& ldquo; Trojans & rdquo; program is currently a more popular virus file, unlike the general virus, it will not self-propagation, and does not "deliberately" to infect other files By providing its own camouflage to attract users to download and execute, it provides the Trojan horse with a portal to open the computer of the cultivator, so that the creator can arbitrarily destroy, steal the files of the cultivator, and even remotely manipulate the computer of the cultivator. Because of the power of this virus, for this reason, there are many articles about anti-trojan virus on the Internet. Today, Xiaobian has compiled some methods for setting up anti-trojan permission under Windows 2003.
First, the system installation
1, according to the Windows2003 installation CD prompts to install, by default 2003 did not install IIS6.0 in the system.
2, IIS6.0 installation
Start menu & mdash; > Control Panel & mdash; > Add or remove programs & mdash; > Add /remove Windows components
Application ———ASP.NET (optional)
|
——Enable Network COM+ Access (Required)
|
——Internet Information Services (IIS)———Internet Information Service Manager (required)
|
——public files (required)
|
——World Wide Web Service———Active Server pages (required)
|
——Internet Data Connector (optional)
|
——WebDAV Publishing (optional)
|
——World Wide Web Service (required)
|
—— include files on the server side (optional)
Then click OK —>Next install. (See Appendix 1 for details.)
3. Update the system patch
Click the Start menu—>All Programs—>Windows Update
Follow the prompts to patch installation.
4, backup system
Use Ghost backup system.
5, install commonly used software
For example: anti-virus software, decompression software, etc.; after installation, configure anti-virus software, scan system vulnerabilities, use Ghost to back up the system again after installation.
6, first open the unneeded port, open the firewall to import the IPSEC policy
In the "network connection", delete the unwanted protocols and services, only the basics are installed here. The Internet Protocol (TCP/IP), with the addition of the QoS Packet Scheduler due to the control of the Bandwidth Traffic Service. In the advanced tcp/ip settings --"NetBIOS"Set "Disable NetBIOS(S)" on tcp/IP. In the advanced options, use "Internet Connection Firewall", which is the firewall that comes with Windows 2003. It does not have the functions in the 2000 system. Although it has no function, it can shield the port, so that it has basically reached an IPSec function.
Modify 3389 Remote Connection Port
Modify Registry.
Start--Run--regedit
Expand HKEY_LOCAL_MACHINE/SYSTEM/CURRENTCONTROLSET/CONTROL/
TERMINAL SERVER/WDS/RDPWD/TDS/TCP
Change the PortNumber in the right key value to the port number you want to use. Note the use of decimal (example 10000)
HKEY_LOCAL_MACHINE /SYSTEM/CURRENTCONTROLSET/CONTROL/TERMINAL SERVER/
WINSTATIONS/RDP-TCP/
Change the PortNumber in the right key value to the port number you want to use. Note the use of decimal (example 10000)< Br>
Note: Don't forget to add 10000 port to WINDOWS2003's own firewall
Modify the server. Restart the server. The settings take effect.
Second, user security settings
1. Disable the Guest account
Disable the Guest account in the computer-managed user. To be on the safe side, it is best to add a complex password to the Guest. You can open Notepad, enter a string of long strings containing special characters, numbers, and letters, and copy it as the password of the Guest user.
2. Restrict unnecessary users
Remove all Duplicate User users, test users, shared users, and more. User Group Policy sets the appropriate permissions, and often checks the users of the system to delete users who are no longer in use. These users are often the breakthrough point for hackers to invade the system. 3, rename the system Administrator account
As we all know, the Windows 2003 Administrator user can not be disabled, which means that others can try this user's password over and over again. Try to disguise it as a normal user, such as Guesycludx.
4, create a trap user
What is a trap user? Create a local user named "Administrator", set its permissions to the lowest, nothing can not do That kind, plus a super complex password of more than 10 digits. This will allow those Hackers to be busy for a while to discover their intrusion attempts.
5, change the permissions of the shared file from the Everyone group to the authorized user
Do not set the user of the shared file to the "Everyone" group at any time, including print sharing, default properties It is the "Everyone" group, you must not forget to change.
6. Open User Policy
Use the user policy to set the reset user lock counter time to 20 minutes, the user lock time to 20 minutes, and the user lock threshold to 3 times. (This item is optional)
7. Do not let the system display the last login user name
By default, the last login user name will be displayed in the login dialog. This makes it easy for others to get some usernames from the system and make password guesses. Modify the registry to prevent the last login user name from appearing in the dialog box. The method is: open the registry editor and find the registry "HKLM\\Software\\ Microsoft\\Windows T\\CurrentVersion\\Winlogon\\Dont-DisplayLastUserName”, change the key value of REG_SZ to 1.
Password Security Settings
1. Use Secure Passwords
When creating an account, some company administrators often use the company name and computer name as the user name, and then put these The user's password is set too simple, such as “welcome” and so on. Therefore, pay attention to the complexity of the password, but also remember to change the password frequently.
2, set the screen saver password
This is a very simple and necessary operation. Setting a screen saver password is also a barrier to prevent internal personnel from damaging the server.
3, open password policy
Note the application of password policy, such as enabling password complexity requirements, set the minimum password length to 6 digits, set the mandatory password history to 5 times, the time is 42 days .
4, consider using a smart card instead of a password
For passwords, security administrators are always in a dilemma, password settings are easy to be attacked by hackers, password settings are complex and easy to forget. Using a smart card instead of a complex password is a good solution if conditions permit. Previous123Next page Total 3 pages
Today, Xiaobian will introduce you how to use the management tools to optimize the
In simple terms, Exchange servers can be used to architect email systems for busine
Windows 2003 as a server system has high requirements, system security and stabilit
In the win2003 system, the most likely use is remote operation, and many users about remote operatio
Three ways to easily cancel the Windows 2003 shutdown prompt
Explain the settings of Win 2003 Remote Desktop
Master responds to win2003 terminal failure measures
How to extract the startup group of win2003 system
Campus Web Server Common Faults Inventory
Explain the Win 2003 Web Management Interface
Into the magic world of win2003 remote desktop
Win2003 accelerates Dafa's inventory
Master's network server security configuration skills
Configuration steps for DFS under Windows 2003
Explain three different remote management methods in win2003
How much do you know about the relevant settings after win2003 installation?
Prompt when installing software under Win8: Filter has blocked startup, unable to install
How to backup Win7 system? Backup system method
ATM cash machine has been allowed to use Windows 8.1 system
Win10 notebook how to see WiFi password
How to set the Win7 quick launch bar to the style of winXP system?
How to use Win8 to run new tasks?
After upgrading Win10, VirtualBox can't be used.
Win10 and win7 dual system boot disk self-test how to do