I think they really should just go to cloud computing and be done with keeping any data on the PC; hey, maybe that's the new paradigm!
This list is not for the faint hearted. This list is culled from documents published by the richest of the paranoid the US government. Non-technical readers need go no further.
Source: The short title is "Government Lockdown Guide", full title is "A New Boundary Technologies Security Configuration Guide Based on OMB Memorandum M-07-11 and NIST Special Publication 800-68". Sept 2007
2. Disable Simple File Sharing.
3. Use passwords on all user accounts.
4. Use the Administrator Group with care.
5. Disable the Guest Account.
6. Use a firewall if you have a full time internet connection.
7. Use a router instead of ICS (remote users).
8. Use software restriction policies.
9. Limit the number of unnecessary accounts.
10. Rename the Administrator account.
11. Consider creating a dummy Administrator account.
11. Consider creating a dummy Administrator account.
12. Replace the "Everyone" group with "Authenticated Users" on file shares.
13. Prevent the last logged-in user name from being displayed.
15. Make sure that Remote Desktop is disabled.
16. Enable EFS (Encrypting File System).
17. If you use offline folders, encrypt the local cache.
18. Encrypt the Temp folder.
19. Clear the page file at shutdown.
20. Enable auditing on your workstations.
21. Disable default shares.
22. Disable dump file creation.
23. Disable the ability to boot from a floppy or CD-ROM on physically unsecured systems.
24. Disable AutoRun for the CD-ROM.
25. Consider implementing IPSec.
