In daily office applications, for convenience, we are used to sharing some documents and directories on our computer for others to call. However, the security of shared directories is often difficult to secure, and some illegal users may access or even destroy our shared files. In this case, Group Policy comes in handy.
One, prohibit sharing of blank passwords
Windows default state allows remote users to use a null user connection to obtain a list of shared resources and all account names of a computer on the network. The openness of this function makes it easy for illegal users to use a blank password or violent deciphering to obtain a shared password, thereby achieving the purpose of invading the shared directory.
For this situation, we can first turn off the SAM account and shared anonymous enumeration. Open the “Run” window in the Start menu and type "gpedit.msc" to open the Group Policy Editor. On the left side, find the "Computer Configuration" & —“Windows Settings”—“Security Settings ”—“Local Policies”—“Security Options", double-click on the right side of the "Network Access: Do not allow SAM account and shared anonymous enumeration" items, select in the pop-up window “ The ” option is enabled, and finally click the “OK" button to save the settings. After such a setting, illegal users cannot directly obtain shared information and account lists.
Figure 1 Figure 2
Second, prohibit unauthorized access
In order to meet the principle of minimum permissions, we can impose strict restrictions on accounts accessed by the network. In the Group Policy Editor that opens, select “Computer Configuration”—“Windows Settings”—“Security Settings”—“Local Policies”—“User Rights Assignment” Double-click "Access this computer from the network" on the right side, then add some accounts that must be accessed using the network, and delete accounts such as Everyone, Guest, and so on. Then turn on “ refusal to access this computer from the network & rdquo;, the same reason, only add the authorized account that needs to access the shared directory, delete all other users. When the two strategies work simultaneously, the former replaces the latter.
Figure 3 Figure 4
Three, prohibit anonymous SID/name conversion
In the previous we have prohibited illegal users from directly obtaining the account list, but illegal users can still use the SID of the administrator account to get the default The real name of the administrator. In this regard, we need to open “computer configuration"—“Windows settings"—“security settings”—“local policy"—“security options" Modify <;Web Access: Allow anonymous SID/name conversion" to “deactivated”. However, this may cause problems for users of lower versions on the network when accessing shared resources. Therefore, this configuration should be used with caution when there are multiple versions of the system on the network.
Figure 5
Figure 6
Conclusion: Sharing the catalog makes it easier for us to apply the computer and improve our work efficiency. With these uncomplicated measures, the potential danger will be greatly reduced.
Pre-reading: How to use group strategy. Play computer group strategy skills
1. The real machine is Win7 Enterprise Edition, and the virtual machine is also the enterprise versi
Hidden File MenuUsers who first come into contact with Win7 may be surprised: whether you op
In the Win7 system, moving the window to the left or right edge of the screen all
SSD is a common topic among computer users. The bottleneck of the old-time mechanical hard disk has
How to restore the taskbar default settings in win7?
Use Alipay and import digital certificates under Windows 7
Ghost Win 7 do not need to use the backup (3)
New Xiaobai 516 U disk boot GHOST installation Win7 (1)
Play fast win7 common shortcuts 5 application skills
Windows7 system QQ auto-hiding solution
How does win7 prohibit Adobe Flash Player from automatically updating?
Just three steps to quickly use Win7 BitLocker
Solve Windows 7 sleep state is automatically wake up
Windows7 system acceleration running optimization skills
Win7 how to partition the hard disk partition Win7 hard disk partition tutorial
Windows XP system restore application skills
Can't find a problem with DVD or DVD drive on win8
Win10 system prompt: What if the task object version is not supported or invalid?
Temporary freezing method of Win7 system task manager display interface
What should I do if the "Rundll32.exe application error" appears on the WinXP system?
The perfect solution for setting Win8 local IP address
Win7IE browser prompts "stack overflow" how to do
404 What a hell! How much do you know about 404?
Hidden network how to connect Win8.1 connection hidden SSID network method