Locking someone out of Windows?

[Bloodshot]

Howdy!

We've got a problem; my girlfriends brother insists on using her computer when she's not there and it's really starting to annoy her. The account is password protected and is the only admin account on Windows, however whenever we change the password to a new one, somehow he keeps finding out what the password is!

How is he doing this? Is there anyway to stop him?

Additionally, what would be the best way to block Runescape? Unfortunately, we don't have access to the physical router =(.

Any help would be greatly appreciated!

Cheers,

 

[Burnsy2023]

Is the guest account enabled?

 

[feriso]

BIOS password on startup (to allow you to boot the machine)

 

[Raumarik]

BIOS password is the only way, chances are he's either using an admin password reboot boot disk or has another account which isn't showing (guest as burnsy is suggesting)

 

[K1LLSW1TCH]

Break his fingers!

 

[edscdk]

to block rune scape, edit the hosts file in c:\windows\system32\drives\etc, add an entry

127.0.0.1 www.runescape.com

I have guessed the runscape web site address so check its correct..

on the logging in as her front, assuming she can log in with her normal username and password after he has been on its

a) he knows where she writes down the password or guess' it
b) he restarts in safe mode and logs in as administrator (Assuming you get that option)
c) he boots an OS from a CD (but that would not leave any trace he had done anything)

 

[Bloodshot]

Thanks for the replies.

to block rune scape, edit the hosts file in c:\windows\system32\drives\etc, add an entry

127.0.0.1 www.runescape.com

I've looked for that folder, but can't seem to find anything. What exactly do you need to do?

Is there anyway to prevent him doing this (the boot thing)? AFAIK there are no guest accounts. He actually logs onto the machine and changes the password back to the password she used to use all the time.

Thanks again!

Edit: Found that file, will try what you suggested! Thanks =)

 

[Raumarik]

Bloodshot check you can see hidden/system files.

 

[BarKeep]

Howdy!

How is he doing this?

I googled 'stop use of a password reset disk' and found this:

If you make a new password reset disk (for each account) the previous ones are disabled.

Not tried it myself, sounds too easy.

 

[JHeaton]

I've looked for that folder, but can't seem to find anything. What exactly do you need to do?

That appears to be a typo, if I remember rightly it's "drivers" and not "drives".

 

[Bloodshot]

That appears to be a typo, if I remember rightly it's "drivers" and not "drives".

Yeah, I found it thanks! It appears to be working for browsers, but do you know whether or not this will block him using something called "SwiftKit"? Seems to be some kind of client for Runescape.

So if we create a new password reset disk, it should disable the old one? Outside of this password reset disk, how can we stop him doing stuff in the BIOS? IS that related to the disk?

Cheers,

 

[Dano]

Is there any reason why he can't have his own account or is it a situation where she just doesn't want him using it period?

 

[SourChipmunk]

BIOS is not related to Windows nor hackable with a boot disk. It sits at the hardware level.

When you first turn on your PC you will get a very brief prompt to press a key to enter the BIOS. Once inside, check for security settings. Set up a password, save and exit, and the only way to clear it is to crack the case open and reset it physically.

 

[Bloodshot]

Is there any reason why he can't have his own account or is it a situation where she just doesn't want him using it period?

Yeah, she just doesn't want him using the computer full stop.

So, the BIOS security password, if he changed it himself, we would have no way of resetting it other than physically going into the computer?

 

[Dano]

Yup, and to top that off resetting it would reset all the BIOS settings too which might cause issues.

 

[CaptainCrash]

Yeah, she just doesn't want him using the computer full stop.

If all else fails, she might consider full-disk encryption with pre-boot authentication using Truecrypt - with a suitably strong passphrase this will keep the CIA or MI6 out of her PC, so an annoying pimply adolescent will be absolutely no problem.

Do make sure she backs up first though, if something goes wrong during the encryption process her data is likely to vanish for good.

 

[JHeaton]

Yeah, I found it thanks! It appears to be working for browsers, but do you know whether or not this will block him using something called "SwiftKit"? Seems to be some kind of client for Runescape.

It should do, as long as the SwiftKit program is going to the URL that you put in the hosts file.

 

[Bloodshot]

It should do, as long as the SwiftKit program is going to the URL that you put in the hosts file.

Awesome! Is there anyway to password protect the Hosts file so he can't remove it?

Cheers!

 

[Pho]

Not if he already has administrator access.

Alternatively you could try taking the keyboard away or disabling it by installing a tiny switch somewhere on the wire which must be thrown to activate it .

 

[this_is_gav]

Unless it's a ridiculously easy password to guess, then he presumably knows how to use a password recovery tool from a boot CD in order to find out the password you're using. If he does, then he knows a bit and things like setting a BIOS password is unlikely to do much to stop him. He might even visit this forum... he's probably reading this thread.