Windows XP is an operating system that supports multi-user accounts. After each account is established, Windows XP will allocate independent private space to the corresponding users, thus ensuring that unauthorized users cannot access other people. The private file, by setting the user account type, can limit the system operation level of different accounts, thereby preventing the restricted user from modifying the system configuration information and affecting the security of the system or other user data. This is the convenience that Windows XP brings to us, but on the other hand, under the default installation settings of Windows XP, there are a lot of security risks in the account, such as when we first install Windows XP, we need to set up our own User account, the first set of accounts has the privileges of the computer administrator, but at the same time the system default another account administrator with computer administrator privileges, can not be seen in the Windows XP welcome screen, because its initial password is empty, Therefore, if you do not close the Administrator account or change the password of the Administrator account, others can use the Administrator account to obtain the highest usage rights of the computer, which poses a major hidden danger to the security of the computer. Therefore, you need to modify the settings of the Windows XP account to ensure the maximum security of the user account. Turn.
First, understand the Windows XP user account Windows XP default user account mainly includes two categories: computer administrator account and limited account, computer administrators to achieve the purpose of user rights assignment by giving different account types with different user names . But this is just a default user rights assignment method for Windows XP. When you need to modify specific permissions, you need to understand the concept of user, group and user rights assignment. Windows XP will use Group Policy to list specific rights, assign permissions to the corresponding groups through user rights assignments, each group is a combination of a certain number of permissions, and then each user account is assigned to the group, each User accounts can be assigned to multiple groups so that associations between user accounts and specific rights can be made. Second, the right to use the right to create an account "firewall" to protect the system and the security of each user, the first is to clarify the permissions of each user, to prevent unauthorized use, damage other users or system permissions. 1. Turn off the default Administrator and Guest accounts. To prevent others from using software (such as Windows Key) to crack the password of the Administrator account and avoid anonymous login, you need to close both accounts. Log in to Windows XP with a non-Administrator computer administrator-level account (the operations described below are all using a non-Administrator computer administrator account to log in to Windows XP) unless otherwise specified. Open Control Panel→Administrative Tools ”→“Computer Management”. Click "System Tools" → "Local Users and Groups" → "Users", double-click the "Administrator" account in the user list box, in the "Administrator Properties" window, check "Account is disabled" (Figure 1), then Click "Affiliate", select "Administrators", click "Delete", so the Administrator account is deactivated, and the permissions of its computer administrator are also deprived.
Tip: In addition to the above methods, you can also modify the configuration of the Administrator and Guest accounts in the Windows XP local security policy. Open "Control Panel" → "Administrative Tools" → "Local Security Policy", click "Local Policies" → "Security Options". If you only need to deactivate the Administrator and Guest accounts, you can double-click "Administrator Account Status" in the policy list. With "Guest Account Status", "Enabled" in the Modify Properties window is "Deactivated". You can also change these two account names. In the policy list of security options, double-click Rename Guest Account and Rename System Administrator Account to change the name. In the user list box, select "Administrator", right-click, select the menu "Rename", and change the "Administrator" name to completely close the "Administrator" account. Use the same method to close the Guest account. 2. Disable security mode, restrict restricted users from modifying the registry. By modifying the registry, users cannot enter Windows XP with the command line security mode, avoiding others using the net user command to modify other users' passwords in safe mode, and the restrictions are limited. The user accesses and modifies the registry to prevent others from modifying the registry to initiate a secure mode. Log in to Windows XP with an administrator-level account, enter "regedit" in the "Run" window, open the registry editor, find the HKEY_LOCAL_MacHINESYSTEMCurrentControlSetControlSafeBoot key, rename the "Minimal" and "Network" items under SafeBoot to "Minimal1" and "Network1" or other name different from the original key value (Figure 2), after the modification is completed, others press F8 to enter any security mode when starting, the system will automatically restart.
In the Registry Editor, select HKEY_LOCAL _MACHINE, right click, select the menu "Permissions", open the "HKEY_ LOCAL_MacHINE Permissions" window, select "Users", and tick "Users permissions" under "Read " Item (Figure 3). This will prevent the normal user from modifying the registry to restore the security mode to normal.
3. Limiting the Number of Computer Administrator Accounts When setting up a Windows XP user account, you should minimize the number of accounts that have a computer administrator level so that others have less opportunity to gain advanced privileges. If the ordinary user is dissatisfied with his or her own authority, the computer administrator can obtain a certain degree of rights promotion as a computer administrator by creating a new group or modifying the rights of the original group. Log in to Windows XP, open "Local Security Settings" from "Control Panel" → "Administrative Tools" → "Local Security Policy", click "Local Policies" → "User Rights Assignment" (Figure 4), click on the need to add Right policy, in the pop-up properties window, click "Add User or Group", then select the corresponding group name or account name, and then determine the completion of the right increase. Conversely, if you select a user or group that has already been added in the Properties window, click "Delete" to reclaim the corresponding rights.
Third, use the password to create an account "firewall" The second password is a common account login protection, but if you think that setting a password, everything will be fine, certainly not, others You can crack your password in every possible way. If you don't lock the account, anyone can use the enumeration method to crack the password-by-password until the test is successful, although this method is not necessarily very effective, but After all, I will give others opportunities. So the goal of our password "firewall" is: don't give others a chance. 1. Password settings are complicated To prevent ordinary users from setting passwords at random, we need to use security policies to force them to set passwords that meet the complexity requirements to increase the difficulty of cracking. Log in to Windows XP, open "Local Security Settings" from "Control Panel" → "Administrative Tools" → "Local Security Policy", click "Account Policy" → "Password Policy", double-click the password in the policy list must meet the complexity requirements. (Figure 5), select "Enabled" in the properties window, OK. Double-click "Password Length Minimum" in the policy list, and set the password to at least 8 characters in the Properties window.
Tip: When the account password meets the complexity requirements, the password must be at least 6 characters, not including all or part of the user account name, including characters from three of the following four categories: English uppercase Letters (from A to Z), English lowercase letters (from a to z), numbers (from 0 to 9), and non-alphabetic characters (such as !, $, #, %). 2. Account lockout to prevent cracking