I believe that many "rookie" friends will think that the team policy of the Windows system is very "mysterious", so they generally don't dare to "touch" it; in fact, if you have a "intimate contact" in the system group strategy, you may Will surprise the powerful feature of the system group policy, because as long as you drive the system group strategy, your system network function will get further "strong". If you don't believe it, please take a look!
Let surfing traces automatically
After each surfing, the system will record the traces of the Internet, others are easy to pass these traces, voyeur to their online privacy. In order to avoid illegal voyenesis of your privacy, you may have a hand-cleared method to remove all the net traces one by one by hand-cleaning, it is clear that this method is not only cumbersome, not very easy. remember. In fact, you can automatically erase all net traces at the moment of cancellation:
First create a batch file, make sure that all Internet traces can be cleared automatically after executing the file. When you create such a batch file, you can open the text editing tool such as Notepad, and then enter the following command code in the Edit interface:
@echo off cd c: / windows / local settings / temporary internet files c: / windows / command / deltree. / Y
Thereafter, the "File" / "Save" command in the text editing interface is performed in turn, and save the previous command code into a batch file named "bat", for example here, the author saves it as "autodel.bat" file, Of course, the file is only valid for the WIN98 or WINME system. If you want to automatically clear the online traces in the Win2000 or more, you must enter the following command code in the text editing interface:
@ecuments ad settings / administrator / local settings / temporary internet files c: / winnt / system32 / deltree. / * / y
And if you want to make the above batch file to be successful, you also need to copy the "Deltree.exe" command under Win98 system in advance to the "C: / WinNT / System32" directory of Win2000 or later system; of course, if Windows The system does not install according to the default setting, and the system installation path in the batch file is also required to set the path to the actual installation path.
Second, click the "Start" / "Run" command, in the pop-up system Run dialog box, enter the group policy editing command "gpedit.msc", click the "OK" button, then expand the Group Policy Editing window. "User Configuration", "Windows Settings", "Script (Login / Logout)" branch;
Then in the pop-up interface, double-click the "Logout" option, in the Open Logout Properties Settings window, click the "Add" button, import "Autodel.bat" file in the pop-up file selection dialog, final Click the "OK" button, so you will be automatically executed each time you exit your computer system, so that surfing traces are automatically erased.
figure 1
Let WinXP share free to share
If you access the WinXP operating system through the "Online Neighbor" window in the Win98 workstation, you will find that the WinXP workstation will refuse your sharing request. What is going on? It turns out that WinXP system is not allowed to log in to the system in the default state, then is it to make Winxp workstations to share freely in the WinXP system? In fact, in addition to enable the guest account, you need to specify the guest account to access the WinXP workstation shared resource through the network; the following is the specific implementation step of making WinXP to be freely shared: first click "Start" in the WinXP workstation. / "Program" / "Administrative Tool" / "Computer Management" command, in the pop-up computer management interface, gradually expand "System Tool", "Local User and Group", "User" branch, in correspondence "User" branch In the right sub-window, double-click the "Guest" option, in the pop-up account property setting interface, cancel the "Account Disabled" option, click the "OK" button, "Guest" account can be re-enabled;
Then open the system's group policy editing window, then use the mouse to gradually expand "Local Computer Policies", "Computer Configuration", "Windows Settings", Security Settings, "Local Policy", "User Rights Assign" branch, In the pop-up Figure 2 interface, double-click the "Reject from the Network Access to this Computer" project in the right sub-window, in the interface, select the guest account and delete it, then click the "OK" button, Then the shared resource in the WinXP workstation can be accessed casually.
figure 2
Let the 135 port close
Everyone knows that once the 135 network port in the server is opened, the hacker or illegal attacker may pass a professional remote control tool, voyeur to the important content of the server and the Internet account, etc., can also remotely execute the server remotely. Important procedures, thereby bringing security threats to the server. To avoid such an attack, you must find a way to block 135 network ports in the server. To this end, this article is deliberately to help you easily close the 135 network port by modifying a group policy.
Considering that hackers need to establish network connections with the server when they attack servers, then they can break the server through the 135 network port, so as long as we can "reject" other clients access the server through the network, you can reach indirectly off 135 The purpose of the network port, ensuring that the server is not attacked remotely. To "reject" Other clients to establish a network connection with the server, you can implement it as follows:
First enter the Group Policy Editing window, step by step by step, "Computer Configuration" / "Windows Settings" / "Local Policy" / "User Right Assign" project, then double-click the "User Rights Assign" item below "Reject to access this computer" option from the network; in the interface, click the "Add" button, select the "Everyone" account in the subsequent account list, and click the Add button, Import this account into the "Assignment" list, finally click the "OK" button, such a client user does not have the right to access the server through the network, so that hackers or other attackers naturally cannot use 135 networks The port is remotely attacked on the server.
image 3
Let the network "collection" hide
In order to improve the efficiency of online surf, many people like to use the network "Favorites" function in IE to save the sites you need to access frequently, so that you can go directly to your destination; in order to prevent others from browse to your own "Privacy, you can easily set the system group policy to make the network" Favorites "feature in IE to hide:
In the Group Policy Editing interface, position the mouse to the "User Configuration" / "Management Template" / "Browser Menu" branch; in the pop-up of Figure 4 interface, select the right side The "Hide Collection Menu" option in the window, then use the left mouse button to double-click this option, in the Properties Settings window, select the Enable option, and then click the "OK" button to make the network "Favorites" function Hide.
Figure 4
Rejecting network printing is illegally shared
In order to improve printing efficiency, I believe that many units are set to share, so many illegal users can take the opportunity to easily use the shared printers in the local area network through the "Online Neighbor" window, and it is easy to printed in the LAN. The cost is constantly rising. Obviously, the network printer "release" is easy to cause the printer to be illegally shared in the online neighbor window. To reject network printing is illegally shared, you can set the system group policy as follows:
Turn on the system's group policy editing interface in the same way, with the mouse to gradually double-click on "Local Computer Policies", Computer Configuration, "Administrative Template", "Printer" branch;
In the right side window of the Printer branch, double-click the Printer Browse option, in the Figure 5 settings dialog box, select the "Disable" option, click "OK" button, share the printer's "figure "Will not appear in the online neighbor window, so illegal users naturally cannot use shared printers in the online neighbor window.
Figure 5
Block the pop-up plug-in prompt
When surfing online, a happy mood often is interfered with a wide range of plug-in installed pop-ups. Is there any way to limit these plug-in installation windows? The answer is yes, you can make a simple settings for the system group policy according to the following method:
In order to click the "Start" / "Run" command, in the Open Run dialog box, execute the group policy editing command, step by step by step in the later window, click User Configuration / Manage Template / "Windows Components" / "Internet Explorer" branch;
In the pop-up interface, double-click the Administrator Approved Control Directory in the right sub-window. In the window that is then opened, select the plug-in options that frequently pop up, and double-click them with the mouse to open the corresponding setup dialog. Box, select the "Disable" option, and then click the "OK" button, the installation window will not pop up when the corresponding plugin is encountered in the future.
Figure 6
Let IE can also encrypt the system
When you manage the server, you often have to leave the server for a period of time, and quickly return; to ensure that illegal users will enter the server system in this period of leaving the server, many people set up the server. The boot password, but the method needs to turn off the server, then you need to restart the server when you re-return, it will be wasted; if someone sets the screen saver, and set the password for the screensaver, once temporarily left Encrypted screen saver is enabled when the server is enabled to restrict other people into the server, but the method does not take effect immediately, at least 1 minute screen saver can be started. So, don't you have other good ways to ensure you immediately encrypt the system when you leave the server? In fact, you can quickly "encrypt" by the following method, and you can integrate the "encrypted" function into the IE toolbar for quick calls in the future:
First open the memory editing interface and enter the following command code in it:
@echo off x: /winnt/system32/rundll32.exe user32.dll, lockworkstation
After that, the above code file is saved as a batch file, which is saved as "security.bat", where "X" refers to the partition where the server system is located, so once this batch file is performed, the server The desktop will immediately go to the system login screen. If anyone else does not have a system login account, it cannot go into the server; secondly to customize the command icon for the "security.bat" file. In order to be built into the IE toolbar, you must prepare two "encrypted system" icons in advance so as to use the valid button icon and invalid buttons icon in the work bar, and make sure that each icon is used. "ICO" as an extension;
Below you need to pass the Group Policy to built into the IE interface. Open the Group Policy Editing interface, locate the mouse in the "User Configuration" / "Windows Settings" / "Internet Explorer Maintenance" branch of "Browser User Interface";
Then double-click the "Browser Toolbar" option under the Browser User Interface Branch, in the subsequent interface, click the Add button to open the window shown in Figure 7; in the Toolbar Title Enter "Encrypted System", then click the "Browse" button at "Toolbar Operation", import batch file "security.bat", and import the two icon files prepared in front to the corresponding settings, Click the "OK" button to exit the toolbar buttons custom window;
Figure 7
After all settings operation, restart the system, then open the IE browser window, you will find the Encryption System button already in the IE toolbar, you can click the button at any time to The server instantly encrypts!
Alternative login server
Each time you enter the WIN2000 server system, you need to press the "Ctrl Alt Del" key to enter the login account and the login password. If there is a button in the above combination, we can't log in to the server system. In fact, each time you log in, you don't need the above combination, you can also easily enter the server system. This is not, the author will set up the system group policy and automatically skip the "Ctrl Alt Del" key button when the login server is automatically logged in:
First, the Group Policy Edit command "gpedit.msc", in the open editing window, then place the mouse in the Computer Configuration / "Windows Settings" / "Security Settings" / "Local Policy" / "Security Options" branch;
Under the "Security Options" branch, double-click "Disable Press Ctrl Alt Del" project, in the first window, select the "Enable" option, then click "OK" button, once again When you log in to the server system, you can't see the prompts of the "Ctrl Alt Del" key key.
Figure 9
Reject scan registry path
If your server is installed by the Windows 2003 Server system, then the hacker is easy to scan some of the path information in the remote registration tool by comparing professional scanning tools, and through these path information, hackers may not It is easy to invade the server system to bring a security threat to the server. To ensure that the server is not subject to external attacks, you can make reasonable settings to the Group Policy as follows, so that the hacker can scan the path information of the remote registry:
In the open group policy editing interface, place the mouse in the "Computer Configuration" / "Windows Settings" / "Security Settings" / "Local Policy" / "Security Option" branch;
Double-click "Network Access: Remote Access" item below "Network Access: Remote Access" project, in the displayed window, you can select all the path information of all displayed remote registry, then all of them Delete, so that hackers can scan the path information of the remote registry. Eliminate shared traces
When you open the online neighbor window in the WinXP system, you will find all the shared folders previously accessed, still in the window; it is clear that others can also see their access privacy in the online neighbor window, in order to Avoid your access activity is smashed by others, you can set up the sharing traces that appear in the online neighbor window:
First, execute the "gpedit.msc" command in the System Run dialog box, in the open group policy editing window, step by step by step by clicking the Local Computer Policy / User Configuration / Manage Template / "Desktop" branch;
Then double-click "Desktop" branch "Do not add a recently opened document sharing to an online neighbor" project, in the setup interface that will be ejected, select "Enable" option, and finally click the "OK" button. .
