Preventing illegal user intrusion Win 2000/XP 7

Source: Internet
Author: User

Source: Tianji Blog

Step 1: Screen Protection

After screen protection is enabled in Windows, the system automatically starts the Screen Protection Program as long as we leave the computer (or do not operate the computer) for the preset time, when you move the mouse or press the keyboard to return to the normal working status, the system will open a Password confirmation box. Only after you enter the correct password can you return to the system, users who do not know the password will not be able to enter the working status, thus protecting data security.

Tip: some poorly designed Screen Saver programs do not block the system's "Ctrl + Alt + Del" Combination keys. Therefore, you need to test whether the program has this major Bug after completing the settings.

However, screen saver can only be automatically started one minute after the user leaves. Do we have to sit next to the computer and wait for N minutes to see the screen saver activated before we can exit? In fact, we only need to open the system subdirectory in the Windows Installation Directory, find the corresponding screen saver (the extension is SCR), right-click and drag them to the desktop, select the "Create shortcut in current location" command in the pop-up menu to create a shortcut for these screen saver on the desktop. After that, when we leave the computer, double-click this shortcut to quickly Start Screen Protection.

Tip 2: cleverly hide Hard Disks

When you access the Windows directory by clicking "view by web page", a warning message is displayed, indicating that this is the system folder. If you modify the content of this folder, the program may be running abnormally, to view the content of the folder, Click Show file. Then, Click Show file to enter the directory. The reason is that there are two files under the Windows root directory: desktop. ini and folder. htt. Copy these two files to the root directory of a drive (because these two files are hidden files, you must click the "View" tab in the folder options and select "show all files ", in this way, you can see the two files ). Press the "F5" key to refresh the page and see if what happened is the same as when you enter the Windows directory.

Next, use NotePad to Open folder. htt. This is a file written in HTML. Use your imagination to modify it. If you do not understand the HTML language, you can first find the "display file" to delete it, find "modifying the folder may cause the program to run abnormally, to view the content of the folder, click Show file to change it to your favorite text, for example, "Please leave safely and easily", and "view the content of this folder, click "change to" otherwise, the consequences are at your own risk! ", Drag the slider down to the last 9th lines and find "(file: // % TEMPLATEDIR % \ wvlogo.gif)". This is the path of the Gear image in the lower right corner of the window when the warning information is displayed, change it to the path of your own image. For example, replace "d: \ tupian \ tupian1.jpg" with "//". Remember to name the suffix of the image, otherwise, no image is displayed. Of course, you can also use web tools like Dreamweaver and FrontPage to make better results. Then, you only need to copy the original file to the end of the text below to overwrite the "~" in the original file. .

* This file was automatically generated by Microsoft Internet EXPlorer 5.0

* Using the file % THISDIRPATH % \ folder. htt.

Save and exit. Press F5 to refresh it. Is it very personal? The next step is to use "Super Rabbit" to hide the drive you want and enjoy your work without restarting. The last thing I want to tell you is to simply add "~" to the original folder. htt file. This will create an illusion of an empty drive to make the files in the drive safer.

Step 3: Disable the "Start" menu command


The group policy feature is integrated in Windows 2000/XP. You can set various software, computers, and user policies through group policies to enhance system security in some way. Run the "Start> Run" command, enter "gpedit. msc" in the "open" column of the "run" dialog box, and click "OK" to start the Windows XP Group Policy Editor. In "Local Computer Policy", expand the "user configuration> management template> taskbar and Start Menu" branch step by step, the "Taskbar" and "Start Menu" related policies are provided in the right window.

When you disable the Start menu command, in the right window, provides policies for deleting the public application groups, my documents, documents, and network neighbors in the Start Menu. When clearing the "Start" menu, you only need to enable the policy corresponding to the undesired menu items. For example, to delete the "My Documents" icon, take the following steps:

1) in the Policy List window, double-click the "delete my document icon from the Start Menu" option.

2) In the "Settings" tab in the pop-up window, select "enabled" and click "OK.

Step 4: Disable desktop related options

Windows XP desktop is like your desk and sometimes needs to be organized and cleaned. With the Group Policy Editor, this work will become easy, as long as you expand the "user configuration> management template> desktop" branch in the "local computer policy, the corresponding policy options are displayed in the right window.

1) Hide the Desktop System icon

If the system icon on the desktop is hidden, the traditional method is to modify the Registry, which will inevitably cause certain risks. The Group Policy Editor can be used to conveniently and quickly achieve this goal.

To hide the "Network neighbors" and "Internet EXPlorer" icons on the desktop, you only need to enable the "Hide network neighbor icon on the desktop" and "Hide Internet EXPlorer icon on the desktop" options in the right window. To hide all the icons on the desktop, you only need to enable "hide and disable all projects on the desktop. After the "delete my documents icon on the desktop" and "delete my computer icon on the desktop" options are enabled, the "my computer" and "My Documents" icons will disappear from your computer desktop. If you no longer like the "recycle bin" icon on the desktop, you can also delete it by enabling the "delete recycle bin from desktop" policy item.

2) Disable some Desktop changes

If you do not want others to change the desktop settings at will, enable the "do not save settings when exiting" policy option in the right window. When you enable this setting, other users can make some changes to the desktop, but some changes, the positions and sizes of the labels, window opening, and taskbar cannot be saved after the user logs out.

Step 5: Prohibit Access to "Control Panel"

If you do not want other users to access the control panel of your computer, you only need to run the Group Policy Editor, expand the "Local Computer Policy> User Configuration> management template> Control Panel" branch in the left-side window, and then enable the "Prohibit Access Control Panel" policy in the right-side window.

This setting prevents the launch of control panel program files. The result is that others cannot start the control panel or run any control panel project. In addition, this setting will delete the control panel from the "Start" menu, and also delete the control panel folder from Windows Resource Manager.

Tip: If you want to select a "Control Panel" project from the context menu property item, a message will appear, indicating that this setting prevents this operation.

Step 6: Set User Permissions


When multiple users share a single computer, set user permissions in Windows XP by performing the following steps:

1) run the Group Policy Editor Program.

2) In the left-side window of the editor window, expand the branch "Computer Configuration> Windows Settings> Security Settings> Local Policy> User permission assignment" step by step.

3) double-click the user permissions to be changed, click the "add user or group" button, double-click the user account you want to assign permissions to, and click "OK" to exit.

7. Audit folder settings

Windows XP can use audit trails to access user accounts for files or other objects, logon attempts, system shutdown or restart, and similar events, the audit file and the folder under the NTFS partition can ensure the security of the file and folder. To review files and folders, follow these steps:

1) in the Group Policy window, expand the "Computer Configuration> Windows Settings> Security Settings> Local Policy" branch in the right window step by step, and then select the "Audit Policy" option under the branch.

2) double-click the "Audit Object Access" option in the right window, in the pop-up "Local Security Policy Settings" window, check the "successful" and "failed" check boxes in the "local policy settings" box and click "OK.

3) Right-click the file or folder to be reviewed, select the "properties" command in the pop-up menu, and select the "Security" tab in the pop-up window.

4) Click the "advanced" button and select the "Review" tab.

5) select your operations as needed:

If you want to review a new group or user, click "add", enter a new user name in the "name" box, and click "OK" to open the "audit project" dialog box? /P>

To view or change the existing group or user review, you can select a user name and click "View/Edit.

To delete an existing group or user review, select a user name and click "delete.

6) if necessary, in the "Application to" list in the "Review Project" dialog box, select the place you want to review.

7) If you want to prohibit files and subfolders in the directory tree from inheriting these audit items, select the "apply these audit items only for objects and/or containers in this container" check box.

Note: You must be a member of the Administrator group or a user authorized to "manage audit and security logs" in the Group Policy can audit files or folders. Before reviewing files and folders in Windows XP, you must enable "Audit Object Access" in the "Audit Policy" of the Group Policy ". Otherwise, an error message will be returned after you set up the file and Folder Audit, and the files and folders are not reviewed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.