Because Windows 95 confronts you with a log-in dialogue box, you might think it can keep out those without an account and password. It can't.
Network access is about the only part of Windows 95's security that you can count on; if you don't share your drives and folders, other users on the network won't be able to access them. Of course, they can just walk over to your computer and view, delete, or run anything they want. Anybody who logs in can create a new user account and password -- not that they even need to. Windows 95 user accounts identify you by name to other computers and track your desktop and Start menu settings, but they do not protect the contents of your hard disk. In any case, anybody can bypass the log-in screen by pressing <Esc> or booting in Safe mode.
The easiest way to keep all but the most dedicated snoops out of your computer is to use the BIOS password feature. To enable it, enter the computer's CMOS setup program; most systems display a message at start-up telling you which keys to press to get into the CMOS utility. If yours doesn't, read the manual or call the manufacturer. The manual should also tell you how to create a boot-up password. Once you've enabled one, the PC won't start up completely until you enter the password, so store it in a few safe places.
If you're afraid of losing the password, here's another option. Windows 95 comes with an accessory called the System Policy Editor, which lets you restrict what users (including those who log on by pressing <Esc>) can do. The System Policy Editor makes sense when you want to share your system with other users, keep them from running certain programs, and preserve your own desktop settings.
You'll find the System Policy Editor accessory in your Win 95 CD's \Admin\Apptools\ Poledit directory. If you have the floppy disk version of Windows 95, you'll have to download the System Policy Editor from Microsoft's CD-ROM Extras Administration Tools Web page (http://www.microsoft.com/windows/software/admintools.htm).
To install the System Policy Editor, choose Settings--Control Panel from the Start menu, double-click Add/Remove Programs, select Windows Setup, click Have Disk, type in the path to the installation files, and click OK.
Next, choose Start--Programs--Accessories--System Tools--System Policy Editor, select File--Open Registry, then select Local User--Shell Restrictions and try different settings. You'll find more options under Local User--System--Restrictions.
However, experts can bypass even the most stringent System Policy Editor restrictions. To forestall that possibility, try one of two shareware security add-ons ---- Win-Secure-It 2.0 and StopLight 95 ELS.
Shetef Solutions' Win-Secure-It 2.0 is a program that lets you hide and write-protect files and folders from some people, and make them available to others using an optional password. Win-Secure-It also keeps an activity log, so you can see who's been poking around in your absence. Download a fully functional copy from the company's Web site at http://www.shetef.com.
Safetynet's StopLight 95 ELS lets you set up access for files and folders and encrypt your entire hard disk. Download a demo version of the program from the company's Website at http://www.safetynet.com.
- Scott Spanbauer