Windows2008 Remote Desktop Security Settings (1)

  
        

With unparalleled security advantages, the Windows Server 2008 system has allowed many friends to join the ranks without knowing it. However, this does not mean that the security of Windows Server 2008 system can give people peace of mind; this is not, when we open the remote desktop function that comes with the system, the security problem of Windows Server 2008 system will be highlighted. If we do not properly configure the remote desktop features, then the Windows Server 2008 server system is more likely to be attacked illegally. In order to make Windows Server 2008 system more secure, this article specifically summarizes several security settings for remote desktop features, I hope everyone can get inspiration!

Forcing to perform network-level authentication

Despite traditional operations The system also has remote desktop capabilities, but the Windows Server 2008 system enhances the security features of the remote desktop feature, allowing network administrators to force remote desktop connection users to perform network-level authentication with appropriate settings to prevent some illegal users from also taking the opportunity. Use the Remote Desktop feature to compromise Windows Server 2008 server systems. To force a remote desktop connection user to perform network level authentication operations, we must follow the steps below to set the remote desktop connection parameters for the Windows Server 2008 system:

First log in as a superuser into the Windows Server 2008 server. System, open the corresponding system's "Start" menu, select "Programs", "Administrative Tools", "Server Manager" option, open the server manager console window of the local server system;

Second The mouse is located on the Server Management node option in the display area on the left side of the Server Manager console window. In the right area of ​​the corresponding Server Management node option, click Configure Remote in the Server Summary settings area. "Desktop" link, open the settings dialog box of the server system remote desktop function;

In the "Remote Desktop" of the settings dialog box, the server system provides us with three setting options, if we want the LAN Any ordinary computer in the middle can successfully use the remote desktop connection to remotely control When making a Windows Server 2008 server system, you should select the "Allow computer to run any version of remote desktop connection" option. Of course, this option is easy to cause trouble for the security of the Windows Server 2008 server system.

In order to allow us to remotely control the server using the remote desktop feature safely, Windows Server 2008 has introduced the "Allow only computer connection to run remote desktop with network level authentication" option, we only need Select the control option, and then click the "OK" button to save the settings. In the future, Windows Server 2008 will automatically force a network-level authentication operation for any remote desktop connection user. In this case, the illegal user will naturally It is not easy to illegally attack the Windows Server 2008 server system through the remote desktop connection function.

Only a specific user can use remote desktop

If the remote desktop function of the Windows Server 2008 server system is enabled, a backdoor will be opened in the local server, and authorized users can come in. Users without permissions can also come in, so the security of the operation of the local server system is naturally vulnerable. In fact, we can make appropriate settings for the remote desktop function of the Windows Server 2008 server system, so that specific users with remote management needs can come in from the back door of the remote desktop, and no other user is allowed to enter and exit freely, in that case Windows Server The possibility of illegal attacks on the server system in 2008 will be greatly reduced; to allow specific users to use the remote desktop function, we can set up the Windows Server 2008 server system as follows:

First open the Windows Server 2008 server The system's "Start" menu, from which you select "Programs", "Administrative Tools", "Server Manager" options, enter the server manager console window of the local server system (more computer learning, computer basics


, please go to http://www.pc6c.com computer knowledge network);

Second click the "Configure Remote Desktop" link option in the right area of ​​the Server Manager console window to open the server System Remote Desktop Function Settings dialog box, click "Select" in the dialog box User button, the setup window will appear on the system screen;

Select the existing user accounts in the settings window and click the "Delete" button; then click the "Add" button In the user account browsing dialog box that appears later, find a specific user account with remote management requirements, and add the account selection, and then click the "OK" button to exit the setting operation, so that any ordinary user in the future You can't use the Remote Desktop feature to remotely manage a Windows Server 2008 server system, and only the specific users set up here have access to the target server system through a remote desktop connection.

Disabling administrator to use remote desktop

By default, Windows Server 2008 server system allows administrator account to use remote desktop function, in order to prevent illegal attackers from trying to use this user account to attack local server System, we can follow the following operation to prohibit the administrator account from accessing the Windows Server 2008 server system through the remote desktop connection:

Because the administrator account cannot be deleted directly from the server system, we can use the most extreme method for this purpose. That is, the administrator account is forcibly disabled; the easiest way to disable the user account is to first click the "Start" /"Programs" /"Accessories" option in the server system desktop, select "Command Prompt" from the drop-down menu. Command, and right-click the command option, and then execute the "Run as administrator" command in the right-click menu to open the MS-DOS working window of the Windows Server 2008 system and execute the string command in the command line of the window. Net user administrator /active:no" is fine.

However, the above method often affects the network administrator to properly manage the server system. For this reason, we can also prohibit the administrator from using the Windows Server 2008 system remote desktop connection by renaming the administrator account:

First log in as the super user to enter the Windows Server 2008 server system, click the "Start" /"Run" command in the system desktop, and in the pop-up system running dialog box, enter the string command "gpedit" .msc", click the "OK" button to open the Group Policy Editing Console window of the local server system;

Secondly, in the left list area of ​​the console window, position the mouse in "Computer Configuration" On the branch option, expand Windows Settings /Security Settings /Local Policies /Security Options from the bottom of the branch. In the right area of ​​the corresponding Security Options, double-click Account: Rename. System Administrator "Target Group Policy option, open the option settings window, in which we can change the name of the administrator to its The name of the account that others are not easy to guess, and finally click the "OK" button to make the settings take effect.

Of course, we can also disable the administrator's use of the remote desktop function by canceling the terminal login permission of the administrator account. When canceling the terminal login permission of the administrator account, we can first press the previous operation. Open the Group Policy Editing Console window of the server system, position the mouse on the Computer Configuration branch option in the left area of ​​the Group Policy Editing Console window, and then expand Windows Settings /Security Settings from the bottom of the branch. /"Local Policy" /"User Rights Assignment" sub-item, in the right-side display area corresponding to the "User Rights Assignment" sub-item, double-click the target group policy option "Allow login by terminal service", in the window that pops up later The administrators account is deleted. In this way, when an illegal user tries to remotely connect to the Windows Server using the administrator account, an alert message indicating that the login is denied will occur.

Copyright © Windows knowledge All Rights Reserved