First thing to do is to make sure that the true "Administrator" named account has a password. (control.exe userpasswords2) If not, she could get around your changes just by booting into safe mode. Next, set your Uncle's account as Administrator and password protect it. Make sure she hasn't installed any hidden accounts. Set his screen saver to activate in three minutes and ask for a password after five seconds. Make sure automatic logon is turned off. (should be by default) Set her
freak'n account as Limited and make sure her Uncle knows how not to give out his password, or allow her to watch him peck... or type it in.
The user accounts applet is nusrmgr.cpl, but you're going to have to fight with WFP to keep it off.
ren "c:\windows\driver cache" "(Driver Cache)"
ren c:\windows\system32\dllcache\nusrmgr.cpl *.(cpl)
ren c:\windows\system32\nusrmgr.cpl *.(cpl)
echo Respond to WFP queries with "cancel" and "yes".
echo Waiting for 60 seconds....
ping 127.0.0.1 -n 60>nul
ren "c:\windows\(driver cache)" "Driver Cache"
That should work, but you may have to fight with it some more and she can still use "Control.Exe userpasswords".Now if she's truly mischievious she'll simply reinstall windows.
Disable CD, USB, Network & Floppy boot in the BIOS and password protect the BIOS.
As far as her getting direct access to the HD... well... I would say mod a car alarm onto it but they need a constant 12v power supply.
I'm sure there are some other angles to be explored... so keep your brain storming...
EDIT: If she's hacker-class (
) then you'll need to disable all non-essential services and go directly to update.microsoft.com.