The following are frequently asked questions about win8 local security policy, you can refer to it.
How to open & ldquo; Windows local security policy & rdquo; ah? A: "Search” type “secpol.msc” and press Enter.
How can I prevent hackers or malicious programs from hacking my system password? A: As we all know, brute force cracking Windows passwords is essentially realized by exhaustive algorithms, especially for systems with too simple passwords. The method of brute force is still quite practical. One thing that needs our attention is that the key to this problem is whether Windows allows remote clients or malicious programs to exhaust the username and password. If not allowed, it is a dead end for malicious programs to attempt to obtain administrator privileges through enumeration. So, how to not allow it? See the picture below:
After ensuring that the selected line is "already enabled", this road is basically blocked. If you don't worry, you can also put it underneath. That line "does not allow anonymous enumeration of SAM accounts and shares" is also set to “ Enabled& rdquo; status.
In addition, "local policy" ”——“security options">;web access: anonymously accessible shares", "network access: remotely accessible registration Table path & rdquo; & ldquo; network access: remote access to the registry path and sub-paths, ", network access: anonymous access to the named pipe", these four items contain all the values removed, can further enhance the system safety.
Is the firewall that comes with Windows easy to use? A: A considerable number of friends have ignored the Windows firewall that they have chosen when they choose a wide range of third-party firewall products. They have never even opened it. “Windows Firewall” is a sub-function of the local security policy. I personally think that as long as you are skilled in configuring this function, its ease of use and security are superior for personal applications and even enterprise needs.
There are two ways to enter:
1. Enter the program interface as shown in the address bar below:
Then click on the left side “Advanced Settings” :
After entering this method, you can browse existing rules and create new ones.
2. Enter the program interface directly in the “Local Security Policy”:
There is a blank on the right side, and the existing rules are not listed, but new rules can be created.
For example, Adobe Photoshop CS is prohibited from accessing the network. Right click on the blank space or click on the “New Rule” button in the right column and select the first item in the “New Outbound Rule Wizard”. "Program" (the rules for controlling program connection), the next step is to select the path where photoshop is located, as shown below:
Next step select "Block connection", then you will be asked "When to apply" The rule & rdquo;, you can check according to the actual needs, the default selected "domain, private, public". As shown below:
Then give it a name (arbitrary), the rules are created, and Photoshop.exe will never be able to access the network again. In addition, you can create more advanced rules in the "Connection Security Rules", as shown below:
This interface does not know, the function is so powerful, basically you think of unexpected and unexpected needs, here All are implemented, such as blocking any IP or IP segments that you are not comfortable with, blocking pings, or specifying the operation rights of any port, program name or service name, etc., and the ease of use and reliability are not inferior to any third-party firewall.
Can I disable a program from running through a security policy? A: The answer is yes. Not only can it prevent a program from being renamed, changed its path, changed its suffix, and then re-runs the shell. This function is called “AppLocker”, which is more than prohibiting a program from running in Group Policy. Strict and more powerful. The program interface is shown below:
Right-click on the left side "Executable Rules" & mquoash; & mdash; & ldquo; create a new rule & rdquo;, in the wizard interface that appears, not only the user group (such as Guest) Account), can also enumerate various qualifications, as shown below:
If you select "publisher", then the disabled program, and all its upgrades and revisions cannot be Run (this condition can be further detailed), such as QQ, Thunder, Cool Dog, etc., their official and customized versions can not run, very smart. This feature can also be applied to quarantine virus operations. If there are viruses or Trojans that cannot be cleaned up in the system, no matter whether the infected person is a program, a script, a dynamic link library, or a batch process, it can no longer be done. From this point of view, the current mainstream anti-virus software, in the virus isolation function is generally not detailed. The remaining two are completely easy to understand by literal meaning, especially the third item “File Hash”, which is quite practical.
This function can also be used in conjunction with the "Software Restriction Policy", as shown below: (If the content shown on the right does not appear, right-click on the left sidebar to create a software restriction policy)
In addition, access to the entire or partial registry or even the file system can be restricted by the "global object access audit", as shown in the following figure:
When you step on the iron shoes When looking for third-party software for this function on the Internet, should you first flip through the Windows home? Hehe. If you have a good understanding of PowerShell, you can further simplify the creation and management of AppLocker rules, but the details are not detailed.
Finally, add two more questions about the "local security policy" failure: 1. How can I not access the local security policy? A: This problem is usually displayed as “Create Management Unit Failed” or CLSID: {8FC0B734-A0E1-11D1-A7D3-0000F87571E3}. The reason for this is more common when some software replaces or deletes part of the data during installation or uninstallation. The solution is to first ensure that your environment variable path contains: "%systemroot%system32;%systemroot%;%systemroot%system32wbem”, if not, add it yourself.
Then locate HKEY_CURRENT_USER——Software——Policies——Microsoft——MMC in the registry, assign a value of 0 to RestrictToPermittedSnapins, as shown below:
2, my How can I set up an IP security policy? A: Make sure the IPsec Policy Agent service is enabled.
Recently, users who have used the Win8 system have had problems with the computer a
Windows8 system personalized lock screen interface setting method graphic tutorial After the Window
through the win8 system device manager. Some devices in the computer are not used at all, or some de
The win8 system has a third-party inf signature invalid problem, you need to set the advanced startu
How to use the Metro version of the compression tool 8 Zip
Win8 system how to delete useless files to free up disk space
Win8.1 uses the built-in input method to easily play special characters
Solve win8 can not access the Internet
C disk cleaning skills under Win8 system
Solve Win8 can not run Warcraft 3 several ways
PPPoE broadband connection setting method in Windows 8 system
The method of clearing the less common application under win8 system
Quick Tips for Win8.1 Screen Shot
Win8 allows IE10 to open all Flash
One-click to switch Win8.1 account to cancel the program account limit
Windows 7 hard disk how to install
Win8 shuts down another stunt, let "Win8 shut down" into the right button
Microsoft revealed details of Windows Server 8's online backup service
What should I do if the win10 earphone has a current sound and the sound is very large?
My computer time has passed 15 o'clock and jumped back to 14 o'clock. Asked!
Windows7 system cancels booting
Win7 Prompt Diagnostic Policy Service is not running Unable to Diagnose Check Network Solution
Can not handle the problem without reinstalling - win7 startup repair tool