Compared with the traditional operating system, the security protection function of Win2008 system is more powerful, and the security protection capability is naturally superior. We can achieve higher level by simply using the new security protection functions of the system. Security protection purposes. Now, this article will contribute to you the application skills of the new security features of Win2008 system. I believe that the following content will definitely help you get help!
1. Network access protection function controls secure connection
If a computer on a LAN is infected with a virus, there is a danger that all computers will be "infected" by the entire LAN. In order to control the access security of ordinary computers in the LAN, we can use the unique network access protection function of Win2008 system to prohibit computers with security threats from freely accessing the LAN network. The following is the specific implementation steps:
First install the network access protection function; open the Win2008 system's "Start" menu, select the "Programs" /"Administrative Tools" /"Server Manager" command, click from the left side of the Server Manager window that appears after "Role" node option, and click the "Add Role" function in the right display area of the corresponding node, open the role add wizard window, select the "Network Policy and Access Service" item as prompted, and then click the "Install" button. Then follow the wizard default settings to complete the installation task of the network access protection function;
Secondly create a health security standard; in this operation, we can first click the "Server Manager" button in the system task bar. Select "role" one by one from the left area of the pop-up Server Manager window. Network Policy and Access Service, NPS, Network Access Protection, System Health Validator node options, click the Properties button in the right area of the target option to open the Security and Health Validation dialog box, click "Configuration" button, select the general "antivirus application is enabled", "already enabled firewall for all network connections", "antivirus program is the latest" and other health and safety standards (as shown in Figure 1), after Any computer that needs to be connected to the LAN must meet the above health standards, and the Win2008 system will consider it a healthy and secure computer;
Figure 1
Create a security verification policy; when creating a healthy security verification policy, we can first locate the "Network Policy Server" node option in the left area of the Server Manager window, and then expand the "Policy" and "From" under the target node. Health Policy branch, click the "New" button under the target branch, and the new "policy name" will be displayed from the pop-up security verification policy dialog box. Set to "health computer", set the "client SHV check" parameter to "client passed all SHV check", select "SHV used in this health policy" parameter as "Windows security health verification program", last single Click the "OK" button to end the healthy security verification policy creation operation; follow the same steps, we can also create an unhealthy security verification policy, but when creating this policy, we must select the "client SHV check" parameter As "the client failed to pass one or more SHV checks", the remaining parameters are the same as above;
Figure 2
Create a new network below Connection strategy; locate the mouse on the Network Policy and Access Service node in the left area of the Server Manager window, and click the NPS, Policy, and Network Policy options from the node. Click the “New” button below the option. At this time, a Create Network Connection Policy Wizard window as shown in Figure 2 will appear on the system screen; here the “policy name” will be displayed. Set the parameter to "Healthy Connection", select the "Network Access Server Type" option as "DHCP Server", click the "Add" button from the back interface, and select "Selection Condition" as the previously created "Health". "Computer" policy, according to the wizard default prompts, select the "granted access rights", "execute computer health check only" setting options, and finally set the "policy settings" parameter to "NAP mandatory full network access", while single Click the "Finish" button to end the network connection policy creation work. Then follow the same steps, we create a "unhealthy connection" network policy, but in doing this, we must select the "select condition" parameter as "unhealthy computer" policy, and set the "policy settings" parameter For the "Access Denied" option, the rest of the parameters are exactly the same as above;
Finally, the DHCP service function needs to be set; considering that the ordinary computer needs to contact the DHCP server in the LAN when accessing the network, we must also Set the appropriate DHCP service parameters to ensure that all computer's Internet connection requests are forwarded to the Win2008 system's network access protection function through DHCP. Click Start /Programs /Administrative Tools /Server Manager /DHCP in the server system desktop to enter the DHCP server console interface, open the properties interface of the target scope, click the In the "Network Access Protection" tab of the interface, select the "Enable this scope" option in the corresponding option settings page, select "Use default network access protection configuration file", and finally click the "OK" button to perform the setting save operation. .
After completing the above setting tasks, we only need to set the ordinary computer to be connected to the LAN network to "automatically obtain the IP address", then the network connection of the computer will be affected by the Win2008 system. The network access protection function is controlled. As a result, network viruses or Trojans cannot be "infected" to other ordinary computers through the LAN network in the future. At this time, the operational security of the entire LAN network can be effectively guaranteed.
Previous 12 3 4 5 Next Read more
We found that there are often computer access company networks that do not meet the companys securit
After AD migrated from Server 2003 to Server 2008, it not only brought about performance improvement
A new server management console is available to simplify the task of installing, managing, and secur
Many friends upgrade their computers to Windows Server 2008 system environment in time. However, I h
Modify the system boot information method of win8 system boot manager
Traffic Monitoring and Restriction in Windows Server 2008
Win2008 wireless network card can not be enabled solution
Windows Server 2008 Tips: Prevent ping method
Window2008 64-bit system has no office component problem analysis and solution
Windows server 2003 and 2008 difference contact and selection guide
How to install Win 2008 32/64 bit on hard disk
Windows2008 vs. Windows Vista Advantage
UEFI/BIOS switching selection in Win8 system, boot mode, Chinese and English comparison graphics
Gene6 FTP can't start solution after cracking on Windows 2008
By means of IIS to build an internal Web-based file sharing platform
Convenient operation and remote management of Windows Server core
What should I do if the QQ expression in the Win7 system is gone?
How to open window transparent function in win7 system
The consequences of installing win7 with the wrong hard disk partitioning tool
Win2003 tips for improving FSO security
How win7 expands virtual memory
How to install Win8.1 Update patch?
Win10 UWP Universal Edition VLC Update: Fix Bug
Notification after setting lock screen under Windows 8
The number of Win10 app store devices has reached the upper limit. How to fix the problem?