Detailed permissions under Windows —————— "Badboy"

Source: Internet
Author: User
Tags strong password

with the wide application of the mobile network Forum and the discovery of mobile online vulnerability and the more and more use of SQL injection attacks, Webshell makes the firewall form a dummy, a Web server that even hits all Microsoft patches and only lets 80 ports open to the outside will not escape the fate of the black. Is there really nothing we can do about it? In fact, as long as you understand the NTFS system permissions setting problem, we can say to the crackers: no!

to build aSafetyWeb server, you must use NTFS and Windows nt/2000/2003 for this server. As we all know, Windows is a multi-user, multi-tasking operating system, which is the basis of permission settings, all permissions are based on users and processes, different users will have different permissions when accessing this computer. DOS is a single-tasking, single-user operating system. But can we say that DOS has no authority? No! When we opened a computer with a DOS operating system, we had administrator privileges on the operating system, and this privilege was everywhere. So, we can only say that DOS does not support the setting of permissions, it cannot say that it does not have permissions. As peopleSafetyawareness Enhancement, the permissions are set up with the release of NTFS.

Windows NT, users are divided into groups, groups and groups have different permissions, of course, a group of users and users can also have different permissions. Let's talk about the common user groups in NT.

Administrators, Administrators group, by default, users in Administrators have unrestricted full access to the computer/domain. The default permissions assigned to the group allow full control of the entire system. Therefore, only trusted people can become members of this group.
Power Users, the advanced user group, can perform any operating system task other than the tasks reserved for the Administrators group. The default permissions that are assigned to the Power Users group allow members of the Power Users group to modify the settings for the entire computer. However, Power Users do not have the right to add themselves to the Administrators group. In the permission settings, the permissions of this group are second only to administrators.

Users : Normal user group, the user of this group cannot make intentional or unintentional changes. As a result, users can run validated applications, but they cannot run most legacy applications. The Users group is the mostSafetyGroup because the default permissions assigned to the group do not allow members to modify the operating system settings or user profile. The Users Group provides one of the mostSafetyoperating environment of the program. On a volume that has been formatted on NTFS, the defaultSafetyThe setting is designed to prohibit members of this group from compromising the integrity of the operating system and installed programs. Users cannot modify system registry settings, operating system files, or program files. Users can shut down the workstation, but cannot shut down the server. Users can create local groups, but can only modify local groups that they create.

Guests: Guest group, by default, guest has equal access to members of normal users, but the Guest account has more restrictions.

everyone: As the name implies, all users, all users on this computer belong to this group.

In fact, there is a group is also very common, it has the same and administrators, and even higher than its permissions, but this group does not allow any users to join, when viewing the user group, it will not be displayed, it is the system group. The permissions that are required for system and system-level services to function properly are given by it. Since this group has only one user system, it might be more appropriate to classify the group as a user.

permissions are high and low, and users with elevated privileges can operate on lower-privileged users, but users of other groups cannot access other user profiles on NTFS volumes except administrators, unless they are authorized by those users. Low-privileged users cannot do anything with high-privileged users.

our usual use of the computer does not feel that there is a right to hinder you to do something, because we use the computer is used when the user logged in administrators. There are pros and cons, and of course you can do whatever you want to do without having permission restrictions. The disadvantage is that running the computer as a member of the Administrators group will make the system vulnerable to Trojan horses, viruses, and otherSafetythreat of risk. Simple actions that access Internet sites or open e-mail attachments can disrupt the system. Unfamiliar Internet sites or e-mail attachments may have Trojan Horse code that can be downloaded to the system and executed. If you are logged on as an administrator on the local computer, TroyTrojanmay use administrative access to reformat your hard disk, causing immeasurable loss, so in the absence of necessary circumstances, it is best not to administrators in the user login. Administrators has a default user created at System installation----The Administrator,administrator account has full control of the server and can assign user rights and access control permissions to users as needed. It is therefore highly recommended that you set this account to use a strong password. You can never delete an Administrator account from the Administrators group, but you can rename or disable the account. Because everyone knows that "administrator" exists on many versions of Windows, renaming or disabling this account makes it more difficult for a malicious user to try and access the account. For a good server administrator, they will usually rename or disable this account. Under the Guests user group, there is also a default user----Guest, but by default it is disabled. You do not need to enable this account if it is not particularly necessary. We can view the user group and the users under that group through the Control Panel-Administrative Tools-Computer Management-users and user groups.

We right-click on an NTFS volume or a directory under an NTFS volume, select "Properties"--"Safety"You can set permissions on a volume or a directory under a volume, and we see the following seven permissions: Full Control, modify, read and run, List folder directories, read, write, and special permissions." Full Control is the unrestricted full access to this volume or directory. Status is the same as administrators in all groups. With Full Control selected, the following five properties will be automatically selected. "Modify" is the same as power users, with "Modify" selected, the following four attributes will be automatically selected. If any of the following items are not selected, the "modify" condition will no longer be established. "Read and run" is what is allowed to read and run any file in this volume or directory, "List folder Directory" and "read" are necessary for "read and run". "List Folder Directory" means that only subdirectories under the volume or directory can be browsed, cannot be read, and cannot be run. "Read" is the ability to read data from the volume or directory. "Write" is the ability to write data to the volume or directory. The "Special" is a breakdown of the above six kinds of permissions. Readers can do their own "special" to carry out a deeper study, the boy here is not too much to repeat.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.