This article introduces the "seven strokes" for how to prevent illegal user intrusion against Windows 2000 and Windows XP operating systems through a seven-step setup. The first trick: screen saver After the screen saver is enabled in Windows, as long as we leave the computer (or do not operate the computer) for a preset time, the system will automatically start the screen saver, and when the user moves the mouse or tap When the keyboard wants to return to normal working state, the system will open a password confirmation box. Only after entering the correct password can the system be returned to the system. Users who do not know the password will not be able to enter the working state, thus protecting the data security. Hint: Some screen savers with imperfect design do not have the "Ctrl+Alt+Del" combination of the system, so you need to test if the program has this major bug after the setup is complete. However, the screen saver can only be started automatically after the user leaves for 1 minute. Do we have to sit at the computer and wait for N minutes to see the screen saver activated before leaving? In fact, we just open the system subdirectory in the Windows installation directory, and then find the corresponding screen saver (extension is SCR), hold down the right mouse button and drag them to the desktop, select "Create shortcuts in the current location in the pop-up menu. "Command, create a shortcut for these screen savers on the desktop. After that, we can quickly launch the screen saver by double-clicking this shortcut when leaving the computer. The second trick: cleverly hide the hard disk
In the "press Web page" view mode, a warning message will pop up when you enter the Windows directory, telling you that this is the system folder. "Modifying the contents of this folder may cause the program to run. Normally, to view the contents of the folder, click Show File. Then click "Show File" to enter the directory. The reason is that there are two files, desktop.ini and folder.htt, in the root directory of Windows. Copy these two files to the root directory of a drive (since these two files are hidden files, you must click the "View" tab in the folder options and select "Show all files", so you can see this Two files)). Press the "F5" button again to refresh it and see what happened, and it is the same as when you enter the Windows directory. Next, we use "Notepad" to open folder.htt, which is a file written in Html language, and use your imagination to modify it. If you don't understand the Html language, don't worry, first find the "display file" to delete it, find "Modify the folder may cause the program to run abnormally, to view the contents of the folder, please click the display file", will It is changed to the text that you like, such as "safe and heavy, free people, etc. please leave." Change "To view the contents of this folder, click" to "Otherwise, at your own risk!", then drag the slider down to the 9th line of the countdown and find "(file://%TEMPLATEDIR%\\wvlogo. Gif)" This is the path of the gear picture in the lower right corner of the window when the warning message is displayed, and change it to the path of your own picture. For example, replace the content after "//" with "d:\\tupian\\tupian1.jpg", remember here The suffix name of the image must be printed, otherwise the image will not be displayed. Of course, you can also use web tools like Dreamweaver and FrontPage to make better effects. Then just copy the original file to the back of the following text and overwrite the content between the "~" in the original file. . *This file was automatically generated by Microsoft Internet EXPlorer 5.0 *using the file %THISDIRPATH%\\folder.htt. Save and exit, press "F5" to refresh it, is it very personalized? The next thing to do is to use "super" The rabbit hides the drive you want and can enjoy your work without rebooting. Finally, telling everyone that the trick is even more absolute is to simply delete the contents of the "~" in the original folder.htt file, which will create an illusion that this is an empty drive for the person who opens your drive. The files are more secure. The third trick: disable the "Start" menu command In Windows 2000/XP, the group policy function is integrated. Through group policy, various software, computer and user policies can be set to enhance the security of the system in some aspects. Run the "Start → Run" command, enter "gpedit.msc" in the "Open" field of the "Run" dialog box, and then click the "OK" button to start the Windows XP Group Policy Editor. In the Local Computer Policy, expand the User Configuration→Administrative Templates→Taskbar and Start Menu branches step by step, and provide the relevant policies for the Taskbar and Start Menu in the right window. When the Start menu command is disabled, in the right window, you can remove the utility group, the My Documents icon, the Document menu, and the Network Neighborhood icon in the Start menu. When cleaning up the "Start" menu, you can enable the policy corresponding to the menu item you don't need. For example, to delete the "My Documents" icon, the specific steps are as follows: 1) Double-click the mouse in the policy list window. Remove the My Documents Icon option from the Start menu. 2) In the "Settings" tab of the pop-up window, select the "Enabled" radio button and click "OK". The fourth trick: disable desktop-related options Windows XP desktops are just like your desk, sometimes need to be organized and cleaned. With the Group Policy Editor, this work will be a breeze, as long as you expand the "User Configuration → Administrative Templates → Desktop" branch in the "Local Computer Policy", you can display the corresponding policy options in the right window. 1) Hiding the system icon of the desktop If the system icon on the desktop is hidden, the traditional method is implemented by modifying the registry, which is bound to cause certain risks. The group policy editor can be used to quickly and easily achieve this. purpose. To hide the "My Network Places" and "Internet EXPlorer" icons on your desktop, just enable the "Hide My Network Places icon on desktop" and "Hide Internet Explorer icons on the desktop" policy option in the right window. If you hide all the icons on your desktop, just enable "Hide and disable all items on your desktop". The "My Computer" and "My Documents" icons will disappear from your desktop when the "Delete My Documents Icon on Desktop" and "Delete My Computer Icons on Desktop" options are enabled. . If you no longer like the "Recycle Bin" icon on your desktop, you can also delete it by enabling the "Remove Recycle Bin from Desktop" policy item. 2) Prohibit some changes to the desktop If you don't want others to change the settings of your computer's desktop at will, please enable the "Do not save settings when exiting" policy option in the right window. When you enable this setting, other users can make some changes to the desktop, but some changes, such as the location of the icon and open window, the location and size of the taskbar, cannot be saved after the user logs out. The fifth trick: prohibit access to the "Control Panel" If you do not want other users to access the computer's control panel, you just run the Group Policy Editor and expand "Local Computer Policy → User Configuration → Administrative Templates → Control Panel in the left window "Branch, then enable the "Access Control Panel" policy in the right window. This setting prevents the launch of the Control Panel program files, with the result that others will not be able to launch the Control Panel or run any Control Panel items. In addition, this setting removes the Control Panel from the Start menu, and this setting also removes the Control Panel folder from Windows Explorer. Hint: If you want to select a "Control Panel" item from the properties menu of the context menu, a message will appear stating that this setting prevents this operation. Sixth trick: setting user permissions When multiple users share a computer, set user permissions in Windows XP, you can follow these steps: 1) Run the Group Policy Editor program. 2) Expand the "Computer Configuration → Windows Settings → Security Settings → Local Policies → User Rights Assignment" branch in the left window of the editor window. 3) Double-click the user right that needs to be changed, click the “Add User or Group” button, then double-click the user account you want to assign to the permission, and finally click the “OK” button to exit. Seventh trick: folder settings audit
Windows XP can use audit trails to access files or other objects for user accounts, login attempts, system shutdowns or restarts, and similar events, while auditing files and files under NTFS partitions Folders ensure the security of files and folders. To set up auditing for files and folders, follow these steps: 1) In the Group Policy window, expand the "Computer Configuration → Windows Settings → Security Settings → Local Policies" branch in the right window and then select "Audit" under the branch. Policy option. 2) Double-click the "Audit Object Access" option in the right window, and tick the "Success" and "Fail" check boxes in the "Local Policy Settings" box in the pop-up "Local Security Policy Settings" window. Select the tag and click the "OK" button. 3) Right-click on the file or folder you want to review, select the "Properties" command in the pop-up menu, and then select the "Security" tab in the pop-up window. 4) Click the "Advanced" button and select the "Audit" tab. 5) Choose your action according to the specific situation: If you set up a review for a new group or user, you can click the "Add" button, type a new user name in the "Name" box, and then click the "OK" button to open the "Audit" Project dialog. To view or change an existing group or user review, select the username and click the View/Edit button. To delete an existing group or user review, select the username and click the "Delete" button. 6) If necessary, select the location you wish to review in the "Apply to" list in the "Audit Project" dialog. 7) If you want to prevent files and subfolders in the directory tree from inheriting these audit items, select the "Apply these audit items only to objects and/or containers within this container" checkbox. Note: A user who is a member of the Administrators group or who is authorized to have the Manage Auditing and Security Logs permission in Group Policy can audit files or folders. Before Windows XP audits files and folders, you must enable Audit Object Access for the Audit Policy in Group Policy. Otherwise, when you set up the file and folder audit, an error message will be returned, and the files and folders will not be reviewed.