Ten applications of group policies in System Security

Group PolicyThe Registry is self-contained in windows. Using group policies can easily modify the registry, which is far more convenient and secure than manually modifying the registry. In addition, group policies are crucial to maintaining system security. The following describes the application of group policies in system security.

To improve the security of the system, many friends like to go to the Registry. I don't know, but I know nothing about the Registry. This is just a hit in the face of security! Let's see how the author uses a graphical and intuitive interface to protect his home.

Scenario 1! Who knows that when I went to work the next day, white brother came to the door and said, "Why are you using my machine? Want to see my small MM ......?". The side dishes look depressed ......

Scenario 2: the vegetable is secretly using the white brother machine. The game needs to adjust the mouse and other settings in the production panel. When double-clicking the control panel, a "limitation" window appears, this operation was canceled due to restrictions on this computer. Please contact your system administrator ." You have to do it ......

Scenario 3: I am sorry that I was "Arrested" for stealing machines. I would like to invite a DOS expert, I want to give white brothers who have grown up in an environment of "smell dead" in DOS. "Start> Run", Enter CMD-black window, but the system administrator stops the command prompt. Press any key to continue... "inverted ~~~

Debut of the main character

Click the Start menu, select the Run Command, enter gpedit. msc, and press Enter! The rule of the main character group has appeared, 1.

Knowledge: What is group policy??

It is a tool under Win2000/XP/2003, formerly the System Policy Editor under 98. Group Policy is a more advanced extension of system policies. It provides more Management Templates, more flexible settings of objects, and more functions. Currently, it is mainly used in worker Win2000/XP/2003 systems. The basic principles of system policies and group policies are to modify the corresponding configuration items in the Registry to achieve the purpose of configuring the computer, but some of their operating mechanisms have changed and expanded.

Show started

1. Hackers cannot run either of them.

Location: Computer Configuration → Windows Settings → Security Settings → Local Policies → security options.

Setting: Double-click "Interactive login: do not display the Last User Name". In the pop-up Properties window, select "enabled", 1.
 

Tips

In Windows 2000, the user name of the last logon is automatically displayed when the system starts. After this policy is enabled, the user name for the last logon will no longer appear. Now, Xiao Bai is not afraid, and Xiao Cai is not worried about hacker intrusion that does not know the legitimate logon username of the local machine.

In Windows XP, a welcome screen is displayed in the default startup mode, allowing all users to see at a glance. Change the user logon mode first. To do this, open control panel, select "User Account", and click "Change User Login or logout Method" in the "User Account" window. Deselect the "use welcome screen" check box and click "application options. In the future, the user login interface will be the same as Windows 2000.

2. Intruders

Location: Computer Configuration → Windows Settings → Security Settings → Account Policy → account lock policy.

Setting double-click the "account lock threshold" policy and set "Three Invalid Logins ". Then, you can set the "account lock time" policy to "30" minutes or longer.

Function] When an invalid user enters the wrong password three times, the user is blocked and cannot log on.

3. Who moved my cheese?

Location: Computer Configuration → Windows Settings → Security Settings → Local Policies → audit policies

Setting: After setting the "Audit Account Logon event" policy to "successful or failed", open "Event Viewer" to check which users have logged on to your computer recently; set the Audit Process Tracking Policy to "successful or failed" to check which programs have been run by the user. As shown in section 3, the user can find that Luo yanjun has run the qq.exe program.

Tips

Open Event Viewer: Click Start> Run, enter eventvwr. msc, and press Enter.

4. Do not shut down my machine

Location: Computer Configuration → Windows Settings → Security Settings → Local Policies → User Privilege assignment

Setting: if you add a user in the Properties window of the "Deny access to this computer from the network" policy, the user has no right to Access this computer from the network; delete a group in the Properties window of the "close system" policy, as shown in figure 4, the user in the group has no right to close the system. The user's "start" menu does not have the "Close computer" menu ).

5. Access to control panel rejected

Location: User Configuration → management template → Control Panel

Setting: double-click the policy and set it to "enabled" in the pop-up property window ".

Function] After this policy is enabled, a "restriction" window appears when we double-click the control panel. The content is "this operation was canceled due to this computer's restriction. Please contact your system administrator ."

6. Does my computer have no hard disk?

Location: User Configuration → manage templates → Windows Components → Windows Resource Manager

Settings: double-click the "hide these specified drives on my computer" policy and select the drive to be hidden.

Function] These hidden drives will not appear in "My Computer" or "Resource Manager", and will not appear in the new or open window of Word.

Tips

You can also directly enter a hidden drive letter such as D: \ in the address bar.

7. My drive is not open to you

Location: User Configuration → manage templates → Windows Components → Windows Resource Manager

Setting: double-click the "prevent access to the drive from my computer" policy. The Properties window 5 is displayed. Select the appropriate option as needed.

Function] the previous function only hides the drive, but you can directly enter the address to access the drive, so it will be white or hide and seek. This function is required to prevent users from using it. After the disk is enabled, even if you see the disk, the system prompts "this operation was canceled due to the limitation of this computer. Contact your system administrator ". Don't worry?

Tips

In this case, you can still enter the restricted drive at the command prompt. You can use the DIR command to view the file system and run the program. For more effective protection of your system, see the next step.

8. DOS experts are also dumb

Location: User Configuration → management template → System

Set] double-click the "block access command prompt" policy, select "enabled", and "disable command prompt Script Processing ?" Select "yes" from the drop-down list box ".

Function] When we use the Command Prompt window, a prompt "the command prompt has been disabled by the system administrator. Press any key to continue ...".

9. Do not tamper with the Registry Editor

Location: User Configuration → management template → System

Setting: double-click the "Disable access to registry editing tools" policy and select "enabled ". At the same time, select "yes" after "prohibit the background from running regedit ".

Function] When you Run regedit to start the Registry Editor, an error message "registration editing has been disabled by the Administrator" is displayed, forbidding you to access the registry using the Registry Editor.

10. Do not use my program

Location: User Configuration → management template → System

Setting: double-click the "do not run the specified Windows application" policy, select "enabled", and click "show". A "show content" window appears, the list of programs that are not allowed to run is displayed in this window. Click the Add button and enter the name of the program that is not allowed to run in the text box, as shown in 6.

Function] When you run these banned programs, a message is displayed, "this operation is canceled due to restrictions on this computer. Please contact your system administrator ."

Tips

You only need to enter the name of the program that is not running, and do not need to add a path before the program name.

How is it? After setting these lines of defense, is the computer much safer? However, the last reminder is: do not confuse yourself! These settings are a double-edged sword. You can not only restrict others, but also restrict yourself! If you are worried that you are familiar with the Group Policy, run the Group Policy Editor to change the related options back, and enter gpedit. msc in Figure 6. In this way, even the Group Policy Editor is ready to come in. You still have to leave a path for yourself.

We hope that the ten applications of Group Policy in system security described in this article will be helpful to readers.