Server Windows Server 2008 Remote control security Settings Tips

To ensure the security of server remote control operations, the Windows Server 2008 system has been deliberately enhanced in this area, a number of new security features have been introduced, but some features are not enabled by default, which requires us to do our own, the system is appropriate to set up, To ensure remote control of the security of the Windows Server 2008 Server System.

1. Allow only designated personnel for remote control

If any ordinary user is allowed to remotely control a Windows Server 2008 server system, the security of that server system must be hard to secure. In view of this, we can set the Windows Server 2008 Server system to the appropriate settings, only allow the designated person through Remote Desktop Connection to remote control it, the following is the specific setup steps:

First open the Windows Server 2008 Server System desktop Start menu, from which you expand programs, Administrative Tools, Server Manager options, and then, in the corresponding System Server Manager console window that appears, click the Server Management node option in the left pane. Then select the Server Summary settings item under the Target Node branch and click the Configure Remote Desktop project to go to the remote control settings for Windows Server 2008 System dialog box;

Second, click the "Select User" button on the remote Desktop of the settings dialog to open the Setup interface shown in 1, where we will see all user accounts that can be remotely controlled on the Windows Server 2008 Server system, and once you see an unfamiliar user account or a untrusted user account exists, We can select it and click the "Delete" button to remove it from the system, then click the "Add" button in the corresponding Settings screen to open the User Account Settings dialog box, select and add the specified administrator user account, and then click "OK" button to end the user account setting operation, As a result, the Windows Server 2008 Server system will allow only the specified system administrator to remotely administer the operation at a later date, without allowing any other user to remotely control it.

2. Reject administrator for attack testing

As with the traditional server operating system, the Windows Server 2008 Server system still uses the administrator account to complete the system logon operation by default, which is why administrator accounts are particularly vulnerable to exploitation by some illegal attackers, They attempted to log in to the server by cracking the password of the administrator account and try to test it for attack. In order to deny illegal attackers the ability to use the Administrator account for attack testing, we can set up a Windows Server 2008 Server system by following these steps:

First in the Windows Server 2008 Server System desktop, click the start/Run command, in the System Run text box, enter the "secpol.msc" string command, click Enter, open the corresponding system's local Security Group Policy console window;

Next, in the Local Security Group Policy Console window display area on the left side, position the mouse in the Security Settings node option, under the target node branch select Local Policy/Security options, under the corresponding Security Options branch, locate the target security Group Policy account: Rename the system Administrator account, Open the Account: Rename system Administrator account Group Policy Property Settings dialog box by right-clicking the Group Policy option, and then executing the Properties command from the shortcut menu that appears, click the Local Security Settings tab in the dialog box, and open the label Settings page shown in 2. In this page we can change the name of the administrator account to a name that is not easily guessed by others, for example, you can modify it to "Guanliyuan", and then click the "OK" button to save the above settings. In this way, when an illegal attacker attempts to test a Windows Server 2008 server system through an administrator account, the security of the server system can be guaranteed.

3. Modify Telnet port to secure remote connection

The telnet command is the default Telnet program in a Windows Server 2008 server system, because the program is integrated directly into the server system and is easy to use, so the network administrator often uses it when managing the server. However, when using the Telnet command to remote control the server system, the control information is often transmitted in clear text on the network, some malicious attackers can easily be similar to the account name and password such control information interception, while the Telnet program authentication method also has a significant weakness, That is, it is particularly vulnerable to attack by others. In view of the remote control of the Windows Server 2008 Server system by the Telnet command, the default network port of "23" is generally used automatically, and the port is almost familiar to everyone, in order to protect the security of Telnet remote connection, We simply modify the default network port number of the program as follows to prevent others from arbitrarily using the Telnet command to remotely control the server system:

First in the Windows Server 2008 Server System desktop, click the start/Run command, in the System Run text box, enter the "cmd" string command, click Enter, open the corresponding system DOS command line work window;

Next, at the command line prompt of the DOS window, enter the string command "tlntadmn config port=2991" (where "2991" is the modified new port number), in order to prevent the newly set network port number from conflict with the existing port number of the system. We must ensure that the new port number entered here cannot be set to the port number of the known system service, and when you confirm that the string command above is entered correctly, click Enter and the port number used by the Telnet command will automatically become "2991", at which point the network administrator must know the new port number. Before you can use this program to remotely control operations on a Windows Server 2008 server System.

Of course, we do not go to the server site, can also remotely modify the Windows Server 2008 Server System Telnet program port number, we just open the DOS command Line Work window on the local client system, enter the string command at the command line prompt of that window "tlntadmn Config \\server port=2991-u xxx-p yyy "(server represents the host name or IP address of the remote server system, port=2991 the Telnet port number to be modified, XXX is the user name of the login server system, YYY is the password of the application account, after clicking the Enter key, the Telnet port number of the remote server system becomes "2991".

　 4, force the use of complex password to prevent violent cracking

If the remote login password for a Windows Server 2008 Server system is not sufficiently complex, an illegal remote control user may be able to successfully hack the login password by brute force. In fact, many network administrators in order to facilitate memory, often will be the server system remote login password set relatively simple, this invisible to illegal attackers to provide a chance of brute force, remote control operation Security will also be seriously threatened. To do this, we can use the following settings for Windows Server 2008 server systems to enable the system's own password policy, forcing users to set a more complex password for the remote control account:

First, click the Start/Programs/Administrative Tools command in the Windows Server 2008 Server System desktop, and then, in the list of System Management Tools window that appears, double-click the Local Security Policy icon in the corresponding system to open the Local Security Settings dialog box for the appropriate systems;

Second, in the Settings dialog box to the left of the display area, with the mouse to select the "Account Policy" branch option, and then the target branch options below the "Password Policy" subkey selected, in the corresponding "Password Policy" subkey to the right of the display area, we will see six password settings policy options, with the mouse double-click the " The password must meet the complexity requirements Group Policy option to open the target Group Policy Property Settings window shown in 3;

Check that the Enabled option is selected, and if it is not already selected, we should select it again in time and click the OK button to save the above setting so that the remote login password for the Windows Server 2008 Server system is not sufficiently complex to set The system will automatically eject the relevant hints;

Next, we will change the "Enforce password history", "Password length minimum", "Save password with reversible encryption", "Maximum password age", "Minimum password age" and other policies for on-demand modification, and finally click the "OK" button to complete all the setup actions, In this way, the remote login password can be arbitrarily set to complex.

Server Windows Server 2008 Remote control security settings Tips