Use WINXP group policies to implement the underlying HIPS Function

For a long time, I wrote a tutorial on WINXP group policies. In fact, Software Restriction Policies in WINXP group policies can fully implement HIPS. If properly configured, it can completely defend against most network threats.

To set a group policy, first take a look at the system environment variables and wildcards.

　　Environment Variable

% USERPROFILE % indicates C: Users and Settings current user name % ALLUSERSPROFILE % indicates C: Events and SettingsAll Users % APPDATA % indicates C: Documents and Settings current user name \ Application Data % ALLAPPDATA % indicates C: Documents and SettingsAll UsersApplication Data % SYSTEMDRIVE % indicates C: % HOMEDRIVE % indicates C: % SYSTEMROOT % indicates C: WINDOWS % WINDIR % indicates C: WINDOWS % TEMP % and % TMP % indicate C: Documents and Settings current USERNAME \ Local SettingsTemp % ProgramFiles % indicates C: Program Files % CommonProgramFiles % indicates C: Program FilesCommon Files

　　Wildcard

? Represents any single character * Represents any number of characters ** Or *? It indicates zero or multiple characters that contain backslash, that is, including subfolders.

Next, set the "Software Restriction policy"

　　

　

　　

　　
　

　　

　　

　　

　

　　

　　

　

After the configuration is complete, copy the C: Windows \ system32GroupPolicyMachineRegistry. pol file, which is the rule you set. After the system is redone, overwrite the backup file to the Source Path to restore the rule, or make the file into a self-decompressed EXE file.

Self-decompressed script:

Path = % windir % system32GroupPolicyMachine SavePath Setup = gpupdate/force Silent = 1 Overwrite = 1

So far, a full set of Software Restriction Policies have been completed. I hope this tutorial on WINXP's group policy will help you! Basically, this software restriction policy can implement 2D functions such as AD and FD of HIPS. For RD Registry protection, you can modify the Registry Key Permissions. It can be said that XP itself has the 3D HIPS function, and the biggest advantage is that it is built in XP, Which is seamlessly integrated with the system and will not be incompatible without occupying the memory, moreover, the Interception Capability exceeds all HIPS, which is truly at the bottom of the system!