Two major steps to create a security system for win2003

Windows 2003 can be said to be a very secure system, but there are still some deficiencies in the security. In order to make the win2003 system more secure, it is necessary to set up a security fortress for win2003. Let's take a look at the specific settings. Steps.

Step 1: Modify administrator accounts and create trap accounts:

Modifying built-in user accounts For many years, Microsoft has been emphasizing that it is best to rename the Administrator account and disable the Guest account. Achieve greater security. In Windows Server 2003, the Guest account is disabled by default, but it is still necessary to rename the Administrator account, because hackers often start attacking from the Administrator account. To do this, open the “Local Security Settings” dialog box, expand ““Local Policies"→“Security Options", in the right pane, there is an “Account: Rename System Administrator Account”. The strategy, double-click to open it, reset the Administrator to a plain user name, of course, please do not use the name of Admin, change is equal to no change, try to disguise it as a normal user, such as: guestone. Then create a trap account named "Administrator", "Restricted User", set its permissions to the lowest, and do nothing, and add a super complex password of more than 10 digits. This will keep those Scripts s busy for a while, and you can use them to discover their intrusion attempts. Or do something on top of its login scripts.

Step 2: Remove the danger of the default share

After Windows2003 is installed, the system will create some hidden shares. You can view them by typing net share under cmd. There are a lot of articles about IPC intrusion on the Internet, I believe everyone must be familiar with it. So we want to disable or delete these shares to ensure security by first writing a batch file like this:

@echo off

net share C$ /del

net share D$ /del

net share E$ /del

net share F$ /del

net share admin$ /del

Batch content can be modified according to your needs. Save it as delshare.bat and place it in the system32\\GroupPolicy\\User\\Scripts\\logon directory under the system folder. Then enter gpedit.msc in the Start menu → Run, press Enter to open the Group Policy Editor. Click User Configuration & Rarr; Window Settings & Rarr; Script (Login/Logout) & Rarr; Login, click “Add” in the “Login Properties” window that appears, the “Add Script” dialog box will appear. Enter delshare.bat in the "Script Name" column of the window, and then click the "OK" button. This allows the system to be booted by the Group Policy Editor to execute the script to delete the system's default share.

Windows 2003 as a server-type system, security issues are very important, there can be no mistakes, otherwise some important information will be leaked, if you are also using win2003 system, then come Set up a security fortress for your system.