First Steps, Checking System Groups and Users
My Computer——Right Management ——Local Users and Groups——Groups
Checking the Administrators Group Is there a user account other than the administrator user account (default is administrator).
Check if there is a non-system default account or an administrator-specified account in the users group.
Local Users and Groups ——Users
Check for users who are not commented or have an abnormal name.
Generally, the server that is compromised after the software will add an admin$ or similar user in the administrators group. Once you find this type of user, you should first avoid running any programs, stop all services, and use antivirus in time. The software performs a complete scan of the key areas of the server (starting the resident, C disk system folder user-defined folder) to avoid secondary cross-infection of the Trojan.
Second Step, Check Administrator Account for Abnormal Login and Logout History
My Computer ——Right Management ——Event Viewer——Security
Filter all events with event IDs 576 and 528 (576 is the system logout 528 for the system logout) to view the contents of the specific event information. There will be a login IP in the content. Check if the IP is the IP that the administrator frequently logs in.
Step 3, check if the server has an abnormal login startup item
Start menu ——All programs——Start
This directory is by default It should be an empty directory, but if an abnormal .bat program appears, you should scan the server in full to confirm server security.
Start Menu ——Run
msconfig
Start the menu bar to see if there is a startup project with a named exception, such as A.EXE XXXXI1SU2.EXE, etc. Scan the server to confirm server security.
Start Menu ——Run
regedit
hkey_current_user—software—micorsoft—windows—currentversion-run
hkey_current_machine—software—micorsoft—windows&mdash ;currentversion-run
Check for exceptions in the above 2 items.
In general, if the above three steps check that there is no abnormality, it can be basically determined that the security environment of the server is non-faulty.
I am a network administrator, recently installed the Windows 2003 server operating system on one, an
Now many customers are based test as an excuse to come after the test machine or
I just installed window7 on the companys computer and configured iis7. I found the
Anyone who knows about the network knows that dual network cards can
IIS reported an error trying to load an incorrectly formatted assembly solution
IIS website anti-theft chain download solution
A few things you need to know before buying a server (on)
Set the server to be able to support shtml file
IIS7 date display format solution
Several implementation methods of port mapping
Preventing database files from being downloaded by safely configuring IIS
What are the attacks on the web server?
The most complete in history! Proxy server settings method highlights
Remote Desktop Connection Transfer File Graphic Tutorial
Explain the command line tool - Recovery Console
The computer configuration that can smoothly play LOL is now much more than
Tip: teach you to find the real sender of spam
Windows 7 method of changing user account picture
How to do win10 blue screen problem
Play LOL card, do not change the computer, what need to change
Seven functions Windows 8 must contain the
Advantages and methods of loading hard disk and U disk with Win7