At present, Microsoft's released operating system has built-in "service" function. For us, "service" that is not used will not only take up system resources, but more importantly, some services will launch the system to be invaded (such as 33889 "Terminal Services "Terminal Services," Remote Registry "supports remote connection registry service ...), maybe some readers have already thought that" disabling "these services can not be? Setting these services to "disable" to prevent others from invading your system, but as long as the other party gets your username and password or method can change these services to "start", then in addition to strengthening user passwords, there are What is the way to prevent the other party from using the open service invasion? Use the following methods to effectively prevent the other party from using certain services to invade your system.
Method 1: Make service failure will easily lead to service "disabling" to be invaded, and then delete these services, so that even if the other party connects to your system service list, it cannot modify the properties of the service, and cannot be modified Service properties cannot start the service. Open the registry editor, find the "HKEY_ local_machinesystemcurrentcontrolset" item, and each subkey under the system is "service" in the system, such as the "Messenger" service, but some service these two The name will not be the same, but it is also easy to find, "DisplayName" key value is the name of the service. Here to delete the "Messenger" service as an example, other service methods are the same, but the items deleted in the registry are different. You must export backup before deleting this item, then click the "Messenger" item, right-click " Delete "(Rename or) command. At this point, double-click "Messenger" in the service list, if the error message shown (Figure 1), certain other tips will also appear when the other party is connected to your service list, not the property box. If you want to restore this service, you can import the registry file just now into the registry.
Figure 1 Error message prompt window
Method 2: Rename "Display Name" If the other party gets the username and password, and your system opens "Remote Registry Connection" service, the other party can also connect your system registry to "Method" The modification settings are restored, and now you may wish to try the following ways, rename the "service" display name as another name, so that the other party wants to "service", it is not as fast as usual. Similarly to the "Messenger" service, open the Registry Editor, find the "HKEY_ local_machinesystemcurrentcontrolset" item, find the "Description" key in the right window, this button corresponds to the "service" description, delete it, next Find the "DisplayName" button, this button corresponds to the name displayed in the list, double-click the "DisplayName" button to modify its value to another name (GSN), press the "OK" button to exit the Registry Editor, This modification will take effect after restarting the system. Running "service.msc" to view the modified effect, discover a "Show Name" for "GSN" in the Service List, and this Services is the previous "Messenger" service. Use the same way to change the "service" that needs to be modified to another. Of course, when you modify, you should record the modified name and the corresponding "service", or you don't know if you need to open this service. Which service, the service that should be "disabled" is also set to "disable". After such a revision, the other party will open "service", it is quite difficult, but if each party is here every "service" Double-click to view, then finally you will find the "service", because this service is displayed in the "Service" Properties box, the other party can identify whether to find "Service" according to this name. How to modify the "service name" here, please refer to "Method 3".
Method 3: Modify the "Service Name" to modify the name of the Service, here you need to use two tools, "SRVINSTW.EXE" and "SRVANY.exe", which can be able to work in Windows 2000 resources. Find in the package, or take the "Messenger" service as an example, after getting these two tools, double-click the "SRVINSTW.EXE" tool, click the "Install a Service" option, enter your "Messenger" in "Service Name" The name (GSNSRV) of the service is (GSNSRV), in the step of the "Srvany.exe" file, the other settings can be default, after the addition is completed, the original "Messenger" service is switched to the backup (method) One is already backed up), then "Messenger" service "Disable", run the "SRVINSTW.EXE" tool again, select the "Remove a Service" option to remove the original "Messenger" service from the list, and now find the backup open the registry file editor, the "[HKEY_ LOCAL_MACHINESYSTEMCurrentControlSetServicesMessenger]" this line changed to "[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesgsnsrv]", where "Gsnsrv" is the "Messenger" service name in the wizard to rename, save and exit the file, and then import it into the registry In the table, now run "service.msc" Open the service list to view the properties of the "Messenger" service, from Figure 2, it can be seen that its name has been modified to "gsnsrv", next combination "method one" and "method two" Method For service modification or index to delete the service from the list, finally delete the default share, so that the other party should invade your system is more difficult. Tip: Before performing the above operation, you must do a good job, such as the registry, the display name, service name, executable path of the service attribute box, and the program referred to as the executable file. Good backups and records can be performed. It is recommended that only services that are not used and easy to cause the system being invaded, after all, some services may be wrong after the above changes. Figure 2 Messenger's properties
