To introduce some common setting methods to play a security policy for the Windows 2000 system to play a security guarantee.
First, security strategy
The Windows 2000 system itself has a lot of security vulnerabilities, which is well known. By playing patch can reduce most of the vulnerabilities, but do not eliminate some small loopholes, and often these small loopholes are also an important way to attack or invade. "Local Security Policy" from Windows 2000 is a very good system security management tool. This tool can be said that the system's defense tools are often some of the necessary settings to prevent the role of preventing, but don't underestimate this tool. Below you introduce some common setting methods to provide security policy settings for security policies.
Second, the specific operation
figure 1
The "Local Security Policy" tool is in, click Start → Control Panel → Administration Tools → Local Security Policy, will enter the main interface of the Local Security Policy. You can set a variety of security policies through the commands on the menu bar, and you can choose how to view how to view, export lists, and import policies.
1. Settings for the security log: Because the security log is an important means of logging a system, you can view some of the system running status through the log, and the default installation of Windows 2000 does not open any security review, so you need to be on local security policy → audit Open the appropriate audit in the policy. Click Start → Control Panel → Administrative Tools → Local Security Policy → Local Policy → Review Policy ", see 9 projects such as" audit policy changes "..., we double-click each project, then" Successfully, failed "options on the box.
2. Account Security Settings: The default installation of Windows 2000 allows any user to get all the system all accounts and sharing lists through empty users, resulting in some passwords to attack the computer, so you must use the following security settings. Click Start → Control Panel → Administrative Tools → Local Security Policy → Local Policies → Account Policy ", see 2 items with" Password Policy, Account Lock Policy "on the right column.
Setting in the password policy: Enable the "Password must meet the complexity requirements", "The length of the password length" is 6 characters, "Forced Password History" is 5 times, "The maximum deposit period" is 30 days.
Setting in the account lock policy: "Reset Account Lock Counter" is 30 minutes, "Account Lock Time" is 30 minutes, "Account Lock Value" is 30 minutes.
3. Security Options Settings: Click Start → Control Panel → Administration Tools → Local Security Policy → Local Policies → Security Options "to find the right column" Additional Limits for Anonymous Connections ". Double-click to set the valid policy, select "Do not allow the SAM account and share" (as shown). Because this value is only non-NULL user access SAM account information and sharing information, this item is generally selected.
figure 2
After this setting, your system is safe and secure, especially the security and password of the account, effectively prevents some illegal intrusions. Not only can you monitor some of the operational important information about the system by viewing logs. There is also a clear masterpiece on the login of the account.
