Windows Server 2003 system security Tips Set

The security of the operating system is undoubtedly the most attention, although the stability of Windows 2003 performance by more and more users of the favor, but in the face of emerging new viruses, enhance security is still a priority. Usually, we only need some minor changes to make the system security upgrade a step, we look at the following points you do it?

User password settings

Setting a password for the administrator account can largely avoid password attacks. Password set character length should be more than 8 digits, preferably a combination of letters, numbers, special characters, such as "psp53, @pq", "skdfksadf10@" and so on, can effectively prevent violent cracking. It's best not to use your own birthday, cell phone number, phone number, etc. to make a password.

Delete Default Share

Removing Windows 2003 system default hidden shares can also effectively enhance the safety factor of the system, click "Start → run", enter "Gpedit.msc" and then return to open Group Policy Editor. Expand User Configuration →windows settings → scripts (logon/Logoff), double-click the login entry, and then add "Delshare.bat" (parameters do not need to be added) to remove the default share for Windows Server 2003. Next, disable the IPC connection: Open Registry Editor, expand the [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] branch in turn, and in the right window, locate the RestrictAnonymous the subkey, change its value to "1".

Turn off the AutoPlay feature

Figure I

The AutoPlay function not only plays a role in light drive, but also works on other drives, so it is easy for hackers to use to execute hacker programs. Open the Group Policy Editor, expand Computer configuration → administrative Templates → system in turn, in the right window, locate the Turn off AutoPlay option and double-click, select Enabled in the Open dialog box, and select all drives in the Drop-down menu after turn off AutoPlay, and press OK to take effect.

Empty the remote accessible registry path

Set the remote accessible registry path to NULL, which effectively prevents hackers from using the scanner to read computer system information and other information through the remote registry. Open the Group Policy Editor, expand Computer Configuration →windows settings → security → security options, and in the right window, locate the network access: Remotely accessible registry path, and remove the remotely accessible registry path and subpath contents.

3, eliminate hidden dangers to teach you to prevent blocking coup

In addition to security settings, Windows 2003 because of congenital reasons, there are a lot of security risks, if these hidden dangers "blocked", it may bring unnecessary trouble to the entire system. The following small series on the introduction of some of the Windows 2003 unusual security hidden trouble prevention methods, I hope to bring help to you!

By automatically saving hidden dangers

The DR in the system when the Windows 2003 operating system fails to invoke the application. Watson will automatically save some important debugging information so that it can be viewed later when the system is maintained. However, this information is likely to be hackers "aimed at", once the aim, a variety of important debugging information will be exposed. To block Dr. Watson automatically saves the pitfalls of debugging information that we can implement as follows:

Open the Start menu, select the Run command, and in the Run dialog box that opens, enter the registry edit command "regedit" to open a Registry editing window, and in that window, expand the Hkey_local_ with the mouse. Machine\software\microsoft\windowsdowsnt\currentversion\aedebug Branch, in the right child window corresponding to the AeDebug key value, double-click the auto value with the mouse, in the pop-up parameter Settings window, Reset its value to "0".

Open the Windows Explorer window for the system and expand the Documents and Settings folder, the All Users folder, the Shared Documents folder, the DrWatson folder, and so on. Finally, the corresponding DrWatson in the User.dmp file, Drwtsn32.log file deleted.

Complete the above settings, restart the system, you can automatically save hidden trouble.

Resource sharing hidden Dangers

In order to facilitate the transmission of information between local area network users, the Windows Server 2003 system is "considerate" to provide you with the file and Print sharing function, but we enjoy the convenience of this feature at the same time, sharing features will be "Wolf", "magnanimous" To the hackers to open a lot of loopholes, to the system caused a lot of insecurity. Therefore, if you do not need to implement files in this machine, print sharing, we must turn off the function, so that the resources to share hidden dangers, the following is the specific steps to turn off the sharing function:

Figure II

Perform the Network Connections command under the Control Panel menu item. In the window that appears, right-click the Local Area Connection icon, and on the Open shortcut menu, click Properties to open an Internet Protocol (TCP/IP) Property Settings dialog box To remove the "File and Printer Sharing for Microsoft Network" option in the interface; As a result, the local computer will not be able to provide file and print sharing services, so that hackers naturally less attack the system's "channel."

Blocking User Switching potential

The Windows 2003 system provides us with fast User Switching capabilities that allow us to easily log on to the system. However, in the enjoyment of this relaxed, the system also has the installation of hidden dangers, for example, if we execute the "logout" command on the System "Start" menu, and then use the traditional way to log in to the system, the system is likely to log in as a violent "attack" on computer systems. This Windows2003 system may be the current login account as an illegal account, lock it up, this is clearly not what we need, however, we can use the following steps to block user Switching, the security risks:

In the Windows 2003 System desktop, open the Control Panel command under the Start menu, locate the Administrative Tools command below, perform the Computer Management command on the subordinate menu, locate the user account icon, and click Change how users log on or log off in the window that appears later. ; In the Open Settings window, the "Use Fast User Switching" option will be canceled.

Block the page to exchange hidden trouble

The Windows 2003 operating system may disclose important confidential information, especially important account information, to hackers or other visitors, even under normal working conditions. Maybe we'll never think of looking at files that might leak privacy information, but hackers are concerned about them. In the Windows 2003 operating system of the paging file, in fact, a lot of important privacy information is hidden, this information is generated in the dynamic, if they do not clean up in time, it is very likely to become a hacker invasion breach; To do this, we have to follow the following methods to get Windows 2003 the operating system automatically deletes the paging files that are generated when the system is working when the system is shut down:

Open Registry Editor, in the left area of the window, click Hkey_local_machine\system\currentcontrolset\control\sessionmanager\memory with the mouse Management The value of the key, finds the ClearPageFileAtShutdown key value in the right area, and, with the mouse double-click, modifies the DWORD value to "1" in the subsequent open Numeric Settings window.

When you have finished setting up, quit the Registry editing window and restart the computer system to make the above settings effective.