Prevent problems before they happen. Easy to do Windows 2000 security policy

  

Introduce some commonly used setting methods to set the security policy for Windows 2000 system to play a role in security.

I. Security Policy

The Windows 2000 system itself has a lot of security holes, which is well known. Patching can reduce most of the vulnerabilities, but it can't eliminate some small vulnerabilities, which are often important ways to be attacked or invaded. The "local security policy" that comes with Windows 2000 is a very good system security management tool. This tool can be said that the system's defense tools often have some necessary settings to prevent them. Don't underestimate this tool. Here are some common setup methods for you to set the security policy for the system to play a role in security.

Second, the specific operation

Figure 1

The system's "Local Security Policy" tool is, click "Start → Control Panel → Administrative Tools → Local Security Policy After that, you will enter the main interface of the "Local Security Policy". Here you can set various security policies through the commands on the menu bar, and you can select the viewing mode, export list and import policy.

1. Security log settings: Because the security log is an important means of recording a system, you can view some operating status of the system through the log, and the default installation of Windows 2000 does not open any security audit, so you need Open the appropriate audit in the Local Security Policy→Audit Policy. Click "Start → Control Panel → Administrative Tools → Local Security Policy → Local Policies → Audit Policy on the left", see the "Audit Policy Change" in the right column... and other 9 items, we double click each item, then " Choose from the box for success and failure.

2. Account Security Settings: The default installation of Windows 2000 allows any user to get all the accounts and shared lists of the system through empty users, causing some passwords to leak easily and attack the computer, so the following security settings must be used. Click Start→Control Panel→Administrative Tools→Local Security Policy→Local Policies→Account Policies. You can see two items in the right column: “Password Policy, Account Lockout Policy”.

Set in the password policy: Enable "Password must meet the complexity requirements", "Password length minimum" is 6 characters, "Force password history" is 5 times, "Password maximum retention period" is 30 days.

Set in the account lockout policy: After resetting the account lockout counter for 30 minutes, the account lockout time is 30 minutes and the account lockout value is 30 minutes.

3. Security Options Settings: Click "Start → Control Panel → Administrative Tools → Local Security Policy → Local Policies → Security Options" and find the right column "Additional restrictions on anonymous connections". Double-click on the effective policy settings and select "Do not allow enumeration of SAM accounts and shares" (as shown). This value is generally selected because this value allows only non-NULL users to access SAM account information and shared information.

Figure 2

After this setting, your system is much safer, especially the security of the account and the security of the password, effectively preventing some illegal intrusions. Not only can you monitor the logs to monitor important aspects of the system's operations. I also have a clear grasp of the login of the account.

Copyright © Windows knowledge All Rights Reserved