How to use the "Local Security Policy" of XP system

When you click the control panel → administrative tools → local security policy, you go to the main interface of the local security policy. Here you can set various security policies by using the commands on the menu bar, and you can choose how to view, export lists, and import policies.

First, strengthen the system account

1. Prohibit enumeration of accounts

We know that some worm viruses that have hacking behavior can be used to scan the Windows 2000/XP system's specified port and then guess the administrator system password through a shared session. Therefore, we need to guard against such intrusions by setting the Prohibit enumeration account in the local security policy, as follows:

In the security settings tree of the list on the left of local security policy, expand Local policy → security options on a level-by-layer basis. View the list of related policies on the right. Here you find Network access: Do not allow anonymous enumeration of SAM accounts and shares, right-click, select Properties from the pop-up menu, and then pop up a dialog box to activate the Enabled option, and then click the Apply button to make the settings effective.

2. Account Management

To prevent intruders from exploiting vulnerabilities to log on to the machine, we will set up renaming the Administrator account name and disabling the Guest account here. Set the method to: in the local policy → Security options branch, locate the account: Guest account status Policy, right-click the pop-up menu, select Properties, and then in the Pop-up Properties dialog box, set its status to deactivated and finally "OK" to exit.

Next, we look at the "Account: Rename administrator Account" policy, bringing up its properties dialog box, where you can customize the account name in the text box (Figure 1).

Second, assigning local user rights

If you are a system administrator, you can assign specific rights to a group account or to a single user account. In security settings, locate local policy → user rights assignment, and then in the settings view to the right of it, you can make security settings for each of the policies under it (Figure 2).

For example, if you want to allow a user to take ownership of any available object in the system: including registry keys, processes and threads, and NTFS file and folder objects (the default setting for this policy is administrator only). You should first find the "Take ownership of files or other objects" policy in the list, right-click, select Properties from the pop-up menu, click the "Add User or Group" button, enter the object name in the pop-up dialog box (Figure 3), and confirm the operation.

Third, strengthen password security

In "Security Settings", the first is located in the "account Policy → password policy", in its right to set up the view, you can make appropriate settings, so that our system password is relatively safe and difficult to crack. An important way to prevent cracking is to update the password regularly, you can make the following settings: The right mouse click Password Maximum age, in the pop-up menu, select Properties, in the pop-up dialog box, you can customize a password settings can be used after the length of time (limited to 1 to 999).

In addition, local security settings allow you to track user accounts for accessing files or other objects, logon attempts, system shutdown or restart, and similar events by setting Audit object access. Such security settings, and so on. In practical applications, we will gradually find that "local security settings" is indeed an indispensable system security tool.

Iv. utilizing IP strategy

We know, whether it is a trojan, backdoor, or loopholes, sniffing, mostly through the port as a channel.

Therefore, we need to turn off the ports that may become intrusion channels. You can search the Internet for information about dangerous ports in order to have a ready fight. The port shielding method is shown in the 43rd issue of the E13 edition of the 2003 computer newspaper.