Server Security Settings-system services

Source: Internet
Author: User

Security Settings for WindowsServer2003 + IIS6.0 + ASP servers-component Security Settings A. Uninstall WScript. shell and Shell. application Component, save the following code as. BAT file execution (in 2000 and 2003 systems) windows2000.bat Copy codeThe Code is as follows: regsvr32/u C:/WINNT/System32/wshom. ocx
Del C:/WINNT/System32/wshom. ocx
Regsvr32/u C:/WINNT/system32/shell32.dll
Del C:/WINNT/system32/shell32.dll
Windows2003.bat
Regsvr32/u C:/WINDOWS/System32/wshom. ocx
Del C:/WINDOWS/System32/wshom. ocx
Regsvr32/u C:/WINDOWS/system32/shell32.dll
Del C:/WINDOWS/system32/shell32.dll

B. Change the name of the insecure component. Note that the component name and Clsid must be modified completely.
Start → run → regedit → press enter to open the Registry Editor.

Then [edit → search → fill in Shell. application → find next]

Two registry keys can be found using this method:

{13709620-C279-11CE-A49E-444553540000} and Shell. application.

Step 1:
To ensure that the two registry keys are safe, export them and save them as the xxxx. reg file.

Step 2: for example, we want to make such a change.

13709620-C279-11CE-A49E-444553540000 renamed 13709620-C279-11CE-A49E-444553540001

Shell. application is renamed as Shell. application_nohack.

Step 3: Click Export. the contents in the reg file are replaced by the above correspondence, and modified. import the reg file to the Registry (double-click it). After importing the renamed registry key, do not forget to delete the original two items. Note that the Clsid can only contain ten numbers and six ABCDEF letters.

In fact, you only need to export the corresponding registry key for backup and directly change the key name,
For example, we suggest you make a successful change:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}]
@ = "Shell Automation Service"
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}/InProcServer32]
@ = "C: // WINNT // system32 // shell32.dll"
"ThreadingModel" = "Apartment"
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}/ProgID]
@ = "Shell. Application_nohack.1"
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}/TypeLib]
@ = "{50a7e9b0-70ef-11d1-b75a-00a0c90564fe }"
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}/Version]
@ = "1.1"
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}/VersionIndependentProgID]
@ = "Shell. Application_nohack"
[HKEY_CLASSES_ROOT/Shell. Application_nohack]
@ = "Shell Automation Service"
[HKEY_CLASSES_ROOT/Shell. Application_nohack/CLSID]
@ = "{13709620-C279-11CE-A49E-444553540001 }"
[HKEY_CLASSES_ROOT/Shell. Application_nohack/CurVer]
@ = "Shell. Application_nohack.1"
Comment: WScript. shell and Shell. the application component is an important part of improving permissions during the script intrusion process. the uninstallation and modification of the two components can greatly improve the Script Security performance of the VM, in general, ASP and php scripts cannot be implemented to improve permissions. In addition, with some system services, hard disk access permissions, port filtering, and Local Security Policy settings, the VM should say, security can be greatly improved, and the possibility of hacker intrusion is very low. After the Shell component is deregistered, the possibility of the attacker running the lifting tool is very small, but other script languages such as prel also have shell capabilities. It is better to set it to prevent attacks. The following is another setting, which is similar.
1. You are prohibited from using the FileSystemObject component FileSystemObject to perform regular operations on files. You can modify the registry and rename the component to prevent dangers of such Trojans.

HKEY_CLASSES_ROOT/Scripting. FileSystemObject/

Change the name to another name, for example, FileSystemObject_ChangeName.

You can call this component normally when you call it later.

Also change the clsid value.

HKEY_CLASSES_ROOT/Scripting. FileSystemObject/CLSID/project value
You can also delete the Trojan to prevent its harm.
2000 unregister this component command: RegSrv32/u C:/WINNT/SYSTEM/scrrun. dll
2003 unregister this component command: RegSrv32/u C:/WINDOWS/SYSTEM/scrrun. dll
How does one Prevent Guest users from using scrrun. dll to prevent calling this component?
Use this command: cacls C:/WINNT/system32/scrrun. dll/e/d guests
Ii. Do not use the WScript. Shell component
WScript. Shell can call the system kernel to run basic dos Commands
You can modify the registry and rename this component to prevent the dangers of such Trojans.
HKEY_CLASSES_ROOT/WScript. Shell/and HKEY_CLASSES_ROOT/WScript. Shell.1/
Change the name to another name, for example, WScript. Shell_ChangeName or WScript. Shell.1 _ ChangeName.
You can call this component normally when you call it later.
Also change the clsid value.
HKEY_CLASSES_ROOT/WScript. Shell/CLSID/project value
HKEY_CLASSES_ROOT/WScript. Shell.1/CLSID/project value
You can also delete the Trojan to prevent its harm.
3. prohibit the use of the Shell. Application Component
Shell. Application can call the system kernel to run basic dos commands.
You can modify the registry and rename this component to prevent the dangers of such Trojans.
HKEY_CLASSES_ROOT/Shell. Application/

And

HKEY_CLASSES_ROOT/Shell. Application.1/

Change the name to another name, for example, Shell. Application_ChangeName or Shell. Application.1 _ ChangeName.
You can call this component normally when you call it later.
Also change the clsid value.
HKEY_CLASSES_ROOT/Shell. Application/CLSID/project value

HKEY_CLASSES_ROOT/Shell. Application/CLSID/project value
You can also delete the Trojan to prevent its harm.
Disable Guest users from using shell32.dll to prevent calling this component.
2000 run the command cacls C:/WINNT/system32/shell32.dll/e/d guests.
2003 run the command cacls C:/WINDOWS/system32/shell32.dll/e/d guests.

Note: All operations take effect only after the WEB Service is restarted.
Use cmd.exe
Disable the use of cmd.exe for guests

2000 run the command cacls C:/WINNT/system32/Cmd.exe/e/d guests.
2003 run the command cacls C:/WINDOWS/system32/Cmd.exe/e/d guests.
The above four steps can be used to prevent several popular Trojans, but the most effective method is to achieve the server and program security standards through comprehensive security settings, to prevent more illegal intrusions.

C. Prevent Serv-U Privilege Escalation (applicable to earlier versions of the Serv-U6.0, after which you can directly set a password)
Stop the Serv-U service first

Use ultraeditto open servudaemon.exe

Search for Ascii: LocalAdministrator and # l @ $ ak #. lk; 0 @ P

You can modify the parameter value to an equal length, and the process of servuadmin.exe is the same.
In addition, pay attention to setting the ACL for the folder where Serv-U is located. do not grant anonymous IIS users the permission to read the files. Otherwise, the files you modified will be stored, you can also analyze your Administrator name and password. You can use the ASP probe to check the security status of the system.
Security Settings for WindowsServer2003 + IIS6.0 + ASP servers-component Security Settings A. Uninstall WScript. shell and Shell. application Component, save the following code as. BAT file execution (in 2000 and 2003 systems) windows2000.bat
Regsvr32/u C:/WINNT/System32/wshom. ocx
Del C:/WINNT/System32/wshom. ocx
Regsvr32/u C:/WINNT/system32/shell32.dll
Del C:/WINNT/system32/shell32.dll
Windows2003.bat
Regsvr32/u C:/WINDOWS/System32/wshom. ocx
Del C:/WINDOWS/System32/wshom. ocx
Regsvr32/u C:/WINDOWS/system32/shell32.dll
Del C:/WINDOWS/system32/shell32.dll
B. Change the name of the insecure component. Note that the component name and Clsid must be modified completely.
Start → run → regedit → press enter to open the Registry Editor.

Then [edit → search → fill in Shell. application → find next]

Two registry keys can be found using this method:

{13709620-C279-11CE-A49E-444553540000} and Shell. application.

Step 1:
To ensure that the two registry keys are safe, export them and save them as the xxxx. reg file.

Step 2: for example, we want to make such a change.

13709620-C279-11CE-A49E-444553540000 renamed 13709620-C279-11CE-A49E-444553540001

Shell. application is renamed as Shell. application_nohack.

Step 3: Click Export. the contents in the reg file are replaced by the above correspondence, and modified. import the reg file to the Registry (double-click it). After importing the renamed registry key, do not forget to delete the original two items. Note that the Clsid can only contain ten numbers and six ABCDEF letters.

In fact, you only need to export the corresponding registry key for backup and directly change the key name,
For example, we suggest you make a successful change:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}]
@ = "Shell Automation Service"
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}/InProcServer32]
@ = "C: // WINNT // system32 // shell32.dll"
"ThreadingModel" = "Apartment"
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}/ProgID]
@ = "Shell. Application_nohack.1"
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}/TypeLib]
@ = "{50a7e9b0-70ef-11d1-b75a-00a0c90564fe }"
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}/Version]
@ = "1.1"
[HKEY_CLASSES_ROOT/CLSID/{13709620-C279-11CE-A49E-444553540001}/VersionIndependentProgID]
@ = "Shell. Application_nohack"
[HKEY_CLASSES_ROOT/Shell. Application_nohack]
@ = "Shell Automation Service"
[HKEY_CLASSES_ROOT/Shell. Application_nohack/CLSID]
@ = "{13709620-C279-11CE-A49E-444553540001 }"
[HKEY_CLASSES_ROOT/Shell. Application_nohack/CurVer]
@ = "Shell. Application_nohack.1"
Comment: WScript. shell and Shell. the application component is an important part of improving permissions during the script intrusion process. the uninstallation and modification of the two components can greatly improve the Script Security performance of the VM, in general, ASP and php scripts cannot be implemented to improve permissions. In addition, with some system services, hard disk access permissions, port filtering, and Local Security Policy settings, the VM should say, security can be greatly improved, and the possibility of hacker intrusion is very low. After the Shell component is deregistered, the possibility of the attacker running the lifting tool is very small, but other script languages such as prel also have shell capabilities. It is better to set it to prevent attacks. The following is another setting, which is similar.

1. You are prohibited from using the FileSystemObject component FileSystemObject to perform regular operations on files. You can modify the registry and rename the component to prevent dangers of such Trojans.

HKEY_CLASSES_ROOT/Scripting. FileSystemObject/

Change the name to another name, for example, FileSystemObject_ChangeName.

You can call this component normally when you call it later.

Also change the clsid value.

HKEY_CLASSES_ROOT/Scripting. FileSystemObject/CLSID/project value
You can also delete the Trojan to prevent its harm.
2000 unregister this component command: RegSrv32/u C:/WINNT/SYSTEM/scrrun. dll
2003 unregister this component command: RegSrv32/u C:/WINDOWS/SYSTEM/scrrun. dll
How does one Prevent Guest users from using scrrun. dll to prevent calling this component?
Use this command: cacls C:/WINNT/system32/scrrun. dll/e/d guests
Ii. Do not use the WScript. Shell component
WScript. Shell can call the system kernel to run basic dos Commands
You can modify the registry and rename this component to prevent the dangers of such Trojans.
HKEY_CLASSES_ROOT/WScript. Shell/and HKEY_CLASSES_ROOT/WScript. Shell.1/
Change the name to another name, for example, WScript. Shell_ChangeName or WScript. Shell.1 _ ChangeName.
You can call this component normally when you call it later.
Also change the clsid value.
HKEY_CLASSES_ROOT/WScript. Shell/CLSID/project value
HKEY_CLASSES_ROOT/WScript. Shell.1/CLSID/project value
You can also delete the Trojan to prevent its harm.
3. prohibit the use of the Shell. Application Component
Shell. Application can call the system kernel to run basic dos commands.
You can modify the registry and rename this component to prevent the dangers of such Trojans.
HKEY_CLASSES_ROOT/Shell. Application/

And

HKEY_CLASSES_ROOT/Shell. Application.1/

Change the name to another name, for example, Shell. Application_ChangeName or Shell. Application.1 _ ChangeName.
You can call this component normally when you call it later.
Also change the clsid value.
HKEY_CLASSES_ROOT/Shell. Application/CLSID/project value

HKEY_CLASSES_ROOT/Shell. Application/CLSID/project value
You can also delete the Trojan to prevent its harm.
Disable Guest users from using shell32.dll to prevent calling this component.
2000 run the command cacls C:/WINNT/system32/shell32.dll/e/d guests.
2003 run the command cacls C:/WINDOWS/system32/shell32.dll/e/d guests.

Note: All operations take effect only after the WEB Service is restarted.
Use cmd.exe
Disable the use of cmd.exe for guests

2000 run the command cacls C:/WINNT/system32/Cmd.exe/e/d guests.
2003 run the command cacls C:/WINDOWS/system32/Cmd.exe/e/d guests.
The above four steps can be used to prevent several popular Trojans, but the most effective method is to achieve the server and program security standards through comprehensive security settings, to prevent more illegal intrusions.

C. Prevent Serv-U Privilege Escalation (applicable to earlier versions of the Serv-U6.0, after which you can directly set a password)
Stop the Serv-U service first

Use ultraeditto open servudaemon.exe

Search for Ascii: LocalAdministrator and # l @ $ ak #. lk; 0 @ P

You can modify the parameter value to an equal length, and the process of servuadmin.exe is the same.
In addition, pay attention to setting the ACL for the folder where Serv-U is located. do not grant anonymous IIS users the permission to read the files. Otherwise, the files you modified will be stored, you can also analyze your Administrator name and password. You can use the ASP probe to check the security status of the system.

One-click Service batch ClosureCopy codeThe Code is as follows: CLS
MODE con: COLS = 80 LINES = 18
COLOR 70
Echo.
Echo is optimizing system services. Please wait ......

@: Alerter
@: Notifies the selected user and computer to manage alarms. If the service stops, programs that use the management alert will not receive them. If this service is disabled, any service directly dependent on it cannot be started.
SC config Alerter start = DISABLED
SC stop Alerter

@: Application Experience Lookup Service
@: When the application starts, it processes the application compatibility lookup request for the application.
@: Suggestion: Disable
SC config AeLookupSvc start = DISABLED
SC stop AeLookupSvc

@: Background Intelligent Transfer Service
@: Transmits data between the client and the server in the background. If BITS is disabled, some functions, such as Windows Update, cannot run normally.
@: Suggestion: Disable
@: SC config BITS start = DEMAND
@: SC stop BITS

@: DHCP Client
@: Register and update the IP address of this computer. If the service is stopped, the computer cannot receive Dynamic IP addresses and DNS updates. If this service is disabled, all services explicitly dependent on it cannot be started.
@: Suggestion: Disable
@: SC config Dhcp start = DISABLED
@: SC stop Dhcp

@: Network Location Awareness (NLA)
@: Collects and stores network configuration and location information, and notifies the application when the information is changed.
@: Suggestion: Disable
SC config Nla start = DISABLED
SC stop Nla

@: Secondary Logon
@: Enable the enable process under the replacement credential. If this service is terminated, this type of Logon access is unavailable. If this service is disabled, any service dependent on it cannot be started.
@: Suggestion: Disable
SC config seclogon start = DISABLED
SC stop seclogon

@: TCP/IP NetBIOS Helper
@: Provides support for NetBIOS on TCP/IP (NetBT) service and NetBIOS name resolution on network clients, so that users can share files, print and log on to the network. If this service is disabled, these functions may be unavailable. If this service is disabled
Any service dependent on it cannot be started.
@: Suggestion: Disable
SC config LmHosts start = DISABLED
SC stop LmHosts

@: Wireless Configuration
@: Enable the automatic configuration of the IEEE 802.11 adapter. If the service is stopped, automatic configuration is unavailable. If this service is disabled, all services explicitly dependent on it cannot be started.
@: Suggestion: Disable
SC config WZCSVC start = DISABLED
SC stop WZCSVC

@: Smart Card)
@: Microsoft: manages the access to the smart card read by this computer. If the service is stopped, the computer cannot read the smart card. If this service is disabled, any service explicitly dependent on it cannot be started.
@: Supplement: if you do not use Smart Card, you can disable it.
@: Dependency: Plug and Play
@: Suggestion: Disable
SC config SCardSvr start = DISABLED
SC stop SCardSvr

@: Windows Firewall/Internet Connection Sharing (ICS)
@: Microsoft: Provides network address translation, addressing, name resolution, and/or intrusion prevention services for the home or small office network.
@: Supplement: if you do not use internet online sharing (ICS) or internet online firewall (ICF) contained in XP, you can turn it off.
@: Dependency: Application Layer Gateway Service, Network Connections, Network Location Awareness (NLA), remote Access Connection Manager
@: Suggestion: manual. Some users are disconnected from the Intranet during local testing because the service is stopped. You only need to start the service!
@: SC config SharedAccess start = DEMAND
@: SC stop SharedAccess

@: Windows Image Acquisition (WIA) (Windows Image Acquisition Program)
@: Microsoft: Provides image capture services for scanners and digital cameras.
@: Supplement: If the scanner and digital camera support WIA, you can directly view the image file without other drivers, so no scanner or digital cameras can be shut down.
@: Dependency: remote Procedure Call (RPC)
@: Suggestion: Disable
SC config stisvc start = DISABLED
SC stop stisvc

@: MS Software Shadow Copy Provider [For XP]
@: Microsoft: manages the shadow replication service in the disk area for software-based shadow replication. If you stop this service, you cannot manage shadow replication in the software-based Disk Area.
@: Supplement: As mentioned above, something used for Backup, such as the MS Backup program needs this service
@: Dependency: remote Procedure Call (RPC)
@: Suggestion: Disable
SC config swprv start = DISABLED
SC stop swprv

@: Performance Logs and Alerts (Performance record files and Alerts)
@: Microsoft: Collects performance data from local or remote computers based on pre-configured scheduled parameters, and then writes the data to logs or triggers alerts. If this service is terminated, no performance information is collected. If this service is disabled, any service dependent on it cannot start
.
@: Supplement: services with no value
@: Suggestion: Disable
SC config SysmonLog start = DISABLED
SC stop SysmonLog

@: Telephony)
@: Microsoft: a program that connects a local computer to a server that is executing the service through a local area network and controls the telephone voice device and IP address to connect to the main voice, provides telephone voice API (TAPI) support.
@: Supplement: Generally, a dial-up modem or some DSL/Cable may be used.
@: Dependency: Plug and Play, remote Procedure Call (RPC), remote Access Connection Manager, remote Access Auto Connection Manager
@: Suggestion: Manual
@: SC config TapiSrv start = DISABLED
@: SC stop TapiSrv

@: Distributed Link Tracking Client (Distributed Link tracing Client)
@: Microsoft: maintains connections between NTFS files on different computers in a computer or network domain.
@: Supplement: Maintain the file connections between different computers in the area network.
@: Dependency: remote Procedure Call (RPC)
@: Suggestion: Disable
SC config TrkWks start = DISABLED
SC stop TrkWks

@: Portable Media Serial Number
@: Microsoft: Retrieves the serial number of any portable music player connected to your computer
@: Supplement: Can I obtain any Music Dial number through an online computer? No value services
@: Suggestion: Disable
SC config WmdmPmSN start = DISABLED
SC stop WmdmPmSN

@: WMI Performance Adapter
@: Microsoft: Provides the performance link library information from the WMIHiPerf provider.
@: Supplement: As mentioned above
@: Dependency: remote Procedure Call (RPC)
@: Suggestion: Disable
SC config WmiApSrv start = DISABLED
SC stop WmiApSrv

@: Automatic Updates
@: Microsoft: enables download and installation of important Windows updates. If you disable this service, you can manually Update the operating system from the Windows Update Website.
@: Added: Allows Windows to automatically check and download updates to Microsoft Servers when the background is automatically online.
@: Suggestion: Disable
@: SC config wuauserv start = DISABLED
@: SC stop wuauserv

@: Fast User Switching Compatibility [For XP]
@: Manages applications that require assistance under multiple users. Depends on RPC.
SC config FastUserSwitchingCompatibility start = DEMAND
SC stop FastUserSwitchingCompatibility

@: System Restore Service [For XP]
@: Execute the System Restoration function. To stop the service, disable System Restore from the "System Restore" tab in "My Computer.
SC config srservice start = DISABLED
SC stop srservice

@: SSDP Discovery Service [For XP]
@: Starts the discovery of UPnP devices on your home network.
SC config SSDPSRV start = DISABLED
SC stop SSDPSRV

@: Telnet
@: Allows remote users to log on to this computer and run programs. It also supports multiple TCP/IP Telnet clients, including UNIX and Windows-based computers. If the service is stopped, remote users cannot access the program. Any service that relies on it directly starts
Failed.
SC config TlntSvr start = DISABLED
SC stop TlntSvr

@: Universal Plug and Play Device Host [For XP]
@: Supports generic plug-and-play devices.
SC config upnphost start = DEMAND
SC stop upnphost

@: Security Center [For XP]
@: Monitors system security settings and configurations.
SC config wscsvc start = DISABLED
SC stop wscsvc

@: System Event Notification
@: Monitors system events and notifies the COM + Event System "subscriber )". If this service is disabled, the COM + Event System "subscriber" will not receive System Event Notifications. If this service is disabled, any service dependent on it cannot be enabled.
@: Suggestion: Disable
@: SC config SENS start = DISABLED
@: SC stop SENS

@: COM + Event System
@: The System Event Notification Service (SENS) is supported. This service provides the automatic event distribution function for the subscribed Component Object Model (COM) component. If this service is stopped, SENS will be disabled and no logon or logout notifications will be provided. If this service is disabled, it is explicitly dependent on this
Other services of the service cannot be started.
@: Suggestion: Disable
@: SC config EventSystem start = DISABLED
@: SC stop EventSystem

@: Windows Audio
@: Manages Windows-based audio devices. If this service is terminated, the audio device and its sound effects will not work properly. If this service is disabled, any service dependent on it cannot be started.
@: Added: What sound card is used on the server? removed!
@: Suggestion: Disable
@: SC config AudioSrv start = DISABLED
@: SC stop AudioSrv

@: Computer Browser
@: Maintain the update list of computers on the network and provide the list to the computer for specified browsing. If the service is stopped, the list is not updated or maintained. If the service is disabled, any service directly dependent on this service cannot be started.
@: Suggestion: Disable
SC config Browser start = DISABLED
SC stop Browser

@: Task Scheduler
@: Enables you to configure and schedule automatic tasks on this computer. If this service is terminated, these tasks cannot be run in the scheduled time. If this service is disabled, any service dependent on it cannot be started.
@: Suggestion: Disable
@: SC config Schedule start = DISABLED
@: SC stop Schedule

@: Routing and Remote Access
@: Provides routing services for enterprises in LAN and WAN environments.
@: Suggestion: Disable
SC config RemoteAccess start = DISABLED
SC stop RemoteAccess

@: Removable Storage
@: Manage and catalog removable media and operate automatic removable media devices. If the service is stopped, programs dependent on removable storage, such as backup and remote storage, will slow down. If this service is disabled, all services that are solely dependent on this service cannot be started.
@: Suggestion: Disable
SC config NtmsSvc start = DISABLED
SC stop NtmsSvc

@: Remote Registry
@: Enables remote users to modify the Registry Settings on this computer. If this service is terminated, only users on this computer can modify the registry. If this service is disabled, any service dependent on it cannot be started.
@: Suggestion: Disable
SC config RemoteRegistry start = DISABLED
SC stop RemoteRegistry

@: Print Spooler
@: Manages all local and network print queues and controls all printing tasks. If this service is disabled, printing on the local computer will be unavailable. If this service is disabled, any service dependent on it cannot be enabled.
@: Suggestion: Disable
SC config Spooler start = DISABLED
SC stop Spooler

@: Error Reporting Service
@: Collects, stores, and reports to Microsoft an abnormal application crash. If this service is disabled, the error report only occurs when Kernel errors and some types of user mode errors occur. If this service is disabled, any service dependent on it cannot be enabled.
@: Suggestion: Disable
SC config ERSvc start = DISABLED
SC stop ERSvc

@: Workstation
@: Creates and maintains a client network connection to the remote service. If the service is stopped, these connections are unavailable. If the service is disabled, any service directly dependent on this service cannot be started. Hackers can use this service to view all computer users.
@: Suggestion: Disable
SC config lanmanworkstation start = DISABLED
SC stop lanmanworkstation

@: Help and Support
@: Enable the Help and Support Center on this computer. If the service is stopped, the Help and Support Center will be unavailable. If the service is disabled, any service directly dependent on this service cannot be started.
@: Suggestion: Disable
SC config helpsvc start = DISABLED
SC stop helpsvc

The Echo system service optimization settings are complete! Press any key to return and select 4 to continue...
Pause> nul
Goto start

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.