Transparent Windows 2008 System Status Changes

For Windows Server 2008 systems, we can make full use of the system's own functional commands to transparently change the state of the Windows Server 2008 system.

1, transparent system service status changes

A lot of times, in order to make Windows Server 2008 system run more efficiently, we often use manual methods to close some system services that are temporarily unavailable. In order to save valuable system resources as much as possible; however, because many of the service options in the system are not familiar at all, manually modifying the system services may cause some unexplained failures in the Windows Server 2008 system; for example, a friend adopts After optimizing the Windows Server 2008 system, the professional optimization tool found that the original printer can not work normally. How can we quickly know which system services have changed in the current system? In fact, clever use of the Windows Server 2008 system comes with the "sc query" command, we can quickly view the working status of all services in the corresponding system; in order to be able to find out the system service changes, we can follow the steps below Operation:

Firstly back up the normal system service status information before optimizing the local computer system; when performing the service status information backup operation, we can click the Windows Server 2008 system desktop in turn. “Start”/“Program”/“Accessories" option, select the “command prompt> item from the "Accessories" submenu that appears, and right click on the item, From the shortcut menu that pops up, execute the “Run as administrator” command to switch the system state to the DOS command line working state;

Second at the DOS command line prompt, enter the string command“ Sc query >d:aaa.txt”, after clicking the Enter key, the screen will return the execution result as shown in Figure 1. The service status information of the Windows Server 2008 system during normal operation is all saved and saved to the "d:aaa.txt" file;

In the future, when we use professional tools for Windows Server 2008 system services After optimization, if there is an inexplicable failure phenomenon in the corresponding system, we only need to execute the string command at the DOS command prompt, “sc query >d:bbb.txt”, then the system service is optimized. The status information is successfully saved to the “d:bbb.txt” file;

Next, we continue to execute the string command in the MS-DOS window“fc d:aaa.txt d:bbb .txt”, in order to compare the “d:aaa.txt” file with the “d:bbb.txt” file through the fc command that comes with the Windows Server 2008 system; I believe that by contrast, we can Quickly know which status changes in the Windows Server 2008 system cause the system to be inexplicable. For example, if the printer works properly before the service is optimized, and if the printer does not work properly after performing the system optimization service operation, then we can quickly understand that the status of the background print service of the system changes according to the above operation. At this time, we just need to open the service list window of the corresponding system, find the background printing service, and enter the property setting window of the service, and then restart the service normally, it can solve the problem that the printer can not work normally.

In addition to using the “sc query” command to export system service status information, this operation can also be done through the <quo;net start” command.

2, transparent system startup items changes

We know that many popular Trojans and virus programs are trying to find themselves "self-starting items" into the system. To automatically run the attack following the startup of the Windows system, so timely monitoring of the state changes of the system startup items can help us to protect the security of the computer system. This is not the case, in the Windows Server 2008 system environment, we can subtly use the system's own "wmic" command to record the status information of all auto-start projects in the corresponding system; when the system encounters abnormal phenomena in the future We will record the status information of the system automatically starting the project, and then compare the state changes twice before and after through the fc command of the Windows Server 2008 system. I believe that you can quickly understand the changes of the startup items of the corresponding system. Before the Windows Server 2008 system startup items change, we must first back up the contents of the startup items in the normal state of the system. The following are the specific backup steps:

First follow the previous steps to the system. Open the MS-DOS window of the Windows Server 2008 system as an administrator. At the command prompt of the window, enter the string command <;wmic";, after clicking the Enter key, the system command prompt will automatically change to “ Wmic:rootcli>”, as shown in Figure 2;

Second, at the prompt, enter the string command “startup list brief > c:aaa.txt”, click the Enter key After that, all the self-starting items of the Windows Server 2008 system will be automatically saved to the “c:aaa.txt” file.

If you suspect that the autostart project of the Windows Server 2008 system has changed due to Trojans or viruses, we can save the contents of the autostart project after the failure to "ld:" in the same way. Bbb.txt” file; then, we continue to execute the string command <;fc c:aaa.txt c:bbb.txt” in the MS-DOS window to compare with the fc command that comes with the Windows Server 2008 system. “c:aaa.txt” The file is different from the “c:bbb.txt” file; I believe that by comparison, we can quickly find out which new startup projects have been added to the Windows Server 2008 system.

Similarly, we can also execute the string command "process list brief" in the "wmic:rootcli" system command prompt to observe the status information of all processes in the system, or The process status information backup is saved, so that when the system encounters an unexpected phenomenon in the future, the status of the system process is checked and compared. This comparison check operation also helps us to determine whether the Windows Server 2008 system has been attacked by Trojans or virus programs.

3, transparent system sharing status changes

Sometimes, Windows Server 2008 system will encounter some Trojans or virus programs, the system will inexplicably add many hidden shared folders Trojans or viruses often use these hidden shared folders to achieve the purpose of secretly monitoring important local resources. If we use manual methods to query the sharing status changes of important resources in the local server system, it is not only a lot of work, but also easy to miss; in fact, clever use of the Windows Server 2008 system comes with "net share" Command, we can record all hidden shared resources in the corresponding system; when we suspect that the sharing status of important resources in the system changes, use the “net share” command to record the sharing status information of the system, and then use the fc command. To compare the state changes twice before and after, so that we can quickly know which shared folders are newly created and which folders have been canceled. When using the "net share" command to record changes in the shared resource state of the local server system, we can do the following: