Windows Vista Security
Is your Vista computer well secured ?

Windows Vista Security
Security is extremely important when using your computer; learning how to configure your PC to work for you in terms of security is essential.

On this page, you'll learn how to modify a couple of Vista "annoyances" that may be driving you mad. Furtermore this page will focus on protecting your information and your computer. You'll learn how to encrypt your data and how to disable common functionality - so other users can't wreak havoc. The tutorials toward the end of this chapter rely on the Group Policy Management Console (GPMC), which is not available in Vista Home and Home premium. Where possible, I will provide you with a registry hack and in some cases instructions to modify the registry.

Windows Vista Security - Add "Take Ownership" Context Menu

Many folders in Vista are protected from changes and require administrative approval to change every time. Sometimes this can become tedious, so I've created a registry hack you can use to take ownership of select files.

1. Download TakeOwnership.zip
2. Add "Take ownership" to your context menu by merging (double click) InstallTakeOwnership.reg
into your windows registry.

Remove "Take ownership" from your context menu by mergingRemoveTakeOwnership.reg into your registry.

Windows Vista Security - Stop UAC Blacking Out the Screen

Have you noticed that when Windows Vista prompts you to allow a program to take action, that the screen blacks out? This is to show you that you are moving to an elevated desktop - where you will allow the program to continue. This can be annoying but you can disable this feature as followed:

1. Download DisableUACBlackout.zip
2. Extract the archive
3. Double click on DisableUACBlackout.reg

To re-enable the blackout, double click on "ReEnableUACBlackout.reg".

Windows Vista Security - Encrypt Your USB/HDD Data

Do you have data on your USB drive that could be accessed by someone if they found your key drive? Do you have sensitive data that you need to protect, but don't want to pay for expensive software? TrueCrypt was designed for you and in this section you'll learn how to use it.

This guide is written for TrueCrypt 4.3a, but newer
versions should operate in a similar fashion.

I will refer the media as a "USB key drive" throughout this tutorial. If you are encrypting your hard disk drive, simply replace this phrase with "hard disk drive" the procedure is identical.

Final word: do not encrypt the entire drive your OS is stored on. You may encrypt parts of the drive, but not system files.

Download TrueCrypt
1. Download TrueCrypt
2. Run the installer
3. When prompted, select Extract and click Next
4. Extract the files to your USB key drive in a folder named TrueCrypt

You can delete other files in the directory if you wish. Ensure you keep the following four files as depicted in the Figure above.

Windows Vista Security - Encrypt part of your USB drive

1. Run TrueCrypt.exe
2. Once loaded, select a drive letter that will become the encrypted volume (the drive letter of your USB drive won't change - but will show as two different drive letters when you complete this tutorial).
3. Press Create Volume. Your USB drive will still keep its letter (i.e. "R"), but it will be split into two virtual drives (so the encrypted data will appear as a "W" drive in Computer after you finish the setup.)
4. Now select Create a standard TrueCrypt volume and click Next
5. The next screen will ask you where you want to store the volume. Save a file named Container in the Truecrypt folder on your USB thumb drive and click Next
6. Select the size of the encrypted volume (You want to choose 1/2 the size of the drive)
7. Create a secure password
8. Now select Format and your Container will form
9. After a confirmation message, click Exit

Verify Your Encrypted Drive Works

1. Go to your Computer and look for a "W" (or letter you chose) drive. It's not there; good news!
2. Open TrueCrypt
3. Select the drive letter you chose in the previous steps
4. Click Select File and find your Container you created
5. Click Mount
6. Type in your password and press OK and your volume will mount
7. Go to Computer and your drive will be there

When you are done, go back to TrueCrypt and select Dismount. Congratulations, you now have your data encrypted on your USB drive.

Windows Vista Security - Disable Task Manager

Disable the Task Manager using Group Policy Editor
1. Start Group Policy Editor (Start > Run > "gpedit.msc")
2. In the left panel, go to User Configuration > Administrative Templates > System > Ctrl+Alt+Del Options
3. In the right panel, enable Remove Task Manager

Disable the Task Manager using the Windows Registry Editor
1. Start Registry Editor (Start > Run > "regedit")
2. Disable Current User: In the left panel, navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system
3. Disable All Users: In the left panel, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system
4. Create a new DWORD value named DisableTaskMgr
5. Set the value to 1 to disable Task Manager
6. Set the value to 0 to re-enable Task Manager

In order for this to take effect, you may need to restart your system.

Windows Vista Security - Disable Right Click

You may not want users to have access to the right click menu. This can be useful when you don't want people editing the start menu. There are workarounds for not having the right click button, but this will deter most users. In this guide you'll learn how to disable right clicking in Windows.

Disable right click for the Desktop, Files, Folders, and Windows Explorer
1. Start Group Policy Editor (Start > Run > "gpedit.msc")
2. In the left panel, go to User Configuration > Administrative Templates > Start Menu and Taskbar
3. In the right panel, enable Remove access to the context menus for the taskbar

Disable right click for the Taskbar and the Start Menu
1. Start Group Policy Editor (Start > Run > "gpedit.msc")
2. In the left panel, go to Administrative Templates > Windows Components > Windows Explorer
3. In the right panel, enable Remove Windows Explorer's default context menu

Windows Vista Security - Disable Add/Remove Programs

This guide will help you remove the Add/Remove Programs option from the Control Panel. This is not a
fool proof method, but deters most users from accessing this list.
1. Start Registry Editor (Start > Run > "regedit")
2. Disable Current User: In the left panel, navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Uninstall
3. Disable All Users: In the left panel, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall
4. Create a new DWORD value named NoAddRemovePrograms
5. Set the value to 1 to disable Add/Remove Programs
6. Set the value to 0 to re-enable Add/Remove Programs
7. In order for this to take effect, you may need to restart your system.

Windows Vista Security - Disable Control Panel Access

You may want to restrict access to the control panel and only allow administrative access. This is a very
good idea if your children use an account or if you set up a computer in an office for an employee. Learn how to disable the control panel in this guide.

1. Start Group Policy Editor (Start > Run > "gpedit.msc")
2. In the left panel, go to User Configuration > Administrative Templates > Control Panel
3. In the right panel, enable Prohibit access to the control panel

Windows Vista Security - Disable Shutdown

You may not want someone shutting down a computer because you don't want them accessing the boot
menu, or you may want to have the computer running at all times. This guide will show you how to remove
the Shut Down option from the Start Menu, CTRL+ALT+DEL screen, and task manager. Users can still shutdown in the run dialogue.

1. Start Group Policy Editor (Start > Run > "gpedit.msc")
2. In the left panel, go to User Configuration > Administrative Templates > Start Menu & TaskBar
3. In the right panel, enable Remove and Prevent Access to the Shut Down Command

Windows Vista Security - Disable Internet Access

In this guide, you will learn how to set up a false proxy configuration so that any application that relies on the Microsoft Proxy (IE, Firefox, Opera, Office, Outlook) will not be able to access the Internet. This has obvious advantages and can be set for the whole system or all non-administrator accounts.

Alternatively, you can unplug the internet cable/disconnect the router… but you didn't need me to tell you that did you?

Setting up a False Proxy Server
1. Start Registry Editor (Start > Run > "regedit")
2. Disable Current User: In the left panel, navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
3. Disable All Users: In the left panel, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
4. If one doesn't already exist, create a new DWORD value named ProxyEnable
5. Set the value to 1 to disable the internet
6. Set the value to 0 to re-enable the internet
7. If one doesn't already exist, create a new DWORD value named ProxyServer
8. Set the value to an unavailable IP number e.g. 0.0.0.1:1111
9. Set the value to the original value to re-enable the internet (or delete the key if it didn't exist before)

Windows Vista Security - Protecting the Proxy Server Configuration

Even after setting up the false proxy server, you can still get to the internet (if you know what you're doing), so do the following to stop users making changes to the internet configuration:
1. Start Registry Editor (Start > Run > "regedit")
2. Disable Current User: In the left panel, navigate to HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
3. Disable All Users: In the left panel, navigate to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel
4. Create a new DWORD value named Connwiz Admin Lock
5. Create a new DWORD value named Connection Settings
6. Set both values to 1 to disable the connection settings
7. Set both values to 0 to re-enable the connection settings

In order for this to take effect, you may need to restart
your system.

Windows Vista Security - Disable Logging off

Disabling Log Off helps users to remember to shut down their PC at night. In this guide you'll learn how to
disable logging off from the Start Menu and Task Manager.

Removing Log Off from the Start Menu
1. Start Group Policy Editor (Start > Run > "gpedit.msc")
2. In the left panel, go to User Configuration > Administrative Templates > Start Menu and Taskbar
3. In the right panel, enable Remove Logoff on the Start Menu

Removing Log Off from Task Manager
1. Start Group Policy Editor (Start > Run > "gpedit.msc")
2. In the left panel, go to User Configuration > Administrative Templates > System > Ctrl+Alt+Del options
3. In the right panel, enable Remove Logoff

Windows Vista Security - Disable Run Dialogue

Disabling the run dialogue is very useful when protecting your computer from unwanted changes, especially by those who know what they're doing! In this guide you'll learn how to disable the run dialogue.

1. Start Group Policy Editor (Start > Run > "gpedit.msc")
2. In the left panel, go to User Configuration > Administrative Templates > Start Menu and Taskbar
3. In the right panel, enable Remove run from Start Menu

Please note: disabling the run dialogue also disables the following actions:

• Clicking Run on Start menu.
• Pressing WINKEY+R for the run dialogue
• Running a New Task command in Task Manager
• Entering A UNC path (\\\) in the IE address bar
• Accessing ALL local drives and folders

Windows Vista Security - Disable Registry Editor Access

By now, you should notice you can make some significant changes with the registry. To protect your
computer from those changes being made, disable the Registry Editor (regedit.)
1. Start Group Policy Editor (Start > Run > "gpedit.msc")
2. In the left panel, go to User Configuration > Administrative Templates > System
3. In the right panel, enable Prevent access to registry editing tools

Windows Vista Security - Disable System Properties Access

The System properties can be accessed by rightclicking Computer and selecting Properties. From here, you may change vital system settings. To disable access to these options, follow this guide.
1. Start Group Policy Editor (Start > Run > "gpedit.msc")
2. In the left panel, go to Desktop
3. In the right panel, enable Remove Properties from the My Computer context menu

This article is written by Mintywhite.com and is part of the Windows Vista Pocket Guide