Windows Server Security-Remote Desktop Access Security

Recently, I made some adjustments to the server's security. First, I shut down unnecessary ports. This is easy to use IPsec, and it is easy to use Windows Firewall.

For remote desktop, I have not changed the port. I just made a preliminary security record first.

The procedure is as follows:

1. log on to the server with administrator. I prefer to use commands, saving the trouble of finding them in the control panel and directly running the command control userpasswords2

In the dialog box, select advanced. First, create an account named abc_admin. Add it to two groups: Administrators and remot desktop users.

2. Open the properties of my computer and select "remote desktop settings" on the left ". In the remote desktop Administrators Group, select the bottom one and specify the users that can be accessed, specify abc_admin, and delete administrator.

3. Log On again with abc_admin and rename the super administrator. In this case, you can find the Adminstrator user and rename it directly.

4. Set the Remote Desktop Policy and run the command gpedit. MSC

In the left-side list area of the console window, move the cursor to the "Computer Configuration" branch option in the left-side area of the Group Policy editing Console window, next, expand the "Windows Settings", "Security Settings", "Local Policy", and "user permission assignment" sub-items under the branch, in the display area on the right of the corresponding "user permission assignment" subitem, double-click the target group policy option "Allow logon through Terminal Services" and delete the Administrators account in the pop-up window, in this way, when an illegal user attempts to remotely connect to the server using the Administrator account, an alarm is displayed, indicating that the user is not allowed to log on.

Now, you can use abc_admin for remote logon management. This prevents some malicious users from trying brute-force cracking, changing some uncommon user names, and setting the password longer, to some extent, it can prevent brute-force cracking.