This article introduces the "seven strokes" for how to prevent illegal user intrusion against Windows 2000 and Windows XP operating systems through a seven-step setup. The first trick: screen saver
After the screen saver is enabled in Windows, as long as we leave the computer (or do not operate the computer) for the preset time, the system will automatically start the screen saver, and when the user moves the mouse Or when you hit the keyboard and want to return to normal working status, the system will open a password confirmation box. Only after entering the correct password can the system be returned to the system. Users who do not know the password will not be able to enter the working state, thus protecting the data security. Hint: Some screen savers with imperfect design do not have the "Ctrl+Alt+Del" combination of the system, so you need to test if the program has this major bug after the setup is complete. However, the screen saver can only be started automatically after the user leaves for 1 minute. Do we have to sit at the computer and wait for N minutes to see the screen saver activation before we can leave? In fact, we only need to open the system subdirectory in the Windows installation directory. , then find the corresponding screen saver (extension is SCR), hold down the right mouse button and drag them to the desktop, select the "Create shortcuts at current location" command in the pop-up menu, create these screen savers on the desktop A shortcut. After that, we can quickly launch the screen saver by double-clicking this shortcut when leaving the computer. The second trick: cleverly hide the hard disk in the "press the Web page" view mode, when entering the Windows directory, a warning message will pop up, telling you that this is the system folder. "Modifying the contents of this folder may cause the program to run abnormally. To view the contents of the folder, click Show File. Then click "Show File" to enter the directory. The reason is that there are two files, desktop.ini and folder.htt, in the root directory of Windows. Copy these two files to the root directory of a drive (since these two files are hidden files, you must click the "View" tab in the folder options and select "Show all files", so you can see this Two files)). Press the "F5" button again to refresh it and see what happened, and it is the same as when you enter the Windows directory. Next, we use "Notepad" to open folder.htt, which is a file written in Html language, and use your imagination to modify it. If you don't understand the Html language, don't worry, first find the "display file" to delete it, find "Modify the folder may cause the program to run abnormally, to view the contents of the folder, please click the display file", will It is changed to the text that you like, such as "safe and heavy, free people, etc. please leave." Change "To view the contents of this folder, click" to "Otherwise, at your own risk!", then drag the slider down to the 9th line of the countdown and find "(file://%TEMPLATEDIR%wvlogo.gif )" This is the path of the gear picture in the lower right corner of the window when the warning message is displayed. Change the path to your own picture. For example, replace the content after "//" with "d: upian upian1.jpg". Remember that the picture must be placed here. The suffix name is played, otherwise the picture will not be displayed. Of course, you can also use web tools like Dreamweaver and FrontPage to make better effects. Then just copy the original file to the back of the following text and overwrite the content between the "~" in the original file. . *This file was automatically generated by Microsoft Internet EXPlorer 5.0 *using the file %THISDIRPATH% older.htt. Save and exit, press "F5" to refresh, is it very personal? The next thing to do is to use "Super Rabbit" "Hide the drive you want, you can enjoy your work without rebooting." Finally, telling everyone that the trick is even more absolute is to simply delete the contents of the "~" in the original folder.htt file, which will create an illusion that this is an empty drive for the person who opens your drive. The files are more secure. The third trick: disable the "Start" menu command In Windows 2000/XP, the group policy function is integrated. Through group policy, various software, computer and user policies can be set to enhance the security of the system in some aspects. Run the "Start → Run" command, enter "gpedit.msc" in the "Open" field of the "Run" dialog box, and then click the "OK" button to start the Windows XP Group Policy Editor. In the Local Computer Policy, expand the User Configuration→Administrative Templates→Taskbar and Start Menu branches step by step, and provide the relevant policies for the Taskbar and Start Menu in the right window. When the Start menu command is disabled, in the right window, you can remove the utility group, the My Documents icon, the Document menu, and the Network Neighborhood icon in the Start menu. When cleaning up the "Start" menu, you can enable the policy corresponding to the menu item you don't need. For example, to delete the "My Documents" icon, the specific steps are as follows: 1) Double-click the mouse in the policy list window. Remove the My Documents Icon option from the Start menu. 2) In the "Settings" tab of the pop-up window, select the "Enabled" radio button and click "OK". The fourth trick: disable desktop-related options Windows XP desktops are just like your desk, sometimes need to be organized and cleaned. With the Group Policy Editor, this work will be a breeze, as long as you expand the "User Configuration → Administrative Templates → Desktop" branch in the "Local Computer Policy", you can display the corresponding policy options in the right window. 1) Hiding the system icon of the desktop If the system icon on the desktop is hidden, the traditional method is implemented by modifying the registry, which is bound to cause certain risks. The group policy editor can be used to quickly and easily achieve this. purpose. To hide the "My Network Places" and "Internet EXPlorer" icons on your desktop, just enable the "Hide My Network Places icon on desktop" and "Hide Internet Explorer icons on the desktop" policy option in the right window. If you hide all the icons on your desktop, just enable "Hide and disable all items on your desktop". The "My Computer" and "My Documents" icons will disappear from your desktop when the "Delete My Documents Icon on Desktop" and "Delete My Computer Icons on Desktop" options are enabled. . If you no longer like the "Recycle Bin" icon on your desktop, you can also delete it by enabling the "Remove Recycle Bin from Desktop" policy item. 2) Prohibit some changes to the desktop
If you do not want others to change the settings of your computer desktop at will, please enable the "Do not save settings when exiting" policy option in the right window. When you enable this setting, other users can make some changes to the desktop, but some changes, such as the location of the icon and open window, the location and size of the taskbar, cannot be saved after the user logs out. The fifth trick: prohibit access to the "Control Panel" If you do not want other users to access the computer's control panel, you just run the Group Policy Editor and expand "Local Computer Policy → User Configuration → Administrative Templates → Control Panel in the left window "Branch, then enable the "Access Control Panel" policy in the right window. This setting prevents the launch of the Control Panel program files, with the result that others will not be able to launch the Control Panel or run any Control Panel items. In addition, this setting removes the Control Panel from the Start menu, and this setting also removes the Control Panel folder from Windows Explorer. Hint: If you want to select a "Control Panel" item from the properties menu of the context menu, a message will appear stating that this setting prevents this operation. Sixth trick: setting user permissions
When multiple users share a computer, set user permissions in Windows XP, you can follow these steps: 1) Run the Group Policy Editor program. 2) Expand the "Computer Configuration → Windows Settings → Security Settings → Local Policies → User Rights Assignment" branch in the left window of the editor window. 3) Double-click the user right that needs to be changed, click the “Add User or Group” button, then double-click the user account you want to assign to the permission, and finally click the “OK” button to exit. Seventh trick: folder setup auditing Windows XP can use audit trails to access user accounts, login attempts, system shutdowns or reboots, and similar events for accessing files or other objects, while audit files and folders under the NTFS partition are guaranteed. File and folder security. To set up auditing for files and folders, follow these steps: 1) In the Group Policy window, expand the "Computer Configuration → Windows Settings → Security Settings → Local Policies" branch in the right window and then select "Audit" under the branch. Policy option. 2) Double-click the "Audit Object Access" option with the mouse in the right window. 3) Right-click on the file or folder you want to review, select the "Properties" command in the pop-up menu, and then select the "Security" tab in the pop-up window. 4) Click the "Advanced" button and select the "Audit" tab. 5) Choose your action according to the specific situation: If you set up a review for a new group or user, you can click the "Add" button, type a new user name in the "Name" box, and then click the "OK" button to open the "Audit" Project dialog. To view or change an existing group or user review, select the username and click the View/Edit button. To delete an existing group or user review, select the username and click the "Delete" button. 6) If necessary, select the location you wish to review in the "Apply to" list in the "Audit Project" dialog. 7) If you want to prevent files and subfolders in the directory tree from inheriting these audit items, select the "Apply these audit items only to objects and/or containers within this container" checkbox. Note: A user who is a member of the Administrators group or who is authorized to have the Manage Auditing and Security Logs permission in Group Policy can audit files or folders. Before Windows XP audits files and folders, you must enable Audit Object Access for the Audit Policy in Group Policy. Otherwise, when you set the file and folder audit, an error message will be returned, and the files and folders are not reviewed.