Server Security Settings
1. The system disk and site placement disk must be set to NTFS format for easy setting of permissions.
2, system disk and site placement disk except the user rights of administrators and system are removed.
3, comes with a firewall enabled windows, leaving only the useful ports, such as remote and Web, Ftp (3389,80,21), etc., have also opened the mail server port 25 and 130 .
4, after installing SQL into the directory search xplog70 then find three files renamed or deleted.
5, change the password for the sa long you do not know the password, in any case not to use the sa account.
6, rename the default Administrator account name and create a new account as a trap account, set a long password and remove all user groups. (It is set to be empty in the user group. Let this account not belong to any user group & mdash; like) also renamed to disable the Guest user.
7, configure account lockout policy (gpedit.msc Enter input in operation, open the Group Policy Editor and select Computer Configuration -Windows Settings - Security Settings - Account Strategy - account lockout policy, the account will be set & ldquo; three landing invalid & rdquo;, & ldquo; lock time of 30 minutes & rdquo;, & ldquo; reset lock count set to 30 minutes & rdquo ;.)
8, the security settings in local policies - security options will
Network access: Shares that can be accessed anonymously;
Network access: Named pipes that can be accessed anonymously;
Network access: Registry paths that can be accessed remotely;
Network access: remote access to the registry path and sub-path;
The above four items are cleared.
9, the security settings in Local Policies - Security Options refused Login
ASPNET Guest IUSR _ ***** IWAM _ ***** NETWORK SERVICE SQLDebugger through Terminal Services < Br>
(**** indicates your machine name. For specific search, you can click Add User or Group to select Advanced to find the list of users listed below. Be careful not to add it to the user group and the administrators group. since there is no way to remote landing.)
10, to remove the default share, the following files saved as reg suffix, then you can perform the import.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lanmanserver\\parameters]
"AutoShareServer"=dword:00000000
" AutoSharewks " = dword: 00000000
11, disabling unneeded and dangerous services listed below are required to disable the service.
Alerter Sending Management Alerts and Notifications
Computer Browser: Maintaining Network Computer Updates
Distributed File System: LAN Management Share Files
Distributed linktracking client for LAN Update Connection Information
Error reporting service Send Error Report
Remote Procedure Call (RPC) Locator RpcNs* Remote Procedure Call (RPC)
Remote Registry Remote Modify Registry < Br>
Removable storage Managing removable media, drivers, and libraries
Remote Desktop Help Session Manager Remote Assistance
Routing and Remote Access Routing services for enterprises in LAN and WAN environments
Messenger Message File Transfer Service
Net Logon Domain Controller Channel Management
NTLMSecuritysupportprovide
PrintSpooler Print Service for telnet Service and Microsoft Serch
telnet telnet service
Workstation leak system username list
12. Change local security policy audit policy
Account management success failed
Event successfully failed
Object access failed
Policy change failed successfully
Privileged usage failed
System event failed successfully
Directory service Access failed
Account login event failed successfully
13. Change the file running permission that may be used for the right, find the following file, delete all the administrators in the security settings. The important thing is that even the system does not stay.
net.exe
net1.exe
cmd.exe
tftp.exe
netstat.exe
regedit.exe
at.exe
attrib.exe
cacls.exe
format.com
c.exe special It is possible that the file could not be found on your computer.
Enter
"net.exe","net1.exe","cmd.exe","tftp.exe","netstat.exe" ;,"regedit.exe","at.exe","attrib.exe","cacls.exe","format.com","c.exe"
Search and Select All right property security
above this point is the most important thing, and by far the most convenient and mention the right to reduce the possible defense of the method is destroyed.
14, backup work, the current server process capture or record, save it, to facilitate later check to see if there are unknown procedures. Capture or record the currently open port and save it for later viewing to see if an unknown port is open. Of course, if you can distinguish each process, and the port step can be omitted. More security settings tutorial read: "Server Security Settings Tutorial: Hard Disk Permission Settings"
The topic requires a DNS server to act as a domain name resolution server for two mail servers. 1. S
Storage server has been widely used in all walks of life, from daily work, production records, video
But because of the many similarities between X86 servers and desktops, there are m
Client DNS server address configuration steps (Windows 2000, Windows XP operating system): 1, afte
How to set up Hyper-V virtual machine NIC?
How much do you know about Windows Server Hardening?
Server Load Balancing Solution
The server does not support curl
IIS HTTP 500 error solution under Vista
Top 10 Reasons to Upgrade Win 2000 to 2003
Nginx supports shtml format method
The five questions that the rookie on the road server must understand
IIS server Web access prompts for password question
Open the SQL Server firewall port for batch
Unlock Server2008 Remote Desktop Management Levels
What is the reason for the Directory Listing Denied to appear on the website?
WinXP system to adjust the size of the desktop icon
Keep your system desktop clean
Cannot set Win8 static IP solution
Steps for exporting cookie information in WinXP system
Windows 8.1 comes with screenshots can not be used how to do
How does the Win8 system shut down the Windows Search service?
After the Win8 upgrade, the game has disappeared. How to solve the
Win10 official version of the download address and installation method