Windows Server 2008 systems, we can easily build your own servers on the LAN to allow random access to regular workstations with other systems installed. Although the security performance of Windows Server 2008 system is much higher than that of other systems, in the LAN environment, Windows Server 2008 still has the possibility of being illegally accessed by other LAN workstations. To this end, we can take some measures in time to cleverly hide the Windows Server 2008 system to avoid the leakage of private information in the server system.
1. Turn off network discovery function
In the same working subnet, other workstation users can easily find Windows in LAN through the “My Network Neighborhood” function. Server 2008 server host, so that illegal users can take the opportunity to peek at the various private information in the server. In order to prevent the Windows Server 2008 server host from being searched by other workstations' "My Network Places" function, we can temporarily disable the network discovery function that comes with the server system. In this case, the Windows Server 2008 server host "Shadow" It won't appear in the "My Network Places" window of other workstations, so the possibility of illegal access to the server host is greatly reduced; now, let's take a look at how to turn off the network discovery function of the server system:
First log in to the Windows Server 2008 server system with super administrator privileges, right-click on the "Network" icon in the desktop of the system, and execute the "Properties" command in the shortcut menu. Go to the Network and Sharing Center window of the local server system, here we will see a lot of parameter settings related to shared access;
In order to prevent your own Windows Server 2008 server host from appearing on other workstations In the neighborhood, we can share and send in the window ” Under the list, find the "Network Discovery" setting item, and click the drop-down button next to the setting item with the mouse to open the setting page shown in Figure 1. Here, we will see that the server system will be in the default state. Automatically turn off network discovery. If we find that this feature has been enabled, we only need to re-check the "Close Network Discovery" option, click the "Apply" button, and finally restart the server system. Other workstations on the LAN will not be able to find the Windows Server 2008 server host from their My Network Places window, so that server system security can be effectively guaranteed.
Figure 1
Someone may ask, if the network discovery function of the server system is turned off, the network administrator cannot find other ordinary workstations in the LAN through the online neighbor window in the server system. So, how can we avoid this shortcoming? To avoid this shortcoming, we can first re-check the "Network Discovery" setting in the Network and Sharing Center list window of the server system. Enable the Network Discovery project to enable the network discovery feature, which will ensure that the server system can see other workstations on the LAN through the Network Neighborhood window, but other workstations can also see the server system through the Network Neighborhood window. At this time, we also need to modify the relevant key values of the registry in the server system to prevent the ordinary workstation from searching the server host through the network neighbor window. The following is the specific modification steps:
First open The server system's "Start" menu, from which you select "Run" & rdquo; In the pop-up system running dialog box, enter the string command <;regedit”, click the Enter key to enter the registry editing window of the server system;
Secondly displayed on the left side of the editing window In the pane, locate the mouse on the registry branch option KEY_LOCAL_MACHINE, and then select the “SYSTEMCurrentControlSetServiceslanmanserverparameters” subkey under the branch option, and recreate a double in the right pane of the corresponding "parameters" Byte key value “hidden”, and set the value of the key value to "1", and finally restart the server system, so that we can find that although the server system has opened the network discovery function, but the local area network Other workstations in the network do not see the server host through the Network Neighborhood window, but the server host can see other workstations on the LAN.
2, the public folder is closed
In the LAN working environment, when other workstations access the Windows Server 2008 server host, the network administrator does not set the shared folder in the server system, other Users can still see the “public” folder through the online neighbor window. This is because the Windows Server 2008 server system will automatically set the “public” folder to a shared folder by default. Some illegal users can still illegally attack the server system through this sharing "channel", or peek at the private information in the server system. In order to avoid the security threat of the server system, we just need to close the public folder function automatically enabled by the server system as follows:
First log in to the Windows Server 2008 server system with super administrator privileges. Right-click the “Network” icon in the system desktop and execute the “Properties” command in the shortcut menu to enter the network and sharing center management window of the local server system;
Figure 2
Second from the Network and Sharing Center management window to find the "Network Discovery" setting item, and click the drop-down button next to the setting item to open the setting page shown in Figure 2; from this page In the description, we saw that once the public folder function is enabled, other users on the LAN can easily see the “public” folder in the server system; at this time, we can select “disable sharing”. ;options, then click the “apply” button next to the option to turn off the public folder feature on the server system A.
In addition to the public folder, other users on the LAN can access the hidden shared folders in the server system by default. These hidden shared folders are often used by illegal attackers, which may result in A security threat to the server. In order to prevent this threat from happening, we also need to use commands such as "net share C$ /del” to delete all hidden shared folders on the server system. However, after restarting the server system, these hidden shared folders are automatically generated; for this, we can write the command code such as "net share C$ /del" to the batch file, and then open In the group policy editing window of the server system, find the "user configuration"/“Windows settings">;script” branch option, in the right pane of the corresponding "script" branch option, double click “ Add the & rdquo; option, then the previously generated batch file is selected to import, and finally restart the server system, so that the hidden shared folder in the server system will be automatically deleted after the system is successfully booted.
First right click on the computer name, pop-up shortcut menu, as shown in Figure 1, including "
Nowadays, more and more enterprises will classify AD accounts. For example, if the business
This situation occurs on systems that use iis7, because iis7 limits the upload file size and
It took two years of Windows Server 2008. In the past few days, I have always had a small pr
Windows server 2008 security technology detailed
Win2008 builds PXE and WDS and switches
Explain the encryption in SQL Server
AD account password modification function through IIS in Windows Server 2012 R2
Windows Server 2003 VPN (Virtual Private Network) (4)
Protecting against Windows Server 2008 security threats
Personal webmaster's win2003 server configuration and security
Not the same WIN2003 server security configuration skills
Windows 2003 server can not play Flv file solution
Windows 2008 shared file error: can not find the network path to solve
How to open Windows console under Win10 system is abbreviated as MMC
Win10 drags the window to the edge of the desktop and always scales automatically. How to close?
No need for third-party software to easily crack win2003 terminal service license
How to open Win7 notebook camera? How to open the camera with Win7 notebook
How to set up a wireless temporary network in Win7 system
Windows XP practical tips: automatically change the address bar font
Teach you how to manually create a Windows 8 start menu?
Does Win8 still need virtual memory?
Save time and increase productivity. Deploy the workstation with RIS service (2)
Win7 boot prompt can not connect to the System notification service how to do