Step 11: Lock down clients

Why Your Business is at Risk

It's a major commitment to properly safeguard your business from external threats. If you've started down that path by updating your software and virus protection and installing a firewall, you've already made a significant investment of time, effort and money.

Unfortunately, the lack of stringent administration procedures can unwittingly sabotage that security investment -- reversing the changes you've made or inadvertently introducing new risks.

Top of page

Basic Steps You Can Take

To ensure you get the full benefit of the safeguards you've put in place, you may need to get proactive about "locking down" your client PCs. That way users can't intentionally or unintentionally override the security measures you've implemented.

Use the information below and the additional resources in the sidebar that best fit your organization's needs. You may want to take advice from several of the guides, depending on the operating systems and applications on your network.

Practice least privilege: With Windows XP and Windows 2000, it's possible to give users different permission levels based on the role they play in your organization. Many small businesses tend to give all users "Administrator" access on their PC so they can easily install new software or make other changes. But by doing so, they make it easier for viruses to infect the machine or for users to install software that violates company software policy or protocols. You may want to consider:

Use servers to manage clients: With Windows Servers it's possible to centrally control client PCs, thereby giving an individual user access to specific programs only. That way they can't make changes, install new software or manipulate passwords.

Top of page