrogs for helping to develop detailed recommendations and testing them