Each service in Win 2000 corresponds to the corresponding port. For example, the well-known WWW service port is 80, smtp is 25, ftp is 21, Win 2000 is installed. The default is that these services are enabled. It is really unnecessary for individual users. Turning off the port means turning off useless services. Whether a service is useful or not depends on its own needs.
Configured in "Services" in the "Administrative Tools" of the Control Panel.
close 7.9 port and so on: Close Simple TCP /IP Service, supports the following TCP /IP services: Character Generator, Daytime, Discard, Echo, and Quote of the Day.
Turn off port 21: Close the FTP Publishing Service, which provides services that provide FTP connection and management through the management unit of the Internet Information Service.
Turn off port 23: Turn off the Telnet service, which allows remote users to log in to the system and run the console program using the command line.
Turn off port 25: Turn off the Simple Mail Transport Protocol (SMTP) service, which provides the ability to send email across the network.
Close 80: Turn off the WWW service. The name "World Wide Web Publishing Service" is displayed in the Service, and Web connection and management is provided through the snap-in of the Internet Information Service.
Turn off the default share: In Windows 2000, there is a "default share", which is to automatically share the system installation partition when installing the server, although the super user password is required for access, but This is a potential security risk. From the perspective of server security, it is best to turn off this "default share" to ensure system security. To do this, click Start/Run, type "Regedit" in the Run window, open the Registry Editor, expand "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetLanmanworkstationparameters", and create a double-byte value called "AutoShareWks" in the right window. Its value is set to 0, (Win2000 Professional Win XP); [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters]
"AutoShareServer"=dword:00000000 (win2000 server, win2003 server) This will completely close the "default share". (To remember to run net share c$Content$nbsp;/del under DOS, there are several default shares to execute a few times, don't tell me this will not be awkward :)
Close port 139: Port 139 is the NetBIOS Session port, used for file and print sharing. Note that the Unix machine running samba also has 139 ports open, the same function. To turn off the 139 listening method, select "Internet Protocol (TCP/IP)" attribute in "Local Area Connection" in "Network and Dial-up Connection", enter "Advanced TCP/IP Settings" and "WINS Settings". There is a "Disable TCP/". IP NETBIOS", ticked off port 139.
For individual users, you can set it to "disable" in each service property setting, so that the next time you restart the service, the port will be restarted.
Close port 445: modify the registry, add a key value
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters]
"SMBDeviceEnabled"=dword:00000000
Close Terminal Services: Open "My Computer" → "Control Panel" → "Add /Remove Programs" → "Add and Remove Windwos Components" in the Windows 2000 Sever version, and uninstall the "Terminal Connector" in it!
Modify the default port of Terminal Services:
Server: Open the registry, find the RDP-TCP subkey in "HKLMSYSTEMCurrentControlSetControlTerminal ServerWin Stations", and modify the PortNumber value.
Client: Create a client connection according to the normal steps, select this connection, select Export in the File menu, and generate a file with the suffix .cns in the specified location. Open the file and modify the "Server Port" value to the value corresponding to the PortNumber on the server side. Then import the file (method: menu → file → import), so the client has modified the port.
Prohibited: IPC$ empty connection
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
"restrictanonymous"=dword:00000001
Remember to disable the service server~~~ Ipc$ default share delete ~~~~ This is effective after reboot~~~
Turn off unnecessary services, such as Messenge service, remote registry access service, Telnet service, of course, you can use black base to close the port. Under the firewall such as blackice to screen off, or use ipsec management strategy to prohibit these ports ~~~ Everyone is forbidden to think about or understand the role of the disabled port, or it may affect your department I hope that I can help you.
Windows 2003 is increasingly favored by users for its stable performance, but in the face of endless
I. Introduction to Active Directory (1) Directory Service The directory is a database that stores
Installed Windows Server 2008 Beta3, sometimes the security is too high, which will make us ordinary
At present, there are more and more schools using Windows 2003 as a web server. However, for users w
Setting Up Local Policy for Win 2003 Application
Windows 2008 PKI combat 1: Management
Solution for error or loss of DLL file in Win2000
Windows Server 2008 new technology analysis
Make your Win2008 more secure Limit anonymous access
Install Macintosh Print Service and UNIX Print Service in Windows Server 2003
Windows 2008 PKI combat 4: Revocation
Microsoft demonstrates Windows Server 2008 server hot swap function
Windows 2003 server security configuration ultimate flexible technology
How to install Virtual PC in Windwos7
Win xp system hidden secrets public how to do fast shutdown
WindowsXP system did not respond after booting, it took a few minutes to operate the solution
Getting Started Tips Nine Keys Server novices need to keep in mind
Broadband problem can't be delayed! Win7 encounters error 711 how to do
What should I do if the entire screen color of my computer turns blue?
Win7 system comes with a theme that is not beautiful how to delete?