Three applications of group policies in vista

In the previous article, what are the application of group policies in the Vista system? Next, we will introduceGroup PolicyOther three applications.

3. prevent malicious Shutdown

In enterprises and institutions, there are often some good people or scammers who can peek at the information on others' computers. Although we can lock the computer through Windows + L, we can prevent other people from spying, however, there is another "shut down the computer" on the locked page. Although others cannot tamper with the machine, they can shut down the computer. If someone who encounters a good thing clicks "shut down the computer, early work is likely to be overwhelmed. Therefore, it is necessary to add a lock to "shut down the computer. You can easily complete such tasks through group policies.

Click Start> Run. In the displayed dialog box, enter Gpedit. msc, and press enter to open the Group Policy Editor. Expand the "Computer Configuration> Windows Settings> Security Settings> Local Policy> Security Options" branch, and find the "shutdown: Allow shutdown before Logon" option in the right pane, double-click. In the displayed Properties dialog box, set the attribute to "disabled". Click "OK" and close the Group Policy Editor. (Figure 6)

　

Figure 6 prevent malicious Shutdown

4. account-related

(1). Rename the Guest account

In the working group environment, you need to enable the guest account for network sharing, which poses a certain security risk because attackers can intrude into the system through the default guest account, renaming a guest account is a good method. Because it is the default account of the system, it cannot be changed normally. We can use group policies.

"Start> Run" and enter Gpedit. choose "Local Computer Policy> Computer Configuration> windows Settings> Security Settings> Local Policy> Security Options", and double-click the "Rename Guest user" option on the right ", enter the name of the new guest user. (Figure 7)

　

Figure 7 change the name of the guest user

(2). Guest can also be remotely shut down

In Windows 2000/XP, only members of the Adminstrators group can remotely shut down the computer by default. This policy is designed for system security and continues to Windows Vista, but sometimes we use a Guest account to log on to a computer in a LAN for operations, and we need to grant the guest user the permission to remotely shut down the machine. How can we achieve this? The procedure is as follows:

Step 1: Run Gpedit. choose "Local Computer Policy> Computer Configuration> windows Settings> Security Settings> Local Policy> User permission assignment" from the shortcut menu, and click "Access Computer From Network" on the right ", right-click "properties" to view users that are allowed to access remotely. By default, the guest user is disabled and has no permission to shut down this computer. First, enter the command "net user guest/active: yes" at the command prompt to enable the guest, click "add user or group" and enter "Guest" in the input Object Name dialog box. (Figure 8)

Figure 8 Guest user authorization

Step 2: Find "Force Shutdown remotely" in "user permission assignment" in the current Group Policy console window and double-click the project. In the pop-up window, add the "guest" account and click "OK" in sequence, so that the guest has the permission to remotely close the computer. (Figure 9)

Figure 9 shutdown permission

Figure 10 set the number of logon attempts

Note: In Windows Vista, the next step is to automatically set the interval between the account lock time and the Reset Account lock counter. Generally, we use the default value. Of course, you can also modify it as needed.

5. Security

(1) defense against Windows + X hotkey Vulnerabilities

Windows Vista keys combination brings convenience to our work, but it also brings a lot of trouble. The previous sticky Key Vulnerability and win + u key combination vulnerability broke many systems. If Microsoft does not release a patch, we can disable it first. The procedure is as follows:

Run Gpedit. msc to open the Group Policy setting window. In the "Group Policy" setting window, choose "Local Computer Policy> User Configuration> Manage template> Windows Components> Windows Resource Manager. In the right pane, find the "Disable Windows + X hotkey" option and enable it. (Figure 11)

Figure 11 disable hotkeys

(2). record and report illegal Login

Personal computers can sometimes be a plaything for everyone. When you are not around, it is plagued by some people. How do we know if we have moved our computers?

In fact, there is a new feature in Vista that allows us to determine if someone has moved our computer. We can allow Vista to record the time of every logon to the system. If we find a strange logon time, someone will certainly have moved our computer.

Run "gpedit. msc opens the "Group Policy" setting window, opens the Group Policy object editor, and then locates "Computer Configuration> Management Module> Windows Components> Windows logon options ", in the right-side dialog box, select and double-click "display previous Logon Information During User Logon". In the displayed dialog box, click "enabled.

After the settings are complete, the system will prompt you the last logon time before the user enters the system desktop when you start the computer next time. In this way, we can determine whether someone has moved our computer. (Figure 12)

Figure 12 system logon information

Conclusion: Through the above example, do you want to receive the magic function of the system "big internal manager" in the Group Policy? In fact, group strategies are a treasure. As long as we are good at mining, we can always find "treasure" to complete some very important tasks.

We hope that the application of the vista system group policy introduced in this series will be helpful to readers. Of course, more knowledge about group policies remains to be actively explored and learned by readers.