How can I "bomb proof" a laptop (running XP)?

I´m setting up a 12" Dell for a friend who is clueless about computers, has zero patience and is sure to try downloading illegal content and look at websites that would make Mr Hefner blush.

I want to avoid having to repair this lappy every weekend, so…what´s the best way to go about it.

User accounts, sandbox, Acronis, etc ???

Suggestions and advice please :bigsmile:

To have a clone of the entire C: partition with a software like Acronis is certainly a good idea, so a full restore can be done in a matter of minutes.

Another good idea is to create an user with limited privileges, so a lesser amount of damages can be done by your friend. Be sure to not give him/her the administrator password, or having a limited user will become useless :bigsmile:

Install also a firewall, at least a free one like Zone Alarm, and an antivirus configured to automatically remove all detected threats.

Maybe using a Linux distro can be safer for the most common threats like virus trojans etc, but of course the main cause of computer problems resides between keyboard and chair :stuck_out_tongue: so trying to teach your friend some common sense about avoiding behaviors like clicking on every banner is another thing that can reduce the amount of problems.

I also suggest to not use your USB pendrives in that computer, just to be safe :bigsmile:

It is easy just disable all networking capabilities…

There’s quite a bit that would make Mr Hefner blush…

Very little that would make Larry Flint blush.

AD

Hi Geno: I won´t be able to regularly make back-ups but that reminded me that maybe if I made a set of recovery discs I will at least be able to restore the OS to the way it is now…I mean, with the several extra programs that I´ve added. Is that possible?

[QUOTE=deanimator;2537976]Hi Geno: I won´t be able to regularly make back-ups but that reminded me that maybe if I made a set of recovery discs I will at least be able to restore the OS to the way it is now…I mean, with the several extra programs that I´ve added. Is that possible?[/QUOTE]

The most important thing is to have at least a recovery disc set with the working installation. In this way, if something goes messy you can restore the system in short time.

With Acronis you can make a 1:1 clone of the entire partition any time, so after installing the operative system, configuring it and adding all programs, having a backup is certainly something I would do.

Acronis is not the only software to do this however. You can also use CloneZilla, a free version (Linux based) of Acronis :slight_smile:

Another good idea is to install Windows Steady State. This is a package Microsoft made freely available which allows the computer to be restored to a specific state just by rebooting the PC. All disk writes are logged, so when the computer is shutdown, there is an option to commit or discard the changes, with the commit option being password protected from what I recall. This tool is quite often used at Internet Café’s in addition to limited user accounts.

Creating a limited user account is also a very good idea as this protects against most Malware attacks, especially if Windows updates are kept up to date.

[QUOTE=deanimator;2537947]I´m setting up a 12" Dell for a friend who is clueless about computers, has zero patience and is sure to try downloading illegal content and look at websites that would make Mr Hefner blush.

I want to avoid having to repair this lappy every weekend, so…what´s the best way to go about it.[/QUOTE]First thing: no admin permissions for this user.
Second: harden the system by application of software restriction policies, see http://home.arcor.de/skanthak/download/XP_SAFER.INF (copy the entire text into notepad or any other plain text editor, save as XP_SAFER.INF, then install by right-clicking)

Together with user-only permissions, no unwanted software will be executed.

Basically, that’s all.
I am rolling out this configuration on my brothers system which is a familiy computer partially operated by an ignorant teenager. :eek:

Only problem: how can you make sure all the software on this system is kept up to date? Are you the person who cares about?

In case this user has access to an admin account, the system will likely be toast after a short time.

Perhaps Mint9 instead of Windows is the better option…

Michael

[QUOTE=Seán;2538072]
Creating a limited user account is also a very good idea as this protects against most Malware attacks, especially if Windows updates are kept up to date.[/QUOTE]
A good idea? This is essential unless you intend to run a malware honeypot.

As suggested, make sure there is a good system backup stored somewhere safe. Macrium Reflect FREE Edition is a good choice, but remember to create a bootable CD/DVD (bootable flash drive is possible but it requires third-party tools).

I have been using several system imaging tools, including Acronis True Image Home 11 for a few years, but the problems I’ve had with the latest Acronis True Image Home 2010 and with its much more confusing user interface makes me recommend looking elsewhere for a stable solution.

Clonezilla works well but I wouldn’t call it simple to use.

EDIT: You could of course buy the non-free Macrium Reflect, which can be setup with a pre-Windows boot environment for restores. I haven’t used this myself, however.

Great advice thanks you everyone!

I´m starting with the [B]User Account[/B] idea. Normally easy as I have done this on my own lappy and also on Blondie´s new lappy. On the weirdo´s machine however I accidentally wound up with the following accounts
Administrator (invisible)
Myself (with admin privileges & password)
Weirdo (with admin privileges bit NO password)
Guest (with no privileges)

Went nuts trying to get this mess sorted out…but tracked down the solution…also not as easy as ya thought:
RESTART in SAFE MODE (pushing F8 during start-up)
START > RUN and type " control userpasswords2 "
This displays a list of user accounts and their types and if they are password protected.
Click the one you are interested in and change the password or delete the account as required. BINGO…done!

#################

Now, back to business: [B]I have the correct user accounts[/B]

[B]What´s the next step?[/B]
I´m thinking…

  1. download [B]Macrium Reflect FREE[/B] as suggested by Draggles and make a back-up on an external HDD
  2. Create the [B]recovery discs[/B] as suggested by Geno (I think this will include all my XP updates…right?)
  3. [B]Partition the C drive[/B] (make it about 20GB for necessary programs) so that he can keep his music and videos and data in folders on the new D drive.

Then…I like the idea of the [B]Windows Steady State[/B]. Will this allow him to save any data he adds? For example if he acquires some new music…can he save it in his folder, or add photos to his photo folder???

As a final step…the [B]Hardening Software[/B] as suggested by Mciahel.

How does this sound?

I suggest you take a system image with Macrium Reflect [B]after[/B] you have repartitioned your drive. Most imaging tools don’t like to restore onto a partition that is smaller than when the image was taken.

And remember to create bootable media for when you need to restore your image, since this cannot be done from within Windows.

Thank you gentleman 4 the info:flower:
I luv new programs and I’m gonna try Steady State because:
You can use Windows SteadyState to create user accounts on alternative drives that will retain user data and settings even when Windows Disk Protection is turned on

In case you want to make bootable flash media using Macrium Reflect Free Edition, you first need to “Create Rescue CD” to an ISO image. I suggest using “Compatibility Mode: Off” which for some reason is more compatible for me.

Then you can use something like UNetbootin to make a bootable flash drive from the ISO image. (I use UltraISO myself which is ShareWare but excellent).

If you have a 16 GB flash stick, you can most likely even fit the system image on the flash drive. 8GB can be enough for XP but it might be a bit too small for Vista and Windows 7.

EDIT: One more thing; you must verify that you can boot using the rescue media. This goes for Macrium and for any other system imaging tool you choose. If your rescue media won’t boot, your system image will be useless.

[QUOTE=deanimator;2538134]2) Create the [B]recovery discs[/B] as suggested by Geno (I think this will include all my XP updates…right?)[/QUOTE]

Yep, if you make the clone after installing everything, then every update will be included in the restore. Any update/software installed after the backup creation of course will be not included after a restore. But usually this is nbot a big deal: simply run again windows update and that’s all :slight_smile:

Eventually, you can bake a new partition clone including all new updates :slight_smile:

Creating D partition with EASEUS Free

Next: Recovery discs.

Dang…no more blank DVDs at Blondie´s house…so the recovery discs will have to wait a bit.

One thing I think is also necessary is to [B]disable Autorun[/B]
There seem to be several options for doing this, but I suspect the following is the most reliable

"Start Menu > Run and type in: " gpedit.msc " (without the quote " " marks)
You will see the Group Policy window. You should select Administrative Templates > System in the tree view
You will see an item in the right side pane called “Turn off Autoplay” (you may have to click further to see this)
Double click the item, and set the radio button to Enabled, and change the “Turn off Autoplay on” to All Drives.
Now you should be safe from the autoplay monster."
Source

[QUOTE=deanimator;2538238]Dang…no more blank DVDs at Blondie´s house…so the recovery discs will have to wait a bit.

One thing I think is also necessary is to [B]disable Autorun[/B]
There seem to be several options for doing this, but I suspect the following is the most reliable

"Start Menu > Run and type in: " gpedit.msc " (without the quote " " marks)
You will see the Group Policy window. You should select Administrative Templates > System in the tree view
You will see an item in the right side pane called “Turn off Autoplay” (you may have to click further to see this)
Double click the item, and set the radio button to Enabled, and change the “Turn off Autoplay on” to All Drives.
Now you should be safe from the autoplay monster."
Source[/QUOTE]

Good idea :iagree:

I used this procedure too :bigsmile:

Installed [B]Paragon Back-up & Recovery Free [/B]

and used it to make a [B]Recovery Disc[/B], and a [B]back-up folder[/B] in the C-drive and the same folder also on my external drive.

Now to install the [B]Windows Steady State[/B] thing and we should be good to go!

:bigsmile:

[QUOTE=deanimator;2538134]As a final step…the [B]Hardening Software[/B] as suggested by Mciahel.
[/QUOTE]This is simply an inf file that adjusts some settings in Windows. Please note, there is no benefit from this if the user has admin permissions. (And avoid using the “power user” account type).

Michael

My other advice would be for it possible go to Win7 on that laptop and then you have better networking control as well as the latest in windows defender and O/S updates to protect the laptop. I installed Win7 Ult on two Dell laptop and they work find and even better at battery monitor and usage as well as being able to update to the latest defender protection. You never mentioned what model of laptop that is? My two Dell a D830, E1505 both were able to go Win7 Ult with all hardware updates and are what I am using to log onto Myce right now.