Several measures to make your win 2003 safer

Windows 2003 as a more reliable server operating system is generally safer, but there are certain insecure factors. For this reason, we can configure directory permissions, system security policies, protocol stack enhancements, system services and access. Control harden your system and improve the security of the server as a whole. Let the editors teach you how to make Windows Server 2003 more secure.

Step 1: Modify administrator accounts and create trap accounts:

Modifying built-in user accounts For many years, Microsoft has been emphasizing that it is best to rename the Administrator account and disable the Guest account. Achieve greater security. In Windows Server 2003, the Guest account is disabled by default, but it is still necessary to rename the Administrator account, because hackers often start attacking from the Administrator account. To do this, open the “Local Security Settings” dialog box, expand ““Local Policies"→“Security Options", in the right pane, there is an “Account: Rename System Administrator Account”. The strategy, double-click to open it, reset the Administrator to a plain user name, of course, please do not use the name of Admin, change is equal to no change, try to disguise it as a normal user, such as: guestone. Then create a trap account named "Administrator", "Restricted User", set its permissions to the lowest, and do nothing, and add a super complex password of more than 10 digits. This will keep those Scripts s busy for a while, and you can use them to discover their intrusion attempts. Or do something on top of its login scripts.

The second step is to remove the danger of the default share.

After Windows2003 is installed, the system will create some hidden shares. You can view them by typing net share in cmd. There are a lot of articles about IPC intrusion on the Internet, I believe everyone must be familiar with it. So we want to disable or delete these shares to ensure security by first writing a batch file like this:

@echo off

net share C$ /del

net share D$ /del

net share E$ /del

net share F$ /del

net share admin$ /del

Batch content can be modified according to your needs. Save it as delshare.bat and place it in the system32\\GroupPolicy\\User\\Scripts\\Logon directory under the system folder. Then enter gpedit.msc in the Start menu → Run, press Enter to open the Group Policy Editor. Click User Configuration & Rarr; Window Settings & Rarr; Script (Login/Logout) & Rarr; Login, click “Add” in the “Login Properties” window that appears, the “Add Script” dialog box will appear. Enter delshare.bat in the "Script Name" column of the window, and then click the "OK" button. This allows the system to be booted by the Group Policy Editor to execute the script to delete the system's default share.

Disabling IPC Connections

IPC is an acronym for Internet Process Connection, which is a remote network connection. It is a unique feature of Windows NT/2000/XP/2003. In fact, it establishes a communication connection between two computer processes, and communication of some network communication programs is established on the IPC. For example, IPC is like a paved road, we can use the program to access the remote host through this “road”. By default, IPC is shared, which means that Microsoft has paved the way for us. Therefore, this IPC-based intrusion is often referred to as IPC intrusion. You don't need any hacking tools to set up an IPC connection. Just type the appropriate command on the command line, but there is a precondition that you need to know the username and password of the remote host. After opening CMD, enter the following command to connect:

net use\\\\ip\\ipc$ "password" /user:"usernqme". We can disable IPC connections by modifying the registry. Open the Registry Editor. Locate the restrictanonymous subkey in HKEY_LOCAL_MACHINE\\ SYSTEM\\CurrentControlSet\\Control\\Lsa and change its value to 1 to disable the IPC connection.

The third step is: reset the remote accessible registry path

Set the remote accessible registry path to empty, which can effectively prevent hackers from using the scanner through the remote registry Read system information and other information of the computer. Open the Group Policy Editor and select “Computer Configuration”→“Windows Settings”→“Security Options”→“Network Access: Remote Access Registry Path”&&quoquo;Network Access: Remotely Accessible Registry", set the remotely accessible registry path and subpath content to null. This can effectively prevent hackers from using the scanner to read the system information and other information of the computer through the remote registry. Previous12Next page Total 2 pages