Operation and Maintenance
Windows Operation and Maintenance
Detailed explanation of group policy and user settings in win2008 R2 WEB server security settings guide (picture)
Detailed explanation of group policy and user settings in win2008 R2 WEB server security settings guide (picture)
This article mainly introduces the group policy and user settings of the win2008 R2 WEB server Security Settings Guide, friends in need can refer to the following
Set group policies through optimization, and set system defaults Administrators and users can take measures such as renaming and creating trap accounts to improve system security.
Continuing from the previous article, we have changed the remote connection port and can reject some attacks, but these settings are not enough. When doing the following security, you must make sure that your server software has been fully configured and can be used normally. Otherwise, if you install the software after setting the security, the installation may fail or other events may occur. Error, causing environment configuration to fail.
Password Policy
The strength of the system password is directly related to the security of the system. If your password is too simple, if your remote connection port is scanned, It will only take minutes to crack your password. Therefore, our system password must set a password that meets security requirements, such as using uppercase and lowercase English, numbers, special symbols, and a length of not less than 6 characters to enhance password security. In Windows 2008 and above systems, the system provides a "Password Policy" setting. Let's set it. First enter the "Local Security Policy",
and open "Security" in sequence. Set "-----"Account Policy"-----"Password Policy"-----Password must meet complexity requirements, enable.
AuditStrategy
The role of the audit policy is that in case a malicious user cracks your password, logs into your system, or modifies your system and other events, you can Detect and deal with it early.
The default is no audit, we must modify it, the following is the audit policy I modified,
can basically capture the required information, we only need to Analyzing these generated logs can reveal the problem.
User permissions allocation
This is mainly to limit which users can use remote connections to log in to the server. The default is Administrators group and Remote Desktop Users group. These two groups All members can remotely log in to the server. As a WEB server, we generally don’t have too many users. There may be only one administrator, so there is no need to specify a group, just specify the user directly.
Modify system users and groups
1. Rename the system default user name and user group. This is divided into two steps.
⑴. Rename the default administrator administrator and guest account. For example, I will rename administrator to wobushiad and guest to wobushiguest,
In the future, you will need to use the modified username wobushiad to log in to the server.
⑵. Create a new user named administrator, who belongs to the Guests group, and set a super complex password (type a string of characters in Notepad including uppercase and lowercase letters, numbers, and special symbols and copy them in. You don’t need to Remember this password) and disable the account. This account is a trap account and we do not use this account ourselves.
Then modify the default administrator group administrators and Guest group,
Security Options
Interactive login: Do not display last username, enable
Network access: Do not allow SAM accounts and shares Anonymous enumeration of
Network access enabled: Do not allow storage of passwords and credentials for network authentication, Enable
Network access: Remotely accessible registry path, clear
Network access: Registry paths and subpaths that can be accessed remotely, clear
The above is the detailed content of Detailed explanation of group policy and user settings in win2008 R2 WEB server security settings guide (picture). For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1385
52
4 Ways to Enable or Disable Microsoft Store on Windows 11 or 10
May 14, 2023 am 10:46 AM
Here are some possible reasons why you need to disable Microsoft Store: Stop unwanted notifications. Preserves data by limiting the background processes of the Microsoft Store to improve security or privacy Addresses some issues related to the Store or the apps it installs. Restrict children, family members, or other users from downloading applications without permission. Steps to Disable or Enable Windows Store Before following this tutorial, disabling the Microsoft Store will also stop the installation of any apps that require its services. To use the store, users need to enable its service in the same way as blocking it. 1. Block WindowsStore background service Let us from restricting Microsoft Store as
How to solve the problem of location services being grayed out in Windows 10/11?
Apr 26, 2023 pm 03:49 PM
Location services are an important feature for some applications on Windows, depending on the location of your system. So if you see the Location Services option grayed out on your system, you can't even toggle it manually. Usually, some system glitch causes this issue and you can easily fix it by following these simple solutions. Fix 1 – Adjust the registry You can adjust the registry to fix this greyed out location services issue. 1. Press the Win key and type "Registry". 2. Then, click "Registry Editor" to open the Registry Editor on your system. 3. You will delete a specific registry subdirectory. Usually, it won't affect your system at all. However, it is recommended that you perform a system backup. one. After opening the Registry Editor, click
How to install the Group Policy Management Console on Windows 11
May 17, 2023 am 09:59 AM
Installing the Group Policy Management Console (also known as GPMC) on Windows 11 will be the topic of today’s post. In Windows systems, the tools we are discussing improve the management of Group Policy by making it easier for IT and system administrators to understand. Be careful not to confuse the Local Group Policy Editor (gpedit.msc) with the Group Policy Management Console (GPMC). In terms of local system settings, Gpedit works with the registry, but GPMC works with server management settings for domain-based networks. You need to download and install the Windows Remote Server Administration Tools, sometimes called RSAT, to accomplish this. Use remote server management
5 Ways to Disable Delivery Optimization Service in Windows
May 17, 2023 am 09:31 AM
There are many reasons why you might want to disable the Delivery Optimization service on your Windows computer. However, our readers complained about not knowing the correct steps to follow. This guide discusses how to disable the Delivery Optimization service in a few steps. To learn more about services, you may want to check out our How to open services.msc guide for more information. What does Delivery Optimization Service do? Delivery Optimization Service is an HTTP downloader with cloud hosting solution. It allows Windows devices to download Windows updates, upgrades, applications and other large package files from alternative sources. Additionally, it helps reduce bandwidth consumption by allowing multiple devices in a deployment to download these packages. In addition, Windo
'Windows 11 Memory Integrity is Off” Issue: How to Fix
Apr 28, 2023 pm 07:34 PM
The security of a Windows PC is critical to its proper functioning. If the system is protected from hackers and malware and its core functionality is stable, then Windows has a secure environment to perform full functionality. Windows has some security features that utilize different components to achieve this, and Memory Integrity is one of them. But these features can sometimes impact system performance, especially if they are forced on you by default. How does memory integrity work? To understand the breadth of how memory integrity works, we need to understand two other features related to it - core isolation and virtual machine platform (VMP). Core Isolation: This is a set of virtualization-based security features by isolating important core processes in memory
Windows 11 can't find Gpedit.msc? Try these fixes
Apr 30, 2023 am 09:52 AM
In Windows 11, there is a feature called Group Policy Editor (Gpedit.msc) for viewing, configuring, and changing Group Policy configurations. Administrators use it to implement system-wide policy changes that simultaneously affect all users on the network. Likewise, regular users may use it in the same way to make countless tweaks and updates to their computer systems. We all must know that Windows 11 has four different editions: Professional Edition, Home Edition, Student Edition and Enterprise Edition. The vast majority of personal computers come pre-installed with Windows 11 Home Edition. It is important to note that the Group Policy Editor (Gpedit.msc) is not included in its installation. In contrast, GPE is only available on Wind
How to Fix Valorant Vanguard Windows 11 Error
Apr 15, 2023 pm 08:55 PM
These two Vanguard errors appear when players try to launch Valorant in Windows 11. Therefore, players cannot play Valorant due to these bugs. If you need to resolve one of these issues, check out the potential fixes below. What is Vanguard? Vanguard is anti-cheat software for the Valorant game. Riot software is installed with the game to prevent players from cheating in Valorant. You will not be able to play Valorant without the RiotVanguard software installed and activated. This software is somewhat controversial because it blocks applications. Players complain about Vanguard viz.
How to disable telemetry in Windows 11?
Apr 26, 2023 am 08:34 AM
What is Windows Telemetry? Telemetry is an automated process that involves collecting data from a remote source (your PC) and transmitting it back to Microsoft. The company uses the data it collects to monitor and improve its operating systems. Additionally, the company uses this data to enhance security and improve the overall user experience. While sending usage statistics to Microsoft sounds great, it opens the door to sharing anonymous data with third parties. If you're concerned about Windows automatically sending telemetry and other diagnostic data to Microsoft, use the following steps to turn it off. Disable telemetry collection on Windows 11 You can disable telemetry collection for Windows 11 through the Settings menu.
