Server security is very important, especially when hackers escalate permissions. Here, we use web to escalate permissions. Web elevation usually uses network service accounts and registry changes, so we can change the Registry to read-only. Please refer:
Set the Registry location
HKEY_USERS \ S-1-5-20
HKEY_USERS \ S-1-5-20_Classes
The full permissions of the network service account can be prevented by changing to read permissions.
Supplement: for the sake of security, we generally include virtual host setting software. All websites are independent users, so as to better prevent extraction and effectively protect the security of various websites, if a problem occurs, other websites will not be affected. If there is a better VM management software, if not, you can go to s.jb51.net to see a lot of space-opening tools. They are all independent users, including all I am using.
Unlimited FREE version of the server space application myiis