Modify Windows Group Policy to make the system stronger

  
I believe that many "novice" friends will think that the Windows system group strategy is very "mysterious", so they generally do not dare to "touch" it; in fact, if you and the system group strategy have In a "close contact", you may be surprised by the power of System Group Policy, because your system network function will be further "strong" by simply moving the system group policy. If you don't believe it, please come and have a look!

Let the surf traces be erased automatically

After each surf, the system will record the traces of the Internet on the “self-assertion”. Others can easily peek into their own Internet through these traces. privacy. In order to avoid your privacy from being illegally sneaked by outsiders, you may use manual removal to erase all kinds of Internet traces after each surf. Obviously, this method is not only cumbersome, but also not easy. remember. In fact, you can use the following method to automatically erase all Internet traces at the moment of logout:

First create a batch file to ensure that all files will be automatically executed after the file is executed. All traces of the Internet were removed. When creating such a batch file, you can open a text editing tool such as Notepad, and then enter the following command code in the editing interface:

@echo off

cd c: \\Windows\\local settings\\temporary internet files

c:\\Windows\\command\\deltree .\\*.* /y

After that, execute the "File" /"" in the text editing interface. Save the command, save the previous command code as a batch file with the extension "bat". For example, I will save it as "autodel.bat" file. Of course, this file is only valid for Win98 or WinMe system, if you want to To automatically clear the Internet traces in Win2000 and above, you must enter the following command code in the text editing interface:

@echo off

cd c:\\document ad settings\\administrator\\ Local settings\\temporary internet files

c:\\winnt\\system32\\deltree .\\*.* /y

And if you want the above batch file to execute successfully, you need to "Deltree.exe" under Win98 system Order, directly copy to the "c:\\winnt\\system32" directory of the Win2000 version system; of course, if the Windows system is not installed according to the default settings, you also need to set the system installation path in the batch file to the actual installation path.

Next, click the "Start" /"Run" command, in the pop-up system run dialog box, enter the group policy edit command "Gpedit.msc", click the "OK" button, and then Expand the "User Configuration", "Windows Settings", "Script (Login/Logout)" branch in the Group Policy Edit window;

Then in the pop-up interface of Figure 1, double-click the "Logout" option, followed by In the open logout property setting window, click the "Add" button, import the "autodel.bat" file in the pop-up file selection dialog box, and finally click the "OK" button, so that you will quit the computer system each time later. The "autodel.bat" file is automatically executed to automatically erase the surf marks.
Figure 1
let WinXP is freely shared

if WinXP operating system to access the "My Network Places" window in Win98 workstation, you will find WinXP workstation will reject your sharing request, What is going on here? The original WinXP system is not allowed to log in to the system in the default mode. Is it possible to "activate" the guest account under WinXP system, so that WinXP workstations can be shared at will? In actual fact, in addition to change the guest account enabled it, you also need to specify the guest account can access the shared resources WinXP workstations over a network; the following is to let WinXP is freely shared specific implementation steps:

first in WinXP workstation, Click the Start /Programs /Administrative Tools /Computer Management command, and in the pop-up computer management interface, expand the System Tools, Local Users and Groups, and Users branches. In the right sub-window corresponding to the "User" branch, double-click the "guest" option. In the pop-up account property setting interface, cancel the "Account has been disabled" option, and then click the "OK" button, the "guest" account will be Can be re-enabled;

Then open the system's Group Policy Edit window, and then use the mouse to gradually expand the "Local Computer Policy", "Computer Configuration", "Windows Settings", "Security Settings", " In the Local Policy and User Rights Assignment branches, in the pop-up interface of Figure 2, double-click "Reject from the network" in the right sub-window. Ask this computer" project, in the subsequent interface, select and delete the guest account, and then click the "OK" button, then the shared resources in the WinXP workstation can be freely accessed.

2 135 ports allow itself off

you know, once the 135 network port server opened, hackers or illegal attacker may be achieved by a professional remote control tool, peeping The important content in the server and the online account, etc., can also remotely execute important programs in the server, which brings security threats to the server. In order to protect the server from such attacks, you must find a way to shield the 135 network ports in the server. To this end, this article specifically helps you to easily close the 135 network port by modifying the group policy.
Considering that when a hacker attacks an server, it needs to establish a network connection with the server before it can destroy the server through the 135 network port. Therefore, as long as we can "reject" other clients to access the server through the network, we can reach Indirectly shut down the 135 network port to ensure that the server is not remotely attacked. To "reject" other clients to establish a network connection with the server, you can do the following steps:
First enter the group policy editing window, and gradually expand the "Computer Configuration" /"Windows Settings" /"Security Settings" with the mouse. "/"Local Policy" /"User Rights Assignment" item, then double-click the "Deny access to this computer from the network" option under the "User Rights Assignment" item; in the interface of Figure 3 that opens, click the "Add" button In the subsequent account list interface, select the "everyone" account, click the "Add" button, import the account into the "Assign to" list, and finally click the "OK" button, so that any customer End users do not have access to the server through the network, so hackers or other attackers naturally can not use the 135 network port to remotely attack the server.
Figure 3

make the network "Favorite" hiding

order to improve the efficiency of surfing the Internet, many people like to use IE in the network "Favorite" function, the site will frequently need to access their own Save it so that you can get to your destination the next time; to prevent others from browsing your own "collection" privacy, you can easily set up a system group policy to hide the network "collection" feature in IE:
in the group policy editing interface, the mouse located in the "user configuration" /"Administrative templates" /"Windows components" /"Internet Explorer" /"browser menu" branch;

4 in the pop-up interface In the right sub-window, select the "Hide Favorites menu" option, then double-click the option with the left mouse button. In the next property setting window, select the "Enable" option, and then click the "OK" button. Let the network "collection" feature hide.
Figure 4

Copyright © Windows knowledge All Rights Reserved