At present, the operating system released by Microsoft has built-in "service" function. For us, the "service" that is not used will not only occupy system resources, but more importantly, some services will start the system and will be invaded (such as 33889 "Terminal Services" terminal service, "Remote Registry" support remote connection registry service ...), may some readers have thought of "disable" these services is not enough? Setting these services to "disable" prevents others from invading your system, but as long as the other party gets your username and password, there is still a way to change these services to "start", in addition to enhancing the user password, What is a good way to prevent the other party from using the open service to invade? Use the following methods to effectively prevent the other party from using certain services to invade your system.
Method 1: Disabling the service
will easily disable the system to be hacked, and then delete the registry key corresponding to these services, so that even if the other party is connected to your system service The properties of the service cannot be modified from the list. You cannot start the service without modifying the service properties. Open the registry editor, and then find the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices" item. Each subkey under it is the corresponding "service" in the system. For example, the subkey corresponding to the "Messenger" service is "Messenger", but some services are available. The names will not be the same, but they are also easy to find. The key value of "DisplayName" is the display name of the service. Here is an example of deleting the "Messenger" service. The other service methods are the same, except that the items deleted in the registry are different. Before deleting the item, you must first export it to the backup, then click the "Messenger" item and press the right mouse button to select " Delete the "(rename can also be) command. Double-clicking "Messenger" in the service list will bring up the error message as shown in (Figure 1). Of course, the other party will connect to your service list and double-click it will appear instead of the property box. If you want to restore this service, just import the registry file you just backed up into the registry.
1 error message prompt window
Method two: Rename "display name"
If the other party has been a user name and password, and your system has turned The "Remote Registry Connection" service, then the other party can also restore the modification settings in "Method 1" by remotely connecting to your system registry. Now try this method, and the display name of "Service" is heavy. Name it another name, so the other party wants to open the "service" and it is not as fast as usual.
Also take the "Messenger" service as an example, open the registry editor, find the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMessenger" item, find the "Description" button in the right window, this button corresponds to the description of the "service", The value is deleted, and then the "DisplayName" key is found. This key corresponds to the name displayed by the "service" in the list. Double-click the "DisplayName" button to change its value to another name such as (Gsn), press the "OK" button. Exit the Registry Editor, this modification will not take effect until you restart the system. Run "Service.msc" to view the modified effect. You will find a service with "Display Name" of "Gsn" in the "Service List", and this "Service" is the previous "Messenger" service. Use the same method to change the "service" that needs to be modified to another name. Of course, you should record the modified name and the corresponding "service" when you modify it. Otherwise, you don't know when you need to open this service later. Which service, the service that should be "disabled" should also be set to "disabled". After such modification, the other party wants to open the "service", it is quite difficult to find it, but if the other party here is "service" Double-click to view, then you will find the "service" you need, because the real name of the "service" will be displayed in the "Services" property box. The other party can identify the "service" to be found based on this name. How to modify the "service name" here, please refer to "method three".
Method 3: Modify the "service name"
To modify the name of the "service", here are two tools, "Srvinstw.exe" and "Srvany.exe". Both tools can be found in the Windows 2000 Resource Kit, or take the "Messenger" service as an example. After getting these two tools, double-click the "Srvinstw.exe" tool and click the "Install a service" option. In the "Service Name", enter the name you renamed the "Messenger" service (Gsnsrv), fill in the path of the "Srvany.exe" file in the path of selecting the path, the other settings can be the default, after the addition is completed, the original The "Messenger" service registry key export backup (method 1 has been backed up), then "Messenger" service "disabled", run the "Srvinstw.exe" tool again, select the "Remove a service" option will be the original "Messenger "The service is removed from the list. Now find the registry file you just backed up and open the edit. Change the line "[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMessenger]" to
"[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesgsnsrv]", where "Gsnsrv" is the name renamed by the "Messenger" service in the wizard, save the exit file, then import it into the registry, now run "Service.msc" to open the service The list looks at the properties of the "Messenger" service. It can be seen from Figure 2 that the name has been modified to "Gsnsrv". Next, the methods are modified in conjunction with the "Method One" and "Method Two" methods or simply the service is listed from the list. Delete, and finally delete the default share, so it is even harder for the other party to invade your system.
Tip: Before performing the above operations, you must do a related backup, such as the registry, the display name in the service properties box, the service name, the path to the executable file, and the path to the executable file. That program must be backed up and recorded before it can be executed. It is recommended that the above operations be performed only for those services that are not used and that are likely to cause the system to be compromised. After all, some services may fail after the above modifications.
Figure 2 Messenger properties
Domain Rename Tools is a new network maintenance tool that Windows Server 2003 adds to meet user nee
The default installation of Windows Server 2008 is to use the system default Administrator system su
First, the existing environment First of all, please add the Windows 2008 server to the original Wi
In daily work, users often use WordPad, Notepad, WPS 2000 and Word 2000 and other text editing progr
Set up a network policy to make accessing Windows 2008 more secure
NT Upgrade to 2003 How to Apply Registry and File System
Customized and secure Win 2003 operating system (below)
Win 2008 Precision Password Policy and Account Lockout Strategy
Windows Sever 2008 is so fascinating
Windows NT "NTLDR is missing" fault resolution
Power Management Status Diagnostics for Win2k "Secret Weapons"
Windows 2000 Security Maintenance and Error Resolution Example
Windows 2008 Enterprise Centralized Application Access
Windows Server 2008 only 64-bit version supports virtualization
win2003AD database backup and restore graphic tutorial
Win8 feel the first day of Metro style
Win7 system desktop archive file
How Win7 removes expired notification area icon
What if Remote Desktop cannot access the Win10 system under the local account?
Windows 7 Set Start Menu The number of recent documents is
Windows XP Optimization Settings Network
Win8 upgrade Win10: Setup.exe command line parameters explain