Setting up Security Server for Win Server 2003

If you have ever configured Windows NT Server or Windows 2000 Server, you may find that these Microsoft products are not the safest by default. Although Microsoft provides a lot of security mechanisms, you still need to implement them. However, when Microsoft released Windows Server 2003, it changed the previous philosophy. The new idea is that the server should be secure by default. This is indeed a good idea, but Microsoft has not implemented it thoroughly enough. Although the default Windows 2003 installation is definitely much safer than the Windows NT or Windows 2000 installation, there are still some shortcomings. Let me teach you how to make Windows Server 2003 more secure. Step 1: Modify the administrator account and create the trap account: Modify the built-in user account For many years, Microsoft has been emphasizing that it is best to rename the Administrator account and disable the Guest account for greater security. In Windows Server 2003, the Guest account is disabled by default, but it is still necessary to rename the Administrator account, because hackers often start attacking from the Administrator account. To do this, open the “Local Security Settings” dialog box, expand ““Local Policies"→“Security Options", in the right pane, there is an “Account: Rename System Administrator Account”. The strategy, double-click to open it, reset the Administrator to a plain user name, of course, please do not use the name of Admin, change is equal to no change, try to disguise it as a normal user, such as: guestone. Then create a trap account named "Administrator", "Restricted User", set its permissions to the lowest, and do nothing, and add a super complex password of more than 10 digits. This will keep those Scripts s busy for a while, and you can use them to discover their intrusion attempts. Or do something on top of its login scripts. The second step is to remove the danger of the default share. After Windows2003 is installed, the system will create some hidden shares. You can view them by typing net share under cmd. There are a lot of articles about IPC intrusion on the Internet, I believe everyone must be familiar with it. So we want to disable or delete these shares to ensure security by first writing a batch file like this: @echo off net share C$ /del net share D$ /del net share E$ /del net share F$ /Del net share admin$ /del The above batch content can be modified according to your needs. Save it as delshare.bat and place it in the system32\\GroupPolicy\\User\\Scripts\\logon directory under the system folder. Then enter gpedit.msc in the Start menu → Run, press Enter to open the Group Policy Editor. Click User Configuration & Rarr; Window Settings & Rarr; Script (Login/Logout) & Rarr; Login, click “Add” in the “Login Properties” window that appears, the “Add Script” dialog box will appear. In the "Script Name" column of the window, enter delshare.bat (Figure 1), and then click the "OK" button. This allows the system to be booted by the Group Policy Editor to execute the script to delete the system's default share.