Introduction to shared computer system security

At present, many organizations and data centers are still using Win2000. The reason is that the machine configuration is low and WinXP cannot be installed. The reason is that the dedicated software used by the Organization can only run under Win2000, the cost is not charged for upgrading to WinXP, so let's talk about how to ensure the security of shared computers in the Win2000 network, that is, to prevent others from deleting your hard disk files, changes the desktop, menu, and control panel configurations. If you are using WinXP, you can refer to this article, but it may not be applicable in some places.
I. methods to ensure the security of shared computers

To ensure the security of shared computers, we adopt the method of modifying the Registry. As long as you modify some items in the registry, you can achieve security and confidentiality. If you want to modify all the machines in the LAN, we recommend that you first modify the Registry on one machine and save the Registry on the machine as a file. Other machines can use this file to import it to the Registry. Note: before modifying the registry, you must back up the Registry. If an error occurs after the registry is changed, use the backup registry to restore it.

Ii. System Security

1. Restrict Registry Modification

Run registry editor Regedit (this step is skipped for the following registry modification operations). Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, create DisableRegistryTools, REG_DWORD type, = 1 restriction modification; = 0 allowed.

2. The desktop configuration will not be saved after modification

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, the new item value NoSaveSettings, dword type, = hex: 01000000 is not saved; = 0 is saved.

3. Prevent the ICQ server from collecting your information

In hkey_current_usersoftwaremirabilisicqdefapreprefs, the item value is Auto Update. The default value is Yes, and the value is No.

4. Clear the words left after accessing "Network neighbors"

Record a series of command operations under HEKY_CURRENT_USER/Network/Recent, including the name of the accessed machine, the accessed application, and the file name. Delete the subitem of Recent.

5. Cancel the default share of the drive and system directory to prevent illegal intrusion by remote users.

Under HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters, set the item value auto1_wks and REG_DWORD type to "3D0". To restore the default share of the drive and system directory, you only need to delete the item value auto1_wks. By default, the drive and system directory are shared in Win2000, which is not safe.

3. Hide elements on the desktop

1. Hide the entire desktop, and disable the right mouse button on the desktop.

For a computer that runs a software program, such as a computer that only displays stock prices in the securities department, to prevent the user from damaging the system, you can hide the entire desktop and disable the right-click function on the desktop: under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion javasiesexplorer, add the item value NoDesktop, dword type, NoDesktop = 0, show desktop; = 1, hide the entire desktop.

2. Hide the desktop icon

Under hkey_local_machinesoftwaremicrosoftwindowscurrentversionpolicerdomaintopnamespace, click each sub-item under the Branch. The "default" shows the Sub-item name, corresponding to an icon on the desktop, check each sub-item, and delete unnecessary sub-items.

3. Hide the specified drive

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, the default value of NoDrives is 0, indicating that the item value is not hidden. The value of the NoDrives and REG_BINARY classes is ~ Z-order, increasing by A factor of 2 in hexadecimal format: Drive A drive letter code 01000000 drive D 08000000

Drive B drive letter 02000000 edrive 10000000 C drive letter 04000000 fdrive 20000000

The drive letter to be hidden is added in hexadecimal notation and assigned to NoDrives. For example, to hide D, E NoDrives = 08000000 + 10000000 = 18000000

4. Hide the "file" menu in the Resource Manager

In HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion

Under PoliciesExplorer, the new item value is of the NoFileMenu and REG_DWORD type, = 1 hidden; = 0 displayed.

5. Hide "Network neighbors"

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, The NoNetHood and dword types are added, which are hidden by = 1 and displayed by = 0.

Alternatively, delete the subitem {208D2C60-3AEA-1069-A2D7-08002B30309D} under HKEY_LOCAL_MACHINESOFTWAREClassesCLSID }.

6. Hiding computers in network neighbors

Under HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesNetwork, The NoWorkgroupContents, NoEntireNetwork, and REG_SZ types are added, and their values are changed to 1 and 0.

7. Hide servers in the network neighbor list

Under HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters, add the item value Hidden, dword type, = 1, hide; = 0, and display.

8. Hide "My Documents"

Back up this item before deleting it. If you want "My Documents" to be displayed on the desktop again, use Regedit to import the Registry file. Under KEY_LOCAL_MACHINESOFTWAREClassesCLSID, delete the subitem {export d8fba-ad25-11d0-98a8-0800361b1103 }.

9. Hide my computer

Under HKEY_CLASSES_ROOTCLSID, delete the subitem {20D04FE0-3AEA-1069-A2D8-08002B30309D }.

10. Hide "recycle bin"

Under hkey_local_machinesoftwaremicrosoftwindowscurrentversiontriggerdomaintopnamespace, you must hide the "recycle bin" --- Remove subitem

{645FF040-5081-101B-9F08-00AA002F954E}; hide "My Documents" -- delete subitem {d8fba-ad25-11d0-98a8-0800361b1103.

11. Hide the desktop mouse right-click menu "attribute"

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, add the item value NoDesktop, Dword type, = 1, hide; = 0, and display.

12. Right-click the taskbar mouse menu and choose Properties"

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, add the item value NoSetTaskbar, Dword type, = 1, hide, = 0, and display.

13. Hide running commands

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, create a new item value of the NoRun, dword type, = 1 hidden; = 0 display.

14. Hide search commands

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, create the item value NoFind, dword type, = 1 hidden; = 0 displayed.

15. Hide the Document menu

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, create the item value NoRecentDocsMenu, dword type, = 1 hidden; = 0 display.

16. Hide the logout menu...

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, create the item value NoLogOff, dword type, = 1 hidden; = 0 displayed.

17. Hide the shutdown menu

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, create the item value NoClose, dword type, = 1 hidden; = 0 displayed.

18. Hide the favorites menu

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, create the item value NoFavoritesMenu, dword type, = 1 hidden; = 0 display.

19. Hide Control Panel & printer in the settings menu

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, create the item value NoSetFolders, dword type, = 1 hidden; = 0 display.

20. Hide the taskbar and start menu in the settings menu

Under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer, create the item value NoSetTaskbar, dword type, = 1 hidden; = 0 display.

Iv. Lock desktop elements and Control Panel

1. Lock the recycle bin

Under HKEY_CLASSES_ROOTCLSID {645FF040-5081-101B-9F08-00AA002F954E} InProcServer32, "change" to "shell32.dll-" by default -"

2. Lock my documents

Under HKEY_CLASSES_ROOTCLSID {export d8fba-ad25-11d0-98a8-0800361b1103} InProcServer32, change "default" to "shell32.dll -"

3. Lock my computer

Under HKEY_CLASSES_ROOTCLSID {20D04FE0-3AEA-1069-A2D8-08002B30309D} InProcServer32, "change" to "shell32.dll-" by default -"

4. Lock network neighbors

Under HKEY_CLASSES_ROOTCLSID {208D2C60-3AEA-1069-A2D7-08002B30309D} InProcServer32, "change" to "% SystemRoot % system32shell32. dll-" by default -"

5. Lock the control panel

Under HKEY_CLASSES_ROOTCLSID {21EC2020-3AEA-1069-A2DD-08002B30309D} InProcServer32, the item value is changed to "shell32.dll-" by default -"

6. Disable the "user and password" Control Panel

Under HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem, the value of NoSecCPL, dword type, = 1 disabled, and = 0 is enabled.

7. Disable the "display" Control Panel

Under HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem, the value of NoDispCPL, dword type, = 1 disabled, and = 0 is enabled.

8. Disable "display" Control Panel "background"

Under HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem, the item value NoDispBackgroundPage is added, which is of the dword type, which is disabled by = 1 and enabled by = 0.

9. Disable "display" Control Panel "Screen Saver"

Under HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem, the item value NoDispScrSavPage is added, which is of the dword type and is enabled with = 1 and = 0.

10. Disable "display" Control Panel "appearance"

Under HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem, the item value NoDispAppearancePage and dword type are added, which is disabled by = 1 and enabled by = 0.

11. Disable "display" Control Panel "effects", "Web", and "Settings"

In HKEY_LOCAL_MACHINESOFTWAREMicro