Experts to ensure the security of Win7 system

  

The security of Win7 system has been pursued by our system users, in fact, in the Windows7 operating system, there is a new computer security management mechanism, namely UAC (User Account Control) . Perhaps many people don't know much about this function. Using this function helps us to ensure the security of the system. Now we will introduce this new function in detail to ensure the security of the system.

UAC (User Account Control) Features:

Simply put, UAC (User Account Control) is a change made by other users to the operating system, and these changes require administrator privileges. At this point, the operating system will automatically notify the administrator to determine whether the change is allowed. Although in previous versions, there were limitations in this regard. But there has been a big improvement in Windows 7. It not only subdivides the level of control, but also automatically notifies the administrator. As in previous versions, just prompted the user to have no permissions in this regard, let them notify the administrator. Therefore, after adopting the latest UAC function, the operating system management is more humanized.

First, administrators can choose different control levels according to their needs

In Windows 7, this control level is divided into four levels. The highest level is “Always notify me", that is, users install application software or upgrade the application software, the application software changes the operating system without knowing or knowing the user, modify the Windows settings, etc. The administrator reports.

The second level is "Only when the application tries to change the computer" to notify the system administrator. This level is the default control level for the operating system. The main difference between him and the first level is that the system administrator is not notified when changing the Windows settings. At this level, even if there are malicious programs running on the operating system, it will not cause much negative impact on the operating system. Because its malicious program can not modify the system configuration without the knowledge of the system administrator, such as changing the registry, changing the default page of Internet Explorer, changing the service startup list, and so on. For this reason, for most users, especially for enterprise users, this level of security is sufficient. If the level is too high, it will be too rigid. Maybe the system administrator has to keep on running for it.

The security levels of the third and fourth levels are gradually reduced, and finally all are not notified. In fact, this control level is similar to the control level of the original IE browser, and is a custom control level of Microsoft. As a system administrator, you need to understand the specific content of each level of control, and then set the security level according to the actual situation of the enterprise. In general, the higher the security level, the more secure the operating system. But system administrators may need to take more time to respond to user complaints. Because the user may have any changes to the operating system, they need to inform the system administrator. Fish and bear's paws can't be combined, and system administrators need to strike a balance between safety and convenience.

Second, the user rights are not enough to inform the system administrator

Do not know if readers have used Microsoft or other company's workflow products? In fact, Microsoft is drawing on this issue. Workflow processing methods. When a user attempts to change a setting or secure an application, the system sends a request to the manager when its permissions are insufficient. The system administrator will see a dialog box the next time they log in to the system. The settings that the user needs to change or the applications to install are displayed in the dialog box. System administrators should review this information carefully to determine if it will compromise the stability of the system. You can then tell the operating system through this dialog box to allow or deny the user's changes. Finally, the system will feedback this decision from the system administrator to the user. The user can continue the subsequent operations. If the system administrator agrees, you can install the application or change the configuration of the operating system. Obviously, this process is very familiar to everyone. Yes, this is a workflow process. In the Windows 7 operating system, this workflow can be seen in many places. This is also the embodiment of the humanization of the Windows 7 operating system.

Third, turn off UAC control

If the user does not like this advanced thing, but like the control scheme of Window, this is also possible. The system administrator only needs to adjust this level to the fourth level, which is to turn off the UAC control. At this point, as with previous operating system versions, any changes will not tell the system administrator. If the user logs into the operating system as an administrator, any changes made by the application to the operating system will not alert the administrator, but directly apply the relevant changes. It can be seen that if some malicious programs are making changes at this time, some settings of the system, such as web pages, registry, etc., will be changed without knowing it. If the user logs in to the operating system as a normal standard user, if the operation is done, including installing or upgrading the application, changing the operating system configuration, etc., the operating system will reject it as long as it does not have the relevant permissions. That is, the administrator will not be notified in the form of a workflow. If the user does have this need, only verbally notify and let the system administrator adjust the relevant permissions. When the system administrator adjusts this UAC control from a high level to this fourth level, this control level will not take effect until it is restarted.

When the system administrator turns off this UAC, you must be careful about the damage that various applications may cause to the operating system, because the application can access or modify those as long as it is run as an administrator account. Protected areas, private data of users, and more. In other words, the permissions of the application are the same as those of the system administrator. In addition, some malicious programs can communicate with other computers on the network or even hosts on the Internet without the knowledge of the system administrator to achieve the destruction.

In fact, this UAC control level, in some respects, looks similar to the operating system's personal firewall. When any application has the behavior of modifying the operating system configuration (changing the IE home page, modifying the registry, setting a service to start automatically), it will prompt the user. The user is also notified when the application wants to send information to the Internet. For this reason, if the system administrator is not used to this function and needs to close it, it is better to use other security measures instead. This personal firewall can be used instead of the UAC control level. Although it does not implement all the features of UAC, some of the core protection features of personal firewalls are already adequate. Indeed, if the enterprise has deployed a personal firewall, then when promoting the Windows 7 operating system, if this UAC control is used again, it will be repeated. On the contrary, it may cause the user's dislike. In short, the system administrator should choose one of the two options according to the operating system of the user and the user. More is more cumbersome.

Fourth, through the domain security policy to unify this management level

The number of clients in the enterprise is often not a minority. There are not hundreds of clients managed by a system administrator, and there are dozens of clients. If you adjust the control level of this UAC one by one, it is obviously a repetitive and non-challenging work. According to the author's test, in fact, this UAC control level can be combined with group policy or domain security policy. That is, you can set this level at the domain controller level or at the group level. Then when the client joins this domain or this group, it will inherit this management level. In other words, there is no need to configure one by one on each client. To be honest, Microsoft has been doing a good job in this regard. Although Microsoft's domain environment is complicated to build and manage, its function is still relatively powerful. If you want to make some advanced features of the Windows operating system more convenient, then this domain environment is often indispensable. At least this domain environment provides a platform for unified management of individual clients.

The above is a detailed introduction of UAC (User Account Control) function. If you want to ensure that your Win7 system has been in a safe environment, then make full use of the UAC function, I hope to help everyone. System security can help.

Copyright © Windows knowledge All Rights Reserved