Desktop Security does not only mean that anti-virus software and firewall are installed, but also needs to be continuously strengthened. Desktop Security is an important part of the multi-layer defense system and is indispensable. However, it is not easy to implement security enhancement tasks. Employees in many organizations have great freedom to install their favorite software on their computers. Furthermore, in some large enterprises, users in different business departments can install various applications not supported by the organization. This application environment has become part of the business process, although these applications have never been part of the design cycle. In this case, how to enhance Desktop Security becomes one of the most difficult problems in the defense system. Of course, we still have a lot of options. For example, we can purchase commercial products to manage desktops, use the group policies of active directories, or simply use local security policies to protect hosts.
1. Manual Operation settings
The requirements of the Organization restrict or affect the security methods used. However, most enterprises need a centralized management solution to complete this task. So, we should start from manually locking and protecting a workstation. 1.
498) this. style. width = 498; "border = 0> |
Figure 1 |
We can see that when defining a local security policy, we need to set the following aspects: account policy, local policy, Event Log, restricted group, system service, registry, and file system. With a runable enhancement image, we can deploy it across the entire enterprise. However, we must ensure that the basic images cannot conflict with the applications supported by the enterprise. Next, let's go to the MMC (Microsoft console. Click Start/run, type MMC in the run box, and press Enter. Obtain the blank MMC template 2.
498) this. style. width = 498; "border = 0> |
Figure 2 |
Click the "Add/delete snap-in" command under the "file" menu, as shown in 3.
498) this. style. width = 498; "border = 0> |
Figure 3 |
Open the window shown in the following 4:
498) this. style. width = 498; "border = 0> |
Figure 4 |
Click "add" in this window. The window shown in 5 is displayed.
498) this. style. width = 498; "border = 0> |
Figure 5 |
Find the "Security Configuration and analysis" option from the available independent units, click the "add" button, click the "close" button, and then click the "OK" button. The window shown in the next 6 is displayed.
498) this. style. width = 498; "border = 0> |
Figure 6 |
Next we need to create a database. Right-click "Security Configuration and analysis" on the left of the window shown, and select "Open Database ". 7.
498) this. style. width = 498; "border = 0> |
Figure 7 |
In the "Open Database window" shown in the following 8, enter the Database Name and click "open ":
498) this. style. width = 498; "border = 0> |
Figure 8 |
Ii. templated operations
You will notice some templates. The Microsoft website has some information about the content provided by these templates. However, you must select a workstation template instead of a server template. The workstation template file name ends with "ws" (not an extension ). 9.
498) this. style. width = 498; "border = 0> |
Figure 9 |
Users can also get pre-defined templates from the Internet Security Center, or from other organizations. However, it is best to strictly review things of others, before using each template, you must be clear about its security settings. Click the "operations" menu and select the "analyze computer now" command, as shown in 10.
498) this. style. width = 498; "border = 0> |
Figure 10 |
To modify a setting, double-click the item in the right pane. The "properties" window is displayed, as shown in Figure 11.