Use the Windows registry to protect your system security

Source: Internet
Author: User

The Microsoft Windows registry is the core of the Windows operating system. It is essentially a huge database, it stores computer hardware and all configuration information, system and application software initialization information, application software and documentation file associations, hardware device descriptions, and various network status information and data. Here is the Software Overview for modifying the registry.

It can be said that all operations on hardware, software, and network on the computer are from the registry. Because the registry is the core of the operating system, once the Windows registry is damaged or maliciously modified, the file cannot be opened and some functions cannot be operated. In addition, many popular network viruses, once started, will be automatically left with repair options in the Registry Startup item of the computer system, after the system is restarted, these viruses can be restored to the state before modification, which is difficult to be completely cleared.

When using the Windows registry, the main five root key values are used as follows:

HKEY_CLASSES_ROOT is actually HKEY_LOCAL_MACHINESOFTWAREClasses,

It contains information necessary for all applications to run: all extensions and associations between files and applications;

All driver names; Class ID numbers (the name of the item to be accessed should be replaced by numbers); DDE and OLE letters; icons used for applications and files; HKEY_LOCAL_MACHINE is the processing key of the display control system and software. The HKLM key stores computer system information. It includes all software settings on the network and hardware. (Such as the file location, registration and unregistered status, version number, and so on) these settings are irrelevant to the user, because these settings are for all users who use the system.

HKEY_CURRENT_USER contains the same information listed in HKEY_USERS security identification. Any changes in HKEY_CURRENT_USER will be changed immediately by HKEY_USERS. All current operation changes are only for the current user and do not affect other users.

HKEY_USERS only contains information about the default user settings and login users. Although it includes settings for all independent users, user settings are unavailable when the user does not log on to the network. These settings tell the system which icons will be used, which groups are available, which start menu is available, which colors and fonts are available, and what options and settings on the control panel are available.

HKEY_CURRENT_CONFIG is the ing of the current hardware configuration information in HKEY_LOCAL_MACHINE, including the details of all the existing configuration files in the system.

To ensure the security of the Windows registry, you must manage and configure the following eight aspects:

(1) back up the entire registry

Click the "Start> Run" menu item, enter "Regedit" in the "run" dialog box, and click "OK" to open the Registry Editor. to back up the entire registry, select the Registry root directory (my computer node), right-click the registry, and select the Export command to open the export registry file dialog box, in the "file name" box, enter the Registry File Name and save path, and click "save. The Registry backup file extension is REG.

(2) Registry Restoration

On the Windows GUI, you can double-click the backup REG file to restore the registry to the backup status.

(3) password settings

If the following DWORD value is set under [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion PoliciesNetwork], the corresponding setting is valid:

"HideSharePwds" = 1 (use the asterisk (*) to hide the Shared Password)

"DisablePwdCaching" = 1 (Disable password cache; note! Please use this setting with caution. In this case, the "password" attribute in the control panel cannot change the password. The user can log on with any password or without a password .)

"AlphanumPwds" = 1 (make the Windows Password a number and a letter)

"MinPwdLen" = n (set the minimum length of the Windows Password. n is greater than or equal to 0 and less than or equal to 8)

(4) Disable Registry Editor

If the DWORD Value "DisableRegstryTools" = 1 under [HKEY_USERS "User Name" SoftwareMicrosoftWindowsCurrentVersionPolicies System] is disabled, the user cannot use the registry editing tool.

(5) Disable "MSDOS" and MSDOS applications in a single mode

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies]: After the primary key "WinOldApp" is created and the DWORD Value "Disabled" = 1 is created under the subkey, the user's "MSDOS" method is Disabled; if the value of DWORD in "WinOldApp" is "NoRealMode" = 1 ", the user's single-mode MSDOS application is disabled.

(6) set the self-starting Program

The string value under [HKEY_LOCAL_MACHINESOFTWAREMic rosoftWindowsCurrentVersionRun] indicates a program self-started through the registry;

The string value under [HKEY_LOCAL_MACHINESOFTWAREMic rosoftWindowsCurrentVersionRunOnce] indicates the program that is started only once.

The string value under [HKEY_LOCAL_MACHINESOFTWAREMic rosoftWindowsCurrentVersionRunServices] indicates a service program self-started through the Windows registry;

The string value under [HKEY_LOCAL_MACHINESOFTWAREMic rosoftWindowsCurrentVersionRunServicesOnce] indicates that the service program is started only once.

From this, we can see all the preceding DWORD values. If the value is "1", this value is valid. If the value is "0", this value is invalid; by changing the DWORD value or deleting the DWORD, we can easily make the corresponding restriction valid or invalid.

(7) restrict display attributes

After entering HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion into ies, create the following DWORD values under the sub-key "System" (valid when = 1 ):

NoDispAppearancePage hides the "appearance" attribute page of the display attribute;

NoDispBackgroundPage hides the "background" attribute page in the display attribute;

NoDispCPL prohibits you from setting display properties;

NoDispScrSavPage hides the "Screen Protection" attribute page in the display attribute;

NoDispSettingsPage hides the "Settings" attribute page of the display attribute;

(8) restrict the Start menu and desktop

1) Start Menu

If there is a DWORD Value "NoRun" = 1 under [HKEY_USERS "User Name" SoftwareMicrosoftWindowsCurrentVersion ieiesexplorer], the "run" command in the user's Start Menu is disabled;

If the DWORD Value "NoSetFolders" = 1, the "set Folder Options" command in the user's Start Menu is disabled;

If DWORD "NoSetTaskbar" = 1, the "set taskbar and Start Menu" command in the user's Start Menu is disabled;

If the DWORD Value "NoFind" = 1, the "Search" command in the user's Start Menu is disabled. If the DWORD Value "NoStartMenuSubFolders" = 1, the subfolders in the user's "start" menu are hidden;

If the DWORD value is "NoClose" = 1, the "close system" command in the user's Start Menu is disabled;

If the DWORD value is "NoStartBanner" = 1, the arrow icon in the taskbar appears during WINDOWS Startup and the word "Click here to start" is hidden;

2) Desktop

Go to the following path: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion Policies, and then create the following DWORD values under the "Explorer" key value:

When NoDesktop is set to 1, all icons on the desktop are hidden;

NoDrivers hidden drive (the low 26 bits of the DWORD Value correspond to the A-Z drive from low to high, each bit = 1 is valid );

When NoNetHood is set to 1, the "Network Neighbor" icon of the desktop is hidden;

When NoViewContextMenu is set to 1, the context menu is displayed when you right-click the blank area on the desktop;

When NoTrayContextMenu is set to 1, the menu displayed when you right-click the taskbar is hidden;

When NoEntireNetwork = 1, the "entire network" in "Network neighbors" is hidden ";

When NoSaveSetting = 1, do not save the settings before exiting;

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.