For Windows7 (hereafter referred to as Win7) optimization settings are also emerging, users are often patchwork, no clue, and these methods are more authentic, difficult to distinguish, the effect I don’t know how to do it. In fact, using Win7's system group policy function, you can achieve Win7 system optimization. This article explains how to use Group Policy to make Win7 more secure.
Note: Group Policy feature is only available in Win7 Professional, Ultimate, and Enterprise Edition.
confidential document to the driver wearing the cloak
mainly includes a hard disk drive, CD-ROM, and other mobile devices, mainly used for storing data and the like. Therefore, limiting the use of the drive can effectively prevent the leakage of important and confidential information, and it is necessary to block the invasion of viruses and Trojans. Different drivers have different limiting methods, and the same drive has different levels of restrictions. Just say hard disk, there are generally two levels of hidden and forbidden access. The hidden level is relatively primitive, just to make the drive invisible, generally used to protect children and primary users, and access is prohibited to completely block access to the drive. For mobile devices, you can choose to set read, write, and execute permissions, but viruses and Trojans are typically spread by executing malicious programs, so disabling execution permissions is most effective.
primary defensive ordinary users do not see some important files on the computer's hard drive
home, do not want others to see, the easiest way is to drive where the file hidden. Click "Start", enter "gpedit.msc" in the search box, confirm the group policy editor, and then expand "User Configuration → Administrative Templates → Windows Components → Windows Explorer", in the right settings window, Go to "Hide these specified drives in My Computer", select "Enabled", select the drive you want to hide in the drop-down list below, and then OK. Then enter the "computer", the drive icon you just selected is gone.
Note: This method is only to hide the contents of the drive icon, users can still access the drive using other methods, such as type the directory path on the drive directly in the address bar. In addition, this setting does not prevent users from accessing these drives or their contents using the program.
Advanced Defense privileged users can have important system files
system disk inside, not let others easily modified or moved. In particular, when some partitions have important files, if you just hide the drive, others can still access it. Of course, this is not the case! The safest way is to protect the relevant drive and prohibit access by unauthorized users.
Similarly, expand the Group Policy Management is among the "User Configuration → Administrative Templates → Windows Components → Windows Explorer" and enter "to prevent from 'My Computer' to access the drive", select "Enabled" In the drop-down list below, select the drive you want to disable, and it will take effect after confirmation (as shown in Figure 1). When someone wants to access the relevant drive again, a "restricted" prompt window will appear! When you need to view it, just change the relevant policy setting from "Enabled" to "Not Configured".
Tip: How to prevent others from using Group Policy Editor it? Very simple, by creating users with different permissions, let others use the ordinary User type of account (without permission to open the Group Policy Editor).
Optimization method for Windows7 (hereinafter referred to as Win7) are endless, the user is often a patchwork, not a clue, but these methods are more difficult to distinguish the authenticity of the effect in the end no way of knowing how. In fact, using Win7's system group policy function, you can achieve Win7 system optimization. This article explains how to use Group Policy to make Win7 more secure.
Note: Group Policy feature is only available in Win7 Professional, Ultimate, and Enterprise Edition.
confidential document to the driver wearing the cloak
mainly includes a hard disk drive, CD-ROM, and other mobile devices, mainly used for storing data and the like. Therefore, limiting the use of the drive can effectively prevent the leakage of important and confidential information, and it is necessary to block the invasion of viruses and Trojans. Different drivers have different limiting methods, and the same drive has different levels of restrictions. Just say hard disk, there are generally two levels of hidden and forbidden access. The hidden level is relatively primitive, just to make the drive invisible, generally used to protect children and primary users, and access is prohibited to completely block access to the drive. For mobile devices, you can choose to set read, write, and execute permissions, but viruses and Trojans are typically spread by executing malicious programs, so disabling execution permissions is most effective.
primary defensive ordinary users do not see some important files on the computer's hard drive
home, do not want others to see, the easiest way is to drive where the file hidden. Click "Start", enter "gpedit.msc" in the search box, confirm the group policy editor, and then expand "User Configuration → Administrative Templates → Windows Components → Windows Explorer", in the right settings window, Go to "Hide these specified drives in My Computer", select "Enabled", select the drive you want to hide in the drop-down list below, and then OK. Then enter the "computer", the drive icon you just selected is gone.
Note: This method is only to hide the contents of the drive icon, users can still access the drive using other methods, such as type the directory path on the drive directly in the address bar. In addition, this setting does not prevent users from accessing these drives or their contents using the program.
Advanced Defense privileged users can have important system files
system disk inside, not let others easily modified or moved. In particular, when some partitions have important files, if you just hide the drive, others can still access it. Of course, this is not the case! The safest way is to protect the relevant drive and prohibit access by unauthorized users.
Similarly, expand the Group Policy Management is among the "User Configuration → Administrative Templates → Windows Components → Windows Explorer" and enter "to prevent from 'My Computer' to access the drive", select "Enabled" In the drop-down list below, select the drive you want to disable, and it will take effect after confirmation (as shown in Figure 1). When someone wants to access the relevant drive again, a "restricted" prompt window will appear! When you need to view it, just change the relevant policy setting from "Enabled" to "Not Configured".
Tip: How to prevent others from using Group Policy Editor it? Very simple, by creating users with different permissions, let others use the ordinary User type of account (without permission to open the Group Policy Editor).
process rights management system coupled to the eyes
now some really rogue software, such as calling a lot of software for the convenience of others to use, but it will be packaged in green or malicious software bundled with some of the The program either packs some web pages into it. The method is generally low-level, and it is implemented by batch files and manual injection of registry information, so we can use Group Policy to prohibit some dangerous types of files from running. In addition, in some public places (such as offices), many software is not allowed (such as chat software, etc.), then managers can also use Group Policy to achieve effective management.
prohibit dangerous files to run
some types of files (such as ".reg" registry file and ".bat" batch file) general users rarely need them, but also very easy It is used by viruses or Trojans, so prohibiting these types of files from running can guarantee the security of computers to a certain extent.
expand "Computer Configuration → Windows Settings → Security Settings → Software Restriction Policies" in the pop-up menu, select "create software restriction policies", will automatically generate "security level", "other rules" Five items of "forced", "specified file type" and "trusted publisher". Go to the Properties window of the "Specified File Type" and leave only the file types that need to be forbidden, such as "bat batch file", and delete all other file types. If the type is not in the list, just enter the file type you want to disable in the "File extension" text box below, and add it. Go to "Security Level → Not Allowed" and click the "Set as Default" button. This policy will take effect. When you run any batch file again, it will be blocked.
disable the program and I know you wear vests
In addition, many companies are not allowed to use chat software. Take QQ as an example. If you uninstall QQ directly, the user may install it again or install the software to another location. At this point, you can use Group Policy to easily get it.
expand "Computer Configuration → Windows Settings → Security Settings → Software Restriction Policies → other rules", select "New Hash Rule" (Figure 4). Click "Browse" to select QQ's executable file "QQ.exe". The first line below "File Information" is the generated hash value. This value is unique. The basic information of the file is also displayed below. "Security Level" Select "Not allowed". After confirming and logging out, log in again and the settings will take effect.
Tip: The benefits of using a hash rule is that regardless of the program was renamed or moved or anything else, as long as the same hash value is verified, then the limit will not fail it can effectively restrict some software! Running.