Windows 2000 out of print security (beginning, middle, advanced)

The specific list is as follows:

Primary safety Articles

1. Physical Security

The server should be placed in the isolation room where the monitor is installed, and the monitor should keep the camera record for more than 15 days. In addition, the chassis, keyboard, computer desk drawer to be locked to ensure that others even enter the room can not use the computer, the key should be placed in another safe place.

2. Stop Guest Account

The Guest account is deactivated in the computer-managed user, and the Guest account login system is not allowed at any time. To be on the safe side, it's a good idea to add a complex password to the guest, you can open Notepad, enter a string containing special characters, numbers, letters, and then handcuff it as a Guest account password.

3. Limit the number of unnecessary users

Remove all duplicate user accounts, test accounts, share accounts, general department accounts, etc. User Group Policy sets the appropriate permissions, and often checks the system's account to remove accounts that are no longer in use. These accounts are often a breach of the hacker's intrusion system, the more the system accounts, the more the hackers are likely to get the permissions of legitimate users. Domestic nt/2000 Host, if the system account more than 10, generally can find one or two weak password account. I once found that a host of 197 accounts in which 180 are weak password accounts.

4. Create 2 Administrator accounts

Although this may seem contradictory to the above, it is in fact subject to the above rules. Create a general permission account to receive letters and handle daily things, and another account with administrators privileges is used only when needed. You can have administrators use the RunAS command to perform some of the tasks that require privileges to facilitate management.

5. Rename the system administrator account

As you all know, the Windows 2000 Administrator account is not deactivated, which means that other people can try this account password over and over. Renaming an administrator account can effectively prevent this. Of course, please do not use the name of admin, change is equal to do not change, try to disguise it as ordinary users, such as change into: Guestone.

Zebian: Bean Technology Application