Your PC is a vault. Protect it.

Your computer holds your money, your client data, and your passwords. Treat it like a bank vault. Here are some steps you can take to ensure you don’t leave the front door open for theives or rather open it for them.

Who this is for

Home users and small teams in Sri Lanka. You have Windows 10 or 11. You do not use cracked software.

What you need

Your Microsoft account login. A backup drive or cloud. Your router admin password.

Part 1: Quick Lockdown

Do this right now. It takes ten minutes.

Update and scan. Go to Windows Update. Check for updates. Install all of them. Open Windows Security. Do a Quick scan. Go to Virus & threat protection. Turn on Tamper Protection.

Remove remote access. Go to Settings > Remote Desktop. Turn it off. Uninstall AnyDesk, TeamViewer, or other remote access apps if you do not use them.

Lock camera and mic. Go to Settings > Privacy & security. Turn off camera and microphone access for all apps. Grant access only to trusted apps you need. Use a physical webcam cover. Unplug external cameras and mics.

Clean your browser. Open your browser extensions menu. Remove any unknown extensions. Your browser should auto-update. Check settings to be sure. Download new software from the vendor’s site only.

Part 2: Strong Windows Protections

These settings protect your PC’s core functions.

Core protections. Go to Windows Security > Device security. Turn on Memory integrity. Turn on BitLocker for all your drives. Check that SmartScreen is on.

Control your accounts. Use a standard account for daily tasks. Use an administrator account only for new installations. Your User Account Control should be set to “Always notify.”

Block ransomware. Go to Windows Security > Ransomware protection. Turn on Controlled folder access. Add your work folders to this list.

Part 3: Network and Firewall

These settings block attacks from your network.

Block file sharing. Windows file sharing is a risk. You should only use it on your private network. To stop it, open PowerShell as an administrator. Run these commands. This makes sure outside networks cannot access your files.

• Set-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Profile Public -Enabled False
• New-NetFirewallRule -DisplayName "Block SMB TCP 445 Inbound (All)" -Direction Inbound -Action Block -Protocol TCP -LocalPort 445 -Profile Any
• Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force

Keep RDP off. Remote Desktop is another risk. Keep it off. The command below confirms it is off.

• (Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server').fDenyTSConnections

Part 4: Protect Your Passwords

Criminals want your logins. Protect them.

Lock LSASS. LSASS holds your passwords in memory. You must protect it. Open PowerShell as administrator. Run these commands. This prevents malware from stealing your passwords.

• reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v RunAsPPL /t REG_DWORD /d 1 /f
• reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest" /v UseLogonCredential /t REG_DWORD /d 0 /f
• Add-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled

Account hygiene. Change your passwords for email, bank, and social media. Enable Multi-Factor Authentication everywhere. Review the devices logged into your accounts. Sign out old devices.

Part 5: Monthly Self-Audit

Repeat these steps every month.

Check for unknown programs. Open PowerShell as an administrator. Run this command to see what is running. This command lists listening ports. Look for unknown programs.

• netstat -abno

Review startup programs. Run this command in PowerShell. It shows you programs that run when you start your PC. Remove anything you do not recognize.

• Get-CimInstance Win32_StartupCommand | Select Name,Command,Location

Review your security. Check for Windows updates. Run a full Defender scan. Check your router firmware.

If you use cracked software

Your computer is compromised. Rebuilding is the safest path.

Clean rebuild plan.

1. Use a clean PC to create a Windows 11 USB installer from Microsoft.
2. Back up only your data files. Do not back up apps or scripts.
3. Reset your router to factory settings. Change the admin password.
4. Boot your PC from the USB installer. Delete all existing partitions.
5. Install Windows. Install only legal software.
6. Change all your passwords. Turn on MFA.
7. Monitor your bank and ad accounts for two weeks.

Final checklist

• Windows is updated.
• Defender, SmartScreen, Memory integrity, BitLocker are on.
• RDP is off. SMB is fenced. SMB1 is off.
• Browser extensions are clean.
• Router firmware is updated. UPnP and WPS are off.
• You use a standard account for daily work.
• You have backups.

Conclusion

Securing a Windows computer does not need advanced technical knowledge.

Most attacks in Sri Lanka today, whether through phishing, cracked software, or exposed sharing services, exploit weak defaults, not complex exploits.

By switching off unnecessary remote access, fencing file sharing to your home network, enabling BitLocker, keeping Defender and SmartScreen active, and resetting your HOSTS file, you already stop the majority of threats.

The steps in this guide are practical and repeatable.

They let you verify what’s running, see which programs are listening on your system, and confirm they’re signed and genuine.

You also now know how to block risky services like SMB, RDP, or the Print Spooler if you don’t need them. With one PowerShell script, you can apply safe defaults and generate a full security report on your Desktop.

Think of this as digital hygiene, like locking your front door or washing your hands.

Do it once properly, and then check in monthly. Combine it with good habits, no cracked software, strong passwords, MFA on every important account, router firmware updates, and your PC will stay safe enough for work, banking, and business.

DIY hardening puts the control in your hands. Whether you’re a student in Colombo, a freelancer in Galle, or running a small company in Kandy, these steps give you the same level of protection large firms pay IT teams to enforce.

Security is no longer optional; it is a daily necessity. With the practices outlined here, your Windows machine becomes harder to exploit, your data remains yours, and you can focus on life and work without constant worry.