win2008 R2 WEB Server Security Settings Guide Group Policy and user settings _win server

Source: Internet
Author: User

Improve system security by optimizing set Group Policy, renaming the system's default administrator, user renaming, and creating trap accounts.

Next, we have modified the remote connection port, we have been able to reject a part of the attack, but these settings are far from enough. In the following security, you must ensure that your server software has been fully configured, and can be used normally, otherwise, if the software installed after the security settings, there may be a failure or other errors, resulting in the configuration of the environment failed.

Password Policy

The system password is directly related to the security of the system, if your password is too simple, in case your remote connection port is swept, then break your password is minutes later. Therefore, our system password must be set up a security-compliant password, such as the use of uppercase and lowercase English, numbers, special symbols, length of not less than 6 bits, and other measures to enhance the security of the password. In Windows 2008 systems, the system provides a "password policy" setting, which we set up to go to the local security policy.

Turn on the security settings-----Account Policies-----Password Policy-----Passwords must meet complexity requirements and are enabled.

Audit Policy

The role of audit policy is that if a malicious user is cracking your password, logging in to your system, or modifying your system, you can find it early and deal with it.

The default is no audit, we must modify it, the following is my revised audit policy,

Has basically been able to capture the required information, we just analyze the resulting log, we can find the problem.

User Rights Assignment

This is primarily to limit which users can log on to the server using remote connections, by default to the Administrators group and the remote Desktop Users group, where members of these two groups can log on remotely to the server, and we generally as Web servers, not too many users, There may be only one administrator, so it is not necessary to specify the group, directly specify the user.

modifying system users and Groups

1. Rename the system default user name and user group, two steps in this section.

⑴, rename the default admin Administrator and Guest account, and if I rename the administrator to Wobushiad, rename guest to Wobushiguest,

Log on to the server at a later time using the modified username Wobushiad.

⑵, create a new user named Administrator, who belongs to the Guests group, set up a super complex password (a string of characters in Notepad, including capitalization, numbers, special symbols, you don't need to remember this password), and disable the account. This account is a trap account and we do not use this account ourselves.

Then modify the default Admins group administrators and guest groups,

Security options

Interactive logon: Do not display the last user name, enable

Network access: Do not allow anonymous enumeration of SAM accounts and shares, enabling

Network access: Does not allow storage of network authentication passwords and credentials, enabling

Network access: A remotely accessible registry path that empties

Network access: Remote access to registry paths and Subpath, emptying

Original works, allow reprint, reprint, please be sure to hyperlink form to indicate the original source of the article, author information and this statement. Otherwise, legal liability will be held.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.