Do you really understand the Win2003 system?

If you are an old user of Win2003 system, you may say that you have a very good understanding of the system, but some operations on this system, you may know very well, but for the content of the system, perhaps Not completely aware of it. Today, we will give a comprehensive explanation of the system, and come together to understand our old friend.

Windows Server 2003 Secure Free Memory

Freeing memory is a problem we often encounter, so how to release it effectively? In fact, if you install Windows 2003, you don't need to seek Third-party memory management software that requires registration for long-term use. Because Windows 2003 comes with a small program called Empty.exe, it can be used to release some of the resources that some applications can't release in time when they use a lot of memory.

Unlike those third-party software memory management software, Empty.exe does not force the system to release all resources, but only releases the necessary resources, so that it does not burden the hard disk.

The use of Empty.exe is quite simple, the command format is as follows:

Empty.exe pid (pid refers to the product id of the process)

or Empty.exe task- Name (task-name refers to the name of the process)

Finally, it should be noted that Empty.exe can only be used in Windows Server 2003, and Windows 2000/XP is not used.

Windows Server 2003 Security Event ID Analysis

Based on the ID below, it helps us quickly identify security events generated by the Microsoft® Windows Server 2003 operating system, which means what happened.

I. Account Login Event

The following shows the security events generated by the “Auditing Account Login Event&Security; security template settings.

672: The authentication service (AS) ticket has been successfully issued and verified.

673: The Authorized Ticket Service (TGS) ticket is authorized. TGS is a ticket issued by the Kerberos v5 Ticket Authorization Service (TGS) that allows users to authenticate specific services in the domain.

674: The security principal has updated the AS ticket or TGS ticket.

675: Pre-authentication failed. The Key Distribution Center (KDC) generates this event when the user types the wrong password.

676: The authentication ticket request failed. This event is not generated in members of the Windows XP Professional or Windows Server family.

677: The TGS ticket is not authorized. This event is not generated in members of the Windows XP Professional or Windows Server family.

678: The account has been successfully mapped to a domain account.

681: Login failed. Try a domain account login. This event is not generated in members of the Windows XP Professional or Windows Server family.

682: The user has reconnected to a disconnected terminal server session.

683: The user disconnects the terminal server session without logging out.

Second, Account Management Events

The following shows the security events generated by the "Audit Account Management" security template settings.

624: User account has been created.

627: User password has been changed.

628: The user password has been set.

630: User account has been deleted.

631: The global group has been created.

632: Members have been added to the global group.

633: The member has been removed from the global group.

634: The global group has been deleted.

635: A new local group has been created.

636: Members have been added to the local group.

637: The member has been removed from the local group.

638: The local group has been deleted.

639: The local group account has been changed.

641: The global group account has been changed.

642: User account has been changed.

643: The domain policy has been modified.

644: User accounts are automatically locked.

645: The computer account has been created.

646: The computer account has been changed.

647: The computer account has been deleted.

648: Disabled security local security group has been created.

Note:

From the official name, SECURITY_DISABLED means that the group cannot be used to authorize access checks.

649: Disabled security local security groups have changed.

650: Members have been added to a security-free local security group.

651: Members have been removed from the security-secured local security group.

652: Disabled security local groups have been removed.

653: Disabled security global group has been created.

654: Disabled security global groups have changed.

655: Members have been added to a global group with security disabled.

656: The member has been removed from the global group with security disabled.

657: Disabled security global groups have been removed.

658: A universal group with security enabled has been created.

659: The universal group with security enabled has changed.

660: Members have been added to the security-enabled universal group.

661: Members have been removed from the security-enabled universal group.

662: The universal group with security enabled has been removed.

663: Disabled security universal group has been created.

664: Disabled security universal groups have changed.

665: Members have been added to the universal group with security disabled.

666: Members have been removed from the universal group with security disabled.

667: The disabled universal group has been removed.

668: The group type has changed.

684: The security descriptor for the management group member has been set.

Tips:

On a domain controller, every 60 minutes, the background thread searches all members of the management group (such as domain, enterprise, and schema administrators) and Apply a fixed security descriptor. The event has been logged.

685: The account name has been changed.

The above data and content explanation, do you feel dazzled and think how esoteric Win2003 is? In fact, Win2003 system is a system with profound connotation, we need to deeply understand it.