Several rules for Windows security Configuration

First, physical security

The server should be placed in an isolated room with a monitor installed, and the monitor should retain the video recording within the day. In addition, the chassis, keyboard, drawers, etc. to be locked, to ensure that other even when unattended to use this computer, the key should be placed in a safe place.

Second, stop Guest Account Number

in [Computer Management], you will Guest account stopped, no time allowed Guest Account Login System. For insurance purposes, it's a good idea to Add a complex password to the Guest account and modify the guest account properties to set the Deny remote access.

Third, limit the number of users

Remove all test accounts, shared accounts, and General department accounts, and so on. User Group Policy sets the appropriate permissions, and frequently checks the system's account number to delete accounts that are not already applicable.

Many accounts are not conducive to administrator management, and hackers in the account number of the system can use more accounts, so reasonable planning system in the account allocation.

Iv. multiple admin accounts

administrators should not frequently log on to the system using a manager account, which may be Winlogon The software of the password in the process spied, should set up a regular account for oneself to carry on the daily work.

At the same time, in order to prevent the administrator account once the intruder obtains, the administrator has the Backup administrator account can also have the opportunity to obtain the system administrator privilege, but therefore also brings the multiple account potential security question.

Five, change the Administrator account name

in the Windows $ administrators in the system Administrator The account number cannot be deactivated, which means that the attacker can repeatedly try to guess the password for this account. Renaming the administrator account can effectively prevent this.

do not change the name to a similar Admin , but try to disguise it as a normal user.

Six, Trap account number

similar to the 5th, after changing the name of the administrator, you can create a Administrator users, set their permissions to the lowest, and add a Ten more than a bit of complex passwords, which cost intruders a lot of time and discover their intrusion attempts.

Vii. changing the default permissions for file shares

The permission to share a file from the Everyon " Change to " authorized user "," Everyone " means that any user who has access to the network will be able to visit these shared files.

Eight, security password

the definition of a secure password is: the password that cannot be cracked during the security period is the security password, that is, even if the password document is acquired, it must be spent the days or longer to break it out ( Windows Security Policy Default the change the password once, if set).

Nine, screen protection / Screen Lock Password

A barrier that prevents internal personnel from damaging the server. When the administrator leaves, it is loaded automatically.

10. Use NTFS Partitioning

than FAT file System, NTFS the file system can provide more security features such as permission settings, encryption, and so on.

Xi. anti-virus software

Windows the operating system does not come with anti-virus software, a good anti-virus software can not only kill some viruses, but also killing a lot of Trojan and hacker tools. Set up anti-virus software, hackers use the famous Trojan horse program will be useless. At the same time must pay attention to constantly upgrade the virus database !

12. Security of backup disk

Once the system data is compromised by hackers, the backup disk will be the only way to recover the data. When you have finished backing up your data, keep the backup disk in a safe place. The backup cannot be placed on the current server, so it is better not to do the backup.

Server-hosted leasing, large-bandwidth cabinet rental contact 2851506992Q number

Several rules for Windows security Configuration