Use Windows Group policies to ensure Network Security

I believe many cainiao friends will think that the group strategy of Windows systems is "mysterious", so they generally do not dare to "Touch" it easily. In fact, if you have had a "Close Contact" with the system group policy, you may be surprised by the powerful functions of the system group policy, as long as you simply move the system group policy, the network function of your system will be "strong ". If you don't believe it, let's take a look!

Automatically erase surfing traces

After each surfing, the system will record the traces of surfing the internet with "self-suggestion". Others can easily peat their privacy through these traces. In order to prevent your privacy from being peeked at by outsiders, you may manually remove all traces of the Internet after each surfing, obviously, this method is not only cumbersome, but also hard to remember. In fact, you can use the following method to allow the system to automatically erase all online traces at the moment of cancellation:

First, create a batch file to ensure that all online traces can be cleared automatically after the file is executed. When creating such a batch file, you can first open text editing tools such as Notepad, and then enter the following command code in the editing interface:

@ Echo off
Cd c: windowslocal settingsemporary internet files
C: windowscommanddeltree. *. */y

Then, execute the "file"/"save" command on the text editing interface in sequence, and save the preceding command code as a batch file with the extension "bat, for example, the author saves it as "autodel. bat file, of course, this file is only valid for Win98 or WinMe systems, you must enter the following command code in the text editing interface:

@ Echo off
Cd c: documents ad settingsadministratorlocal settingsemporary internet files
C: winntsystem32deltree. *. */y

In addition, if you want to make sure that your batch file is successfully executed, you can copy the "c: winntsystem32" directory under the win98system to the "Win2000" directory. Of course, if the Windows system is not installed according to the default settings, you also need to set the system installation path in the batch file to the actual installation path.

Click Start or run. In the displayed system running dialog box, enter the Group Policy Editing Command Gpedit. msc, click OK, and expand the "user configuration", "Windows Settings", and "script (login/logout)" branches in the Group Policy editing window;

In Figure 1, double-click the logout option. In the logout attribute setting window that appears, click Add, import "autodel. bat file, and then click "OK". In this way, every time you exit the computer system, "autodel. bat files are automatically executed to automatically erase surfing traces.

Figure 1

Share WinXP at will

If you access the WinXP operating system through the "Network Neighbor" window in Win98 workstation, you will find that WinXP workstation will reject your sharing request. What is the problem? In the original WinXP system, logon to the system is not allowed in the guest mode by default. Is it possible to "Activate" the guest account in the WinXP system so that the WinXP workstation can be freely shared? Otherwise, in addition to enabling the guest account, you also need to specify a guest account to access the shared resources of the WinXP workstation over the network. The following describes how to share WinXP freely:

Click Start, programs, administrative tools, and computer management commands in the WinXP workstation. On the displayed computer management interface, expand the "System Tools", "local users and groups", and "users" branches step by step. In the subwindow on the right of the corresponding "user" branch, double-click the "guest" option, on the account attribute settings page that appears, cancel the "account deactivated" option and click "OK" to enable the "guest" account;

Then, the system group policy editing window is displayed, gradually expand the "local computer policy", "Computer Configuration", "Windows Settings", "Security Settings", "Local Policy", and "User Rights Assignment" branches with the mouse, in Figure 2, double-click the "Deny access to this computer from network" project in the subwindow on the right. On the next page, select and delete the guest account, then click "OK", and the shared resources in the WinXP workstation will be accessible at will.

Figure 2

Disable port 135

As you know, once port 135 is opened on the server, hackers or illegal Attackers may use a professional remote control tool to gain a glimpse of important content on the server and the Internet account, in severe cases, important programs on the server can be remotely executed, which brings security threats to the server. To prevent the server from such attacks, you must try to block port 135 from the server. To this end, this article helps you easily disable port 135 by modifying the Group Policy.

When hackers attack the server, they must first establish a network connection with the server before they can destroy the server through port 135, therefore, as long as we can "deny" other clients to access the server through the network, we can indirectly close port 135 to ensure that the server is not remotely attacked. To "deny" the network connection between other clients and the server, follow these steps:

First, enter the Group Policy editing window, and gradually expand the "Computer Configuration", "Windows Settings", "Security Settings", "Local Policy", and "User Rights Assignment" items with the mouse, double-click the "Deny access to this computer from network" option under the "user rights assignment" project. In Figure 3, click the "add" button, on the subsequent account list page, select the "everyone" account and click the "add" button to import the account to the "assigned to" list, finally, click the "OK" button. In this way, no client user can access the server over the network. As a result, hackers or other attackers will naturally be unable to use port 135, attackers have remotely attacked the server.

Figure 3

Hide the network from favorites

To improve the efficiency of surfing the Internet, many people like to use the Internet "favorites" function in IE to save the sites they frequently need to visit so that they can reach their destination next time; to prevent others from browsing their "favorites" privacy, you can easily set a system group policy to hide the "favorites" function in IE:

On the Group Policy editing page, hover your mouse over "user configuration", "management template", "Windows components", "Internet Explorer", and "browser menu;

In Figure 4, select the "Hide favorite menu" option in the subwindow on the right, and double-click the option with the left mouse button. In the attribute setting window that appears next, select the "enable" option and click "OK" to hide the "add to Favorites" function of the network.