The optimization method for Windows 7 (hereafter referred to as Win7) is also endless, users are often patchwork, no clue, and these methods are more difficult to distinguish, the effect is not known. In fact, using Win7's system group policy function, you can achieve Win7 system optimization. This article explains how to use Group Policy to make Win7 more secure.
Note: The Group Policy feature is only available in Win7 Professional, Ultimate and Enterprise editions.
Confidentiality Put on the driver's invisibility cloak
The drive mainly includes hard disk, optical drive and mobile device, etc. It is mainly used to store data. Therefore, limiting the use of the drive can effectively prevent the leakage of important and confidential information, and it is necessary to block the invasion of viruses and Trojans. Different drivers have different limiting methods, and the same drive has different levels of restrictions. Just say hard disk, there are generally two levels of hidden and forbidden access. The hidden level is relatively primitive, just to make the drive invisible, generally used to protect children and primary users, and access is prohibited to completely block access to the drive. For mobile devices, you can choose to set read, write, and execute permissions, but viruses and Trojans are typically spread by executing malicious programs, so disabling execution permissions is most effective.
Primary Defense Cannot be seen by ordinary users
There are some important files on the hard disk of the home computer. I don't want others to see it. The easiest way is to hide the drive where the file is located. Click "Start", enter "gpedit.msc" in the search box, confirm the group policy editor, and then expand "User Configuration → Administrative Templates → Windows Components → Windows Explorer", in the right settings window, Go to "Hide these specified drives in My Computer", select "Enabled", select the drive you want to hide in the drop-down list below, and then OK. Then enter the "computer", the drive icon you just selected is gone.
Tip: This method just hides the drive icon, users can still use other methods to access the contents of the drive, such as typing the directory path on the drive directly in the address bar. In addition, this setting does not prevent users from accessing these drives or their contents using the program.
Advanced Defense Privilege Users Can Use
There are important system files in the system disk, which can't be modified or moved by others. In particular, when some partitions have important files, if you just hide the drive, others can still access it. Of course, this is not the case! The safest way is to protect the relevant drive and prohibit access by unauthorized users.
Similarly, in the Group Policy Manager, expand "User Configuration → Administrative Templates → Windows Components → Windows Explorer", enter "Prevent access to the drive from 'My Computer'", select "Enabled" In the drop-down list below, select the drive you want to disable, and it will take effect after confirmation (as shown in Figure 1). When someone wants to access the relevant drive again, a "restricted" prompt window will appear! When you need to view it, just change the relevant policy setting from "Enabled" to "Not Configured".
Tip: How can I prevent others from editing with Group Policy? Very simple, by creating users with different permissions, let others use the ordinary User type of account (without permission to open the Group Policy Editor).
Disabling mobile device execution rights Broken Trojan virus
Mobile devices (such as flash memory, mobile hard disk, etc.) have become the standard configuration of many users and are the most widely used. Because of this, it has also become the main route for the spread of viruses and Trojans. Ordinary restrictions on read and write permissions do not prevent viruses and Trojans from invading, because virus propagation is achieved by executing viruses and Trojans, so disabling execution permissions can cut off the virus transmission path.
Expand Computer Configuration→Administrative Templates→System→Removable Storage Access, enter “Removable Disk: Reject Execute Permission”, select “Enabled”, and the settings will take effect after confirmation. The executable on the mobile device will not be executed and the computer will no longer be infected by the virus. And if you need to perform, just copy to the hard disk.
Surfing the Internet to wear a cloth shirt for the browser
One of the most important uses of the computer is to go online, but to be honest, the Internet is not at all worry-free, viruses, Trojans and rogue software Straight, even a lot of big websites will be hung up, users are really hard to prevent. And a lot of malware will tamper with the browser homepage or other settings of the browser. Once you open the browser, it will pop up a messy page or even a Trojan website, which will make users complain! In addition, some users use the browser to download files without any problems. Regularity often leads to file confusion, and it is difficult to remove virus files once they are downloaded. So how to enhance the "immunity" of the browser is particularly important.
Locking the Home Page
Homepage tampering is the most common, and with Group Policy Locking, you can completely solve this problem. Not only will it not pop up a messy page, but it will also reduce the chance of poisoning and trojan again. Expand User Configuration → Administrative Templates → Windows Components → Internet Explorer, go to “Disable Change Home Page Settings”, select “Enabled”, enter the default home page under “Options”, and the settings will take effect after confirmation.
Tip: When this policy setting is enabled, users will not be able to set the default home page, so if necessary, the user must specify a default home page before modifying the settings.
Frozen IE Settings
As mentioned above, once the system is poisoned or has a Trojan, the IE homepage will be tampered with, and other IE settings may be tampered with. Therefore, it is very necessary to add a protective cover to the IE. In particular, once the IE settings are set, they may not change for a long time, so it is better to freeze them completely!
Expand User Configuration→Administrative Templates→Windows Components→Internet Explorer→Internet Control Panel, right window The grid has "Disable Advanced Page", "Disable Connection Page", "Disable Content Page", "Disable General Page", "Disable Privacy Page", "Disable Program Page" and "Disable Security Page", respectively corresponding to "Internet" in IE Seven tabs in Options" (shown in Figure 3). If all are enabled, opening the "Internet Options" will bring up the "Limited" error dialog box, which completely eliminates the modification of the IE browser settings.
Tip: Starting "Disable General Pages" will remove the "General" tab in "Internet Options." If this policy is enabled, users cannot view and change the settings for the home page, cache, history, page appearance, and accessibility. Because this policy removes the General tab, if you set this policy, you do not need to set the following Internet Explorer policies - "Disable change home page settings", "Disable changes to temporary Internet file settings", "Disable change history settings", "Disable Change Color Settings", "Disable Change Link Color Settings", "Disable Change Font Settings", "Disable Change Language Settings", and "Disable Change Accessibility Settings".
Privilege management to match the system with eyebrows
Now some software is really flowing, for example, many softwares are famous for their convenience, but they will be maliciously bundled during software packaging or greening. The program either packs some web pages into it. The method is generally low-level, and it is implemented by batch files and manual injection of registry information, so we can use Group Policy to prohibit some dangerous types of files from running. In addition, in some public places (such as offices), many software is not allowed (such as chat software, etc.), then managers can also use Group Policy to achieve effective management.
Disallow dangerous files from running
Some types of files (such as ".reg" registry files and ".bat" batch files) are rarely used by ordinary users, and are easy. It is used by viruses or Trojans, so prohibiting these types of files from running can guarantee the security of computers to a certain extent.
Expand Computer Configuration→Windows Settings→Security Settings→Software Restriction Policies. Then select Create Software Restriction Policy from the right-click menu. The Security Level and Other Rules are automatically generated. Five items of "forced", "specified file type" and "trusted publisher". Go to the Properties window of the "Specified File Type" and leave only the file types that need to be forbidden, such as "bat batch file", and delete all other file types. If the type is not in the list, just enter the file type you want to disable in the "File extension" text box below, and add it. Go to "Security Level → Not Allowed" and click the "Set as Default" button. This policy will take effect. When you run any batch file again, it will be blocked.
Disabling the program Putting on the vest I know you too.
In addition, many companies do not allow chat software. Take QQ as an example. If you uninstall QQ directly, the user may install it again or install the software to another location. At this point, you can use Group Policy to easily get it.
Expand Computer Configuration→Windows Settings→Security Settings→Software Restriction Policies→Other Rules, and select New Hash Rule (as shown in Figure 4). Click "Browse" to select QQ's executable file "QQ.exe". The first line below "File Information" is the generated hash value. This value is unique. The basic information of the file is also displayed below. "Security Level" Select "Not allowed". After confirming and logging out, log in again and the settings will take effect.
Tip: The advantage of using a hash rule is that regardless of whether the program is renamed or moved or any other operation, as long as the hash value is verified, the restriction will not expire! Therefore, some software can be effectively restricted. Running.
Win7 desktop gadget defines multiple clocks to display different time zones. One of the features of
Before, I shared a tip about Windows 7: Let it faithfully help you record who is logged into your co
In the w764 flagship version, many important functions are impl
We all know that it is very easy to encrypt the disk in Win7, but sometimes we only want to encrypt
How to shield (disable) the mouse wheel under Win7
Windows7 boot startup item management utility method
Win7 system cancels the computer automatic lock screen simple setting method
How to clean up the redundant files of the C drive in the Win7 system?
What is the process of TenioDL.exe? Can the TenioDL.exe process be disabled?
Three strokes make windows hard drive data stealth
How does Win7 lock the browser home page?
Win7 system A card game how to set full screen
How to set up Win7 computer to automatically connect to broadband?
2009 Microsoft's Top 10 Events Review Windows 7 Releases First
Win8.1 system how to delete the input method small icon
Interpretation of Win 2000/XP blue screen solution practical skills
Pea pod: unable to display solutions for SD card applications
Let the mouse call Windows7 stereo window
Linux uses the blockdev command to adjust the file read-ahead size
Memory six kinds of abnormal troubleshooting methods and solutions