This article lists the modification instances of various registries in detail, and clearly marks the scope of adaptation to facilitate quick query.
Iii. Enhanced Windows System Security
At present, this virus is prevalent, the core part of the indows operating system is as follows, these tools are often used by viruses and hackers. If the user lacks relevant knowledge about the registry, the "Origin" of the virus cannot be found and cannot be cleared. On the other hand, the Registry also plays a positive role. Through the registry, we can further enhance the security of Windows systems and prevent unauthorized use to prevent viruses and hacker intrusion.
1. protect personal information
If you are using a computer with others, or you have private content to protect, you can use the registry to enhance the protection of such private information.
(1) clear local access information
In general, for the convenience of users, windows always saves the documents and programs recently accessed by users, so we need to remove the convenience provided by windows.
The value items in the following table are located in the Registry key HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/policies/explorer.
(2) Clear operation information
Many operations are stored in the registry when we use the Windows operating system. For example, the name of the program that has been run through the "run" item in the "Start" menu, the computer that has accessed "Network Neighbor", and the folder on the computer. Through the registry, We can manually clear this information.
(3) encrypt the personal folder
The above discussion is to clear the information left when the user applies to the computer. Next we use the registry knowledge to encrypt the folders that store personal information.
We know that it is useless to hide your folder by setting the folder attribute to "hide. In the resource manager's "Tools" → "Folder Options" → "View" dialog box, select "show all files and folders, you can see all the folders and files with hidden attributes. There is a trick to effectively protect your folders. The trick is to use the Class Identifier as the file extension of the folder name. For example, we want to protect the folder C:/mydata.
First, find the CLSID of a file type in the Registry key hkey_classes_root. For example, the CLSID of The MIDI file is {00022603-0000-0000-c000-000000000046 }. Add the file name {00022603-0000-0000-c000-0000000000000046} to the folder, and change the name of C:/mydata to "C:/mydata. {00022603-0000-0000-c000-000000000046 }". In this case, the C:/mydata icon is changed from the folder icon to the MIDI file icon.
Double-click the icon in the Resource Manager. The system reports that the MIDI file content is incorrect and cannot be played (the system treats the folder as a MIDI file). Therefore, you cannot access C:/mydata, you cannot view the content in this folder. The advantage of this is that we can successfully disguise our private folder as a normal MIDI file.
The only way to view the folder content is to use the CD command in the DOS window to enter the folder.
You may say that you can restore the protected folder after removing the file extension of the folder? Don't worry, users can't do this step. Even if you select the option "Hide extensions of known file types" in the resource manager "Tools" → "Folder Options" → "View" dialog box, make all files display the extension. In resource manager, C:/mydata does not have an extension. In this way, you cannot remove or change the CLSID section of C:/mydata. {00022603-0000-0000-c000-000000000046.
If you want to view the content in the folder normally in the resource manager, you can rename the folder to the correct name in the DOS window.
This method works with the following method to restrict running programs (to restrict running dos windows) to effectively protect your folders.
2. Programs restricted by users (applicable to Windows 9x/ME/NT/2000/XP)
(1) prohibit the user from running the application through "running"
You can run the "Start" menu to start a program. You can run programs that are not extension files of exe. If you do not want to execute the program at will, you can remove the "run" item from the "Start" menu.
Go to the Registry item HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/policies/explorer, create a dual-byte value item norun, and change its value to 1.
Tip: In addition to running, you can manually enter a command in the DOS window to start a program.
(2) prohibit users from running command interpreters and batch files (for Windows NT/2000/XP)
By modifying the registration table, you can disable the user from using the command interpreter (cmd.exe) and running the batch processing file (BAT file ).
Go to the Registry item HKEY_CURRENT_USER/software/policies/Microsoft/Windows/system/, create a dual-byte value item disablecmd, and change its value to 2. The command interpreter and the batch file cannot be run. If you only disable the run of the command interpreter and run the batch file, change disablecmd to 1.
(3) the specified program cannot be run.
For the sake of security, we may hope that some dangerous programs will not be run by users. This can be achieved through the registry. For example, we want to disable the user from running the notebook (notepad.exe) and calculator (Cal. EXE ).
First, in the Registry key HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/policies/explorer, create a dual-byte value item disallowrun and change its value to 1, to allow us to define programs that are not allowed, and then create a new registry entry HKEY_CURRENT_USER/software/Microsoft/Windows/current version/policies/Explorer/disallowrun, under which two new string value items are created. The first value is 1 and the value is notepad.exe. the second value is 2 and the value is calc.exe. If you want to disable more programs, you can create values listed in the order of 3 and 4. It takes effect immediately after you modify the registry. If you want to run the notepad and calculator programs through the "Start" menu, the system will prompt that you cannot perform this operation.
Note: In the Windows NT/2000/XP command interpreter (cmd.exe) window, you can still run notepad by entering "notepad.exe. This is because disallowrun only prohibits programs that run through resource manager explorer. notepad is not started through explorer, so it cannot be disabled. If you do not want to use the command interpreter to run the program, disable the command interpreter (cmd.exe) in disallowrun. In addition, this method is insecure, that is, if you change the name of the Notepad program "notepad.exe", such as "note.exe", you can run it.
(4) Only the specified program can be run.
To restrict users from running programs, we can specify that users can only run certain required programs. This method prevents users from running their own programs and effectively prevents viruses from spreading. This can be achieved through the registry.
First, create a double-byte restrictrun under the Registry item HKEY_CURRENT_USER/software/Microsoft/Windows/current version/policies/explorer and change its value to 1, to allow us to specify programs that can run.
Create a registry item HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/policies/Explorer/restrictrun, and create two new string values under it. The first value is 1 and the value is notepad.exe. the second value is 2 and the value is calc.exe. If you want to allow more programs, you can create values listed in the order of 3 and 4. It takes effect immediately after you modify the registry. If you want to run other programs through the "Start" menu and resource manager, the system will prompt that you cannot perform this operation.
Tip: if you do not allow the Registry Editor to run, you will find that you will not be able to restore the modifications made by this method, because you cannot use the Registry Editor to modify the registry. In this case, you can change the name of the Registry Editor Program to the name of a program that you allow to run, so that you can run the Registry Editor.
Note: This method is highly restrictive, so be careful when using it, especially when you do not allow any program to run. If this happens, you will not be able to change the settings of this method back, because you cannot modify the registry. The only method is to restore the Registry backup before modification.
(5) Disable Registry Editor
The Registry is complex and dangerous, so we often hope that users do not try to modify the registry. By modifying the registration table, you can disable two registration table editors, regedit.exeand regedt32.exe, in the user's operating system.
Create a dual-byte value item disableregistrytools under the Registry item HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/policies/system/and change the value to 1. In this way, you cannot start the Registry Editor.
Note: Be careful when using this function. It is best to make a registry backup or prepare another Registry Modification tool. After you disable the Registry Editor, you cannot use the Registry Editor to change the value.
(6) prohibit the user from changing the password (applicable to Windows NT/200/XP)
In the "Windows security window" (Press CTRL + ALT + Delete), you can click "Change Password" to change the user password. By modifying the registry, you are prohibited from changing the password.
Create a two-byte value disablechangepassword under the registry key HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/policies/system and change the value to 1. In this way, the "Change Password" button in the "Windows security window" becomes unavailable and the user cannot change the password.
(7) prohibit users from locking their computers (applicable to Windows NT/2000/XP)
In the Windows security window, you can click lock computer to lock the computer. You can disable the user from locking the computer by modifying the registry.
Create a two-byte value item disablelockworkstation in the Registry HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/policies/system and change its value to 1. In this way, the "Lock computer" button in the "Windows security window" becomes unavailable and the user cannot lock the computer.
(8) prohibit users from using the Task Manager (applicable to Windows NT/2000/XP)
You can use "Windows Task Manager" (taskmgr.exe) to start and end local processes, view and manage processes on other computers, and change the priority of processes. You can disable the use of the task manager by modifying the registry.
Create a dual-byte value disabletaskmgr under the Registry item HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/policies/system/and change its value to 1. In this way, you cannot start the task manager.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
