At present, Microsoft releases the operating system has built-in "service" function, for us, not to use the "service" will not only occupy the system resources, more importantly, some services started will make the system intrusion (such as 33889 "Terminal Services" Terminal Service, "Remote Registry "Support remote Connection Registry service ... , some readers may have thought of "disabling" these services. Setting these services to "disabled" can prevent people from invading your system, but as long as the other party got your username and password or there is a way to change these services to "start", that in addition to strengthening the user password, there is no good way to prevent the other side to use the Open service intrusion? Use the following methods to effectively prevent your partner from exploiting certain services to invade your system.
Method One: Invalidate the service
The services that will easily cause the system to be compromised are "disabled," and then the registry keys for these services are deleted, so that even if the other person is connected to your list of system services and cannot modify the properties of the service, you cannot start the service without modifying the service properties. Open Registry Editor, locate the "Hkey_ local_machine\system\currentcontrolset\services" item in turn, and each subkey under it is the corresponding "service" in the system, such as the "Messenger" service corresponding subkey is " Messenger ", but some services these two names will not be the same, but also easy to find," DisplayName "is the key value is the service display name. Here, for example, to remove the Messenger service, other service methods are the same, except for items that are deleted in the registry, you must export the item back before you delete it, then click the Messenger item, and then right-click to select Delete (rename or can) command. Double-clicking Messenger in the list of services will pop up the error message shown in (Figure 1), but it will also appear when the other person is connected to your list of services, instead of the property box. If you want to restore this service, simply import the registry file that you just backed up into the registry.
Figure 1 Error message Prompt window
Method Two: Rename "Display Name"
If the other person gets the username and password, and your system opens the Remote Registry Connection service, then the other side can also remotely connect your system registry to restore the modification settings in method one, and now you may try this method to rename the display name of the service to another name. So the other side to open the "service", find it is not as fast as usual.
Also take the Messenger service as an example, open Registry Editor, locate the "Hkey_ Local_machine\system\currentcontrolset\services\messenger" item, and in the right window, locate the " Description "key, this key corresponds to the" service "description, the value of the deletion, and then find the" DisplayName "key, which corresponds to the" service "in the list of the name displayed, double-click the" DisplayName "key to modify its value to another name such as (GSN), press OK button to exit Registry Editor, this change will not take effect until the system is restarted. When you run Service.msc to view the modified effect, you will see a service in the list of services with the display name "GSN", which is the previous Messenger service. In the same way, change the "service" that needs to be changed to a different name, of course in the modification of the time to change the name and the corresponding "service" record down, otherwise you need to open this service when you do not know which service, should be "disabled" service to be set to "disabled", after such modifications, It's very difficult to find the other person to open the service. But if the other side is here each "service" double click to view, then finally will find the required "service", because the "service" in the property box will display the real name of the "service", the other party can be based on this name to identify whether the "service". How to modify the "service name" here, please refer to "Method three".
Method Three: Modify the "service name"
To modify the name of the service, here are two tools, "Srvinstw.exe" and "Srvany.exe", both of which can be found in the Windows 2000 Resource Kit or, for example, the Messenger service, after the two tools , double-click the "Srvinstw.exe" tool, click the "Install a Service" option, and in service name, enter the name you renamed the Messenger Service (GSNSRV), and then fill in the selection path. Srvany.exe "The path to the file, other settings can be done by default, the original Messenger service's registry key is exported after the addition is completed (method one has been backed up), then the Messenger service is disabled, and the" Srvinstw.exe "is run again Tool, select the Remove a service option to remove the original Messenger service from the list, and now locate the registry file that you just backed up to open the edit and "[Hkey_ local_machine\system\ Currentcontrolset\services\messenger] "This line of practice changed to
[Hkey_local_machine\system\currentcontrolset\services\gsnsrv], where "Gsnsrv" is the name that the Messenger service renamed in the wizard, saves the exit file, Then import it into the registry, run "Service.msc" to open the list of services to view the properties of the Messenger service, and from Figure 2 you can see that its name has been modified to "Gsnsrv", followed by "Method One" and "Method two" Methods to modify the service or simply remove the service from the list, and then delete the default share, which makes it harder for the other person to invade your system.
Tip: Before you do this, you have to do a backup, such as the registry, the display name in the Service property box, the service name, the path to the executable file, and the program that the executable path refers to, and so on. It is recommended that only those services that are not used but which can easily cause the system to be invaded will do the above, after all, some services may make mistakes after the above modifications.
Figure 2 Messenger's properties