The following recommendations will help you prevent others from bypassing the protection of folders performed by Folder Guard:

• Restrict access to the Registry editing tools. A user can disable the protection by editing the Registry and then rebooting Windows. You can deny access to the Registry Editor by using permissions provided by Folder Guard, or by restricting access to the file RegEdit.exe directly. If you have third-party registry editing tools, you will need to restrict access to them, too.

• Restrict access to the system tools. A user can disrupt the operation of Folder Guard by using the Msconfig.exe tool and other similar programs. You can restrict access to such tools with Folder Guard.

• Restrict access to the direct drive access tools. A user can see the files protected with Folder Guard by using the tools that access the contents of the disks directly (that is, by bypassing the usual operating system services that most regular programs use). If you have such tools installed on your computer, you can restrict access to them with Folder Guard.

• Enable the stealth mode of Folder Guard. This will hide Folder Guard files from other users. If operating in the stealth mode is not desirable for some reason, assign the read-only attribute to the installation folder of Folder Guard, to prevent other users from deleting or modifying Folder Guard files. (Note that when you create a new file with restrictions, Folder Guard assigns the read-only attribute to its folder for you automatically).

• Prevent users from booting the computer with a system floppy disk. Most modern computers allow you to change the booting preferences by modifying the BIOS settings. You may also be able to protect the BIOS settings with a password to prevent others from changing them. The exact procedure of making changes to the BIOS depends on the model of the computer; please contact your computer manufacturer for the instructions specific to your system.

• Prevent users from booting Windows in the "safe mode" or "command prompt only" mode. Because the protection is not normally enabled at Windows startup in either of these cases, it is important to restrict a user's ability to boot Windows in any of these modes.

• Prevent modifications to the system files in the root folder on the boot drive (usually C:\). Mark the system files such as AUTOEXEC.BAT, BOOT.INI, Msdos.sys, with the read-only attribute, otherwise users can modify or delete them!

• Prevent access to the System Restore tool. When you install Folder Guard on Windows Vista or XP, the Setup utility creates a system restore point. To stop other users from using the System Restore utility to remove Folder Guard through its system restore point, assign the no access attribute and (optionally) an unlocking password to the file rstrui.exe, usually located in the folder C:\Windows\System32\Restore.