A case of Windows 2000 security maintenance and error resolution

Computer security includes not only protecting your computer's local data, but also securing your data on your network. A good operating system can identify people who attempt to access computer resources, prevent specific resources from being inappropriately accessed by users, and provide users with a simple and efficient way to set up and maintain the security of the computer.

Currently, PC users are often windows, compared to previous versions, Windows 2000 based on NT platform technology has greatly improved stability and security. The following is an example of Windows Professional, and a solution to an application problem is introduced.

One, Windows 2000 security features

1. User accounts and Account group features

Ensure that only authorized users can access the computer, while effectively managing user specific task rights and permissions, such as folder access rights. System built-in groups enable most users to obtain all the user rights and permissions required to perform their respective tasks. Admin interface in Control Panel, user and password.

2. Share folder permissions

You can restrict or allow access to these folders over the network by giving the shared folder permissions to any folder. Through the project's property menu settings. By default, when a new shared directory is added to Windows 2000, the operating system automatically adds the Everyone user group to the Permissions module, because the default permissions for the group are fully controlled, allowing anyone to read and write to the shared directory. Therefore, after you create a new shared directory, delete the Everyone group immediately or adjust the group's permissions to read.

3. Features of a more secure NTFS file system than fat and FAT32:

Disk quota service, which controls the amount of disk space that each user allows to use;

Supports setting permissions on files or folders, restricting or allowing access to users or groups, and providing access types, that is, you can limit the files that each user allows to read and write to any folder in the disk directory. If you want to share folders that are located on an NTFS drive without special settings, NTFS folder access is valid on both the local and the network;

NTFS also supports owners encrypting files and folders to better protect information.

It is recommended that you use NTFS disk partitions.

4. Printer permissions

Restrict user access by assigning printer permissions. Three permissions for printing documents, managing documents, and managing printers. Through the project's property menu settings.

5. Audit

You can use auditing to track accounts that are used to access files or other objects, as well as user logon attempts, shutting down or restarting systems, and other specified events. Before auditing occurs, you must use Group Policy to specify the type of event to audit. For example, to audit a folder, first enable Audit object access for the audit policy in Group Policy. Next, you can set up auditing as you would set permissions: Select an object, such as a file or folder, and then select the users and groups whose actions you want to audit. Finally, select the action you want to audit, such as trying to open or delete a restricted folder. You can audit successful and failed attempts. You can track audit activity by using Event Viewer to view the security log. The auditing mechanism for disk access can only be applied on top of the NTFS file system. Audit mechanisms should be used for all users who need to be audited.

6. User Rights

User rights are rules that determine what actions a user can perform on a computer. In addition, user rights control whether users can log on to the computer directly (locally) or over the network, add users to local groups, delete users, and so on. A built-in group has an assigned set of user rights. Typically, an administrator assigns user rights by adding a user account to a built-in group, or by creating a new group and assigning specific user rights to that group. Users that are subsequently added to the group automatically get all the user rights assigned to the group account. User rights are managed through Group Policy.