Home Operation and Maintenance Windows Operation and Maintenance Detailed explanation on win2008 IP security policy to close ports, prohibit ping, modify port 3389, and open designated ports

Detailed explanation on win2008 IP security policy to close ports, prohibit ping, modify port 3389, and open designated ports

May 31, 2017 am 10:31 AM

This article mainly introduces windows server 2008 IPSecurityThe policy closes the port, prohibits ping, modifies the remote connection 3389 port, and opens the specified port. Friends in need can refer to the following

windows server 2008 IP security policy closes the port:

Solve the problem that the Tomcat service cannot be accessed.

Windows has many ports open by default. When you surf the Internet, network viruses and hackers can connect to your computer through these ports. In order to make your system relatively secure, you should block some uncommon ports, mainly including: TCP 135, 139, 445, 593, 1025 ports and UDP ports 135, 137, 138, 445, and some backdoor ports of popular viruses ( Such as TCP 2745, 3127, 6129 ports), and remote service access port 3389.

Now briefly introduce the steps to close some ports of Windows Server2008:

1. Click Control Panel-Administrative Tools", double-click to open "Local Policy", select "IP Security Policy, on the local computer "Right-click the blank space on the right, a shortcut menu will pop up, select "Create IP Security Policy", and a wizard will pop up. Click Next in the wizard. When the "Secure Communication Request" screen is displayed, click the button to the left of "Activate Default Corresponding Rules" Leave it blank by default, and click "Finish" to create a new IP security policy

2. Right-click the new IP security policy you just created in the "Properties" dialog box. , remove the check mark on the left side of "Use Add Wizard", and then click the "Add" button on the right side to add a new rule. Then the "New Rule Properties" dialog box will pop up. Click the "Add" button on the screen to pop up IP filtering. Filter list window. In the list, first remove the check mark on the left side of "Use Add Wizard", and then click the "Add" button on the right side to add a new filter.

3. Enter "Filter Properties". In the dialog box, the first thing you see is the address search. Select "Any IP Address" for the source address, select "My IP Address" for the destination address, click the "Protocol" tab, and select "Select Protocol Type" from the drop-down list# Select "TCP" in ##, then enter "135" in the text box under "To this port" and click OK. This will add a filter that blocks the TCP135 port, which can prevent the outside world from connecting to you through port 135. After clicking OK, return to the filter list dialog box, and you can see that a policy has been added. Repeat the above steps to continue adding TCP137 139 445 593 1025 2745 3127 3128 3389 6129 port and udp 135 139 445 port. Create corresponding filters for them. Create the filters for the above ports, and finally click the OK button

4. In the "New Rule Properties" dialog box, select "New IP Filter List" and click. The

checkbox on the left indicates that it has been activated. Finally, click on the "Filter Operations" tab, remove the hook on the left of "Use Add Wizard", and click the "Add" button. , in the "Security Method" tab of "New Filter Action Properties", select "Block", and then click "Apply" "OK"

5. Enter the "New Rule Properties" dialog box and select. The check box to the left of "New Filter Action" indicates that it has been activated. Click the "Close" button to close the dialog box. Finally, in the "New IP Security Policy Properties" dialog box, check the box to the left of "New IP Filter List" and press Confirm to close the dialog box. In the "Local Security Policy" window, right-click the newly added IP security policy and select "Assign"

Modify the remote connection 3389 port: ##. #How to modify port 3389 in Windows 2003 (common to windows server 2008)

I am going to host the server today, and I need to modify the server port 3389. I searched online and found it, so I will save it for this purpose

To prevent others from scanning the remote desktop connection port and ensure the security of the server, we can modify port 3389.

There are two steps in total: one is to modify the port settings on the server side; the other is the client connection method. The method is as follows (taking Windows Server 2003 as an example,

other

systems are for reference only):1. Modify the port settings on the server side (there are 2 places in the registry that need to be modified)

1. The first place:

[H
KEY
_LOCAL_MACHINE\SYSTEM\
Current
Control
Set
\Control\Terminal Server\Wds\rdpwd\Tds\tcp]
Copy after login

PortNumber value, the default is 3389, select decimal and change it to the port you want (the range is 1024 to 65535, and it cannot conflict), such as 6000, see the figure below:

2. Second place:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]

PortNumber value, the default is 3389, select Decimal, change it to the port you want (ranging from 1024 to 65535, and no conflict), such as 6000, see the picture below:

3. Restart the system to make the settings take effect.

Note: The ports modified twice must be consistent.

In fact, it is also possible to modify only the second part.

In addition, the standard connection form at the second place is: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\], where represents a specific RDP-TCP connection (here There should be one or more subkeys similar to RDP-TCP, depending on how many RDP services you have established), and change the PortNumber as well.

2. Client connection method

1. Open the remote desktop connection: under XP/2003, enter "mstsc" in the run).

2. Connection format: IP: modified port, such as 10.10.10.10:6000

win7 (Server 2008 R2) firewall settings open a certain port

Sometimes during the development process, others need to connect to your local computer to access the website. The firewall will block external access. You can open a local port so that others can access it.

1. Find the firewall

2. Click Advanced Settings

3. Click "Enter" "Site Rules" and then click "New Rule":

4. Click "Port"

5. Fill in The port number you want to open, I use 9999 here:

6. Default next step, next step, and finally give your setting a name, whatever you want, I will here To use pass9999point, let the 9999 port pass

7. Click Finish. You can see the rules you set in the list, and then this port can be accessed by the outside world. Instead of turning off all firewalls:

The above is the detailed content of Detailed explanation on win2008 IP security policy to close ports, prohibit ping, modify port 3389, and open designated ports. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

Repo: How To Revive Teammates
1 months ago By 尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Soundbar detected as monitor screen on Windows PC [Fix] Soundbar detected as monitor screen on Windows PC [Fix] Feb 19, 2024 pm 11:42 PM

On Windows PCs, some users have discovered that the Soundbar is recognized as a monitor when connected to the HDMI port. This may cause some confusion, but the solution is not the only one. How to Connect a Soundbar to a PC via HDMI Most soundbars use HDMI, optical, or 3.5mm audio connections. If your soundbar only supports HDMI connections, it must be connected to an HDMI port labeled HDMIARC. Many TVs or monitors are usually equipped with multiple HDMI ports, one of which should support the ARC protocol that complies with the HDMI standard. In other words, HDMI is an interface used to transmit audio and video. If the device does not have an HDMI port, consider using a monitor.

How to check whether the remote server port is open in Linux How to check whether the remote server port is open in Linux Mar 21, 2023 am 09:50 AM

How to check whether the remote server port is open in Linux: 1. Use the "nmap ip -p port" command to check whether the port is open. The specific command is such as "nmap 172.17.193.18 -p 5902"; 2. Use the "nc -v ip port" command Check whether the port is open. The specific command is "nc -v 172.17.193.18 5902".

What ports are com1 and com2? What ports are com1 and com2? Aug 25, 2022 am 10:53 AM

com1 and com2 are serial communication ports, referred to as serial ports; a motherboard generally has two COM serial interfaces, which are usually used to connect mice, which are communication devices. The serial interface refers to the sequential transmission of data bit by bit, which is characterized by communication The circuit is simple, and only a pair of transmission lines can achieve two-way communication.

How to close port 445 in Win11 How to close port 445 in Win11 Jul 04, 2023 pm 12:17 PM

How to close port 445 in Win11? Port No. 445 is a TCP port, a shared folder and printer port, which provides file or printer sharing services within the LAN. Recently, some Win11 users want to close port 445, so how should they do it? Many friends don’t know how to operate in detail. The editor below has compiled the detailed operations for closing port 445 in Win11. If you are interested, follow the editor to read below! Detailed operation of closing port 445 in Win11 1. First, press the Win+S key combination, or click the search icon on the bottom taskbar, open the Windows search window, enter Windows Firewall at the top, and then click the best option given by the system.

Your iPhone won't charge after iOS 17 update? Here's what you can do Your iPhone won't charge after iOS 17 update? Here's what you can do Sep 21, 2023 pm 11:41 PM

What is the cause of iOS17 charging problem? There are several possible reasons why your iPhone may not be charging after updating to iOS17. One possibility is that there is a bug in the software update. Apple is usually quick to fix bugs in iOS updates, so if you're having charging issues it's worth checking to see if a new update is available. Another possibility is that there is a problem with the charging cable or adapter. If you're using a third-party charging cable or adapter, make sure it's certified by Apple. How to Fix iPhone Not Charging Issue Here are some tips on how to fix iPhone not charging issue after iOS17 update: Restart your Apple phone This usually resolves minor issues that may be the root cause of iOS17 charging issue

How to close a port How to close a port Jan 17, 2024 pm 02:07 PM

Methods to close the port: 1. Use a firewall to close the port; 2. Use system configuration to close the port; 3. Use third-party software to close the port; 4. Modify the registry to close the port; 5. Use a router to close the port; 6. Manually stop the service and close it. Port; 7. Use the command line to close the port; 8. Use security software to close the port; 9. Modify the application configuration to close the port; 10. Use network equipment to close the port. Detailed introduction: 1. Use the firewall to close the port, open the "Control Panel", select "Windows Defender Firewall" and so on.

Fix AHCI Port 0 Device Error on Windows Computer Fix AHCI Port 0 Device Error on Windows Computer Feb 19, 2024 pm 12:45 PM

If you encounter an AHCI port 0 device error every time you start your computer, you need to follow the methods provided in this article to solve the problem. What is AHCI port 0 device error? AHCI device errors are reported by the BIOS. SMART has indicated that the hard drive on port 0 is faulty and may not be accessible. The hard drive may have problems at any time. If it is a desktop computer, it is recommended to try changing the hard drive connection port. If the problem persists, it may be a problem with the hard drive itself. You can run a disk check tool, disable the failed hard drive and check the ports to resolve this issue. Fixing AHCI Port 0 Device Errors on Windows Computers Typically, AHCI Port0 device errors do not originate from operating system issues, but rather from the hard drive failing on port 0.

How to use LSOF to monitor ports in real time How to use LSOF to monitor ports in real time Mar 20, 2024 pm 02:07 PM

LSOF (ListOpenFiles) is a command line tool mainly used to monitor system resources similar to Linux/Unix operating systems. Through the LSOF command, users can get detailed information about the active files in the system and the processes that are accessing these files. LSOF can help users identify the processes currently occupying file resources, thereby better managing system resources and troubleshooting possible problems. LSOF is powerful and flexible, and can help system administrators quickly locate file-related problems, such as file leaks, unclosed file descriptors, etc. Via LSOF Command The LSOF command line tool allows system administrators and developers to: Determine which processes are currently using a specific file or port, in the event of a port conflict

See all articles