In the win2008 system, the users of the Administrations group have high privileges. Whether it is a remote IPC connection or a terminal service login, as long as the administrator account is used without restrictions, this poses a certain threat to the system security. Prevent hackers from exploiting this vulnerability to connect, so it is necessary to limit anonymous access by remote users.
a, open the registry editor, navigate to HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Control \\ LSA branches, the right to modify RestrictAnonymous shown in FIG. 1.
to about the RestrictAnonymous Explanation of three cases of values:
0 Depends on default permissions
1 Do not allow enumeration of SAM accounts and names
2 Cannot access without explicit anonymous permissions
Also remind you that you need to be aware of the domain controller DC. When the RestrictAnonymous registry value on a Windows 2000/2003/2008-based domain controller is set to 2, the following tasks are restricted:
The subordinate member workstation or server cannot establish a netlogon secure channel.
A subdomain controller in the trusting domain cannot establish a netlogon secure channel.
Microsoft Windows NT users cannot change their passwords after the password expires. In addition, Macintosh users cannot change their passwords at all.
The browser service cannot retrieve a list of domains or a list of servers from a backup browser, master browser, or domain master browser running on a computer with the RestrictAnonymous registry value set to 2. Therefore, all programs that rely on browser services do not work properly.
Due to the above results, it is recommended that you do not set the RestrictAnonymous registry value to 2 in a mixed mode environment that includes subordinate clients. You should consider setting the RestrictAnonymous registry value to 2 only in a Windows 2000/2003/2008 environment and only after sufficient quality assurance testing has been performed to verify that the appropriate service levels and program features continue to be maintained.
As a server-based system, the security of the system is very important, especially to prevent hackers. The win2008 system successfully limits the anonymous access of remote users, which is a very effective way to prevent hackers.
As a service system, win2008 can be said to be a relatively stable and mature syste
Win2008 system has attracted many users to experience with its superior security ad
In order to protect personal data, most netizens will set a login password for their own computer. B
The recycle bin is the place to contain and clean up the system waste. Regularly clean the recycle b
Detailed description of Win2008's powerful security features
Win2008 dual system virtual memory sharing method
How to solve the problems with the password win2008?
Forced potential! win2008 optimization small coups to share
Let's put aside the restrictions! Let win2008 force the password to change regularly. Go to
Flexible settings enable Win2008 to download efficiently
Win2008 server prompts no registration category (80040154) What should I do?
How to achieve remote multi-user sharing under Win2008
Fully understand the Windows xp system taskbar
Windows2008R2 changes the desktop icon has a coup
Graphic shows the steps to migrate windows2003 to win2008 system
Optimize your tips to make your win7 run like
Win8 system CMD input characters appear wrong main process stop how to do
How to install Windows 7 system without disk
Win10 Enterprise Edition activation tool download
Win10 opens the command prompt as an administrator. 3 methods of CMD
Win8 adds clock settings for different time zones. Tutorial
Let Windows XP start menu look like
Windows XP self-extracting file production process comprehensive analysis
How to use the backup function of Windows 7
Win7 Ultimate system uninstalls some software and restarts it will be black screen solution