Protect the operating system with Group Policy (1)

Protect the operating system with Group Policy:

When we use the computer, we will encounter various situations where our favorite wallpapers are modified, IE options are modified, etc. These changes are brought to the use of the computer. A lot of inconvenience. If you want to change these back and you need to use other software to complete, is there any way to prevent us from happening before we ban it before it is modified? In fact, you can use the group policy that comes with Windows XP. You only need to set the relevant options and you can easily do it without modification. Starting Group Policy When starting Group Policy, click the “Start” button, select the “Run” command, and enter the “gpedit.msc” command in the “Run” text box to start Group Policy. Don't change my wallpaper. We often set the picture we like as a desktop wallpaper, but sometimes the set wallpaper will be modified by others. What do you need to do to prevent others from modifying their wallpaper? In fact, you can use Group Policy to achieve it. There are related options in the group policy that prohibit the modification of the wallpaper. You only need to make the corresponding settings. In Group Policy, an "Active Desktop Wallpaper" policy is provided, which allows users to set wallpapers on the desktop and prevent users from changing the wallpaper and its appearance. The setting method is as follows: In the "Local Computer Policy" on the left side of the Group Policy window, expand “User Configuration & Rarr; Management Template & Rarr; Desktop & Rarr; Active Desktop” Then double-click the “Active Desktop Wallpaper” policy item in the right window to bring up a setting dialog box. First click on “Allow” and select the single text box. The following text box has been activated, in which the name of the wallpaper is In the ” key, type the folder and name of the wallpaper image file. And in the following "Wallpaper Style", specify whether the wallpaper is in the center, whether it is tiled or stretched, etc. Here we can select according to the needs, then click the "OK" button, then others Never change the wallpaper on your desktop anymore. In this strategy, the system provides a UNC path. Through this function, we can set the pictures in the network or the pictures in other computers on the LAN to make wallpapers. If you set the pictures on other computers, we can input the format of //Server/l.jpg. . After setting this policy, users can't change the wallpaper through “system properties”.

Hide “Internet Options> If you have a computer with someone else, you have the necessary settings for IE, such as security level, control enable settings, and so on. After these settings, you don't want others to make changes. In this case, we can use the Group Policy to block the items in the Internet options and enable them later. When blocking IE's "Internet Options" project, first expand "User Configuration & Rarr; Management Template & Rarr; Windows Component & Rarr; Internet Explorer & Rar; Internet Control Template", at this time in the right window appears to disable "Internet" All tag items of the option ", if you want to block a tag item, such as: regular tag item. Double-click the “disable general tab item" policy, and then click the “Enabled” option in the pop-up dialog box to block it. Click here when we use each function. The item can be restored if it is not configured. Let “Task Manager” disappear We usually display user options when pressing Ctrl+Alt+Del, including the Task Manager, Lock Computer, Change Windows Password, Log Off Windows, Shut Down and more. These options are very important, we can block these buttons in Group Policy in order to prevent others from operating. First, expand “user settings →management template → system → Ctrl+Alt+Del option” branch, under this branch we can share & delete; delete task manager, delete locked computer, delete change password, delete logout , & rdquo; four strategies, double-click the item that needs to be shielded, pop up a settings dialog box, select the enable option in the dialog box.

control illegal downloading files often we drove IE when browsing the web, there will always encounter some good movies, software, I wanted to download, so not only take up hard disk space, and gave us the system Security brings a lot of problems. In order to make our system more secure, we need to install a lot of software to shield the download function, which is not only troublesome and bothersome. In fact, Windows XP has already considered these in Group Policy, and also set the corresponding options. When the IE download function is disabled, in the console window, expand “computer configuration →admin template →Windows Components→security function →limit file download”, double-click "Internet Explorer" in the right window, then pop up A settings dialog, click "Enable" to enable this policy setting, which will prevent non-user initiated file download prompts for Internet Explorer processes. & ldquo; OK & rdquo; can not use IE to download files later. File and Folder Settings Auditing Windows XP can use audit trails to access user accounts, login attempts, system shutdowns or restarts, and similar events for accessing files or other objects. If you use Group Policy to audit files and folders, you can ensure their security, and others cannot easily destroy them. In the "Group Policy" window, expand the "Computer Configuration & Rarr; Windows Settings & Rarr; Security Settings & Rarr; Local Policies" in the right pane, and then select "Audit Policy" under the branch. Option. In the right pane, double-click the “Review Object Access” option in the pop-up “Local Security Policy Settings” window, and ““Local Policy Settings” in the box will be “successful” and “ld”; ;Failure” checkboxes are marked with a check mark. Through the above settings, we can make Windows XP system more secure. In fact, we provide more security settings for users in Group Policy. Here we mainly choose several typical settings, and other security policy settings. I will not repeat them one by one.

control illegal downloading files often we drove IE when browsing the web, there will always encounter some good movies, software, wanted to download, so not only take up hard disk space, but also It brings a lot of problems to our system security. In order to make our system more secure, we need to install a lot of software to shield the download function, which is not only troublesome and bothersome. In fact, Windows XP has already considered these in Group Policy, and also set the corresponding options. When the IE download function is disabled, in the console window, expand “computer configuration →admin template →Windows Components→security function →limit file download”, double-click "Internet Explorer" in the right window, then pop up A settings dialog, click "Enable" to enable this policy setting, which will prevent non-user initiated file download prompts for Internet Explorer processes. & ldquo; OK & rdquo; can not use IE to download files later. File and Folder Settings Auditing Windows XP can use audit trails to access user accounts, login attempts, system shutdowns or restarts, and similar events for accessing files or other objects. If you use Group Policy to audit files and folders, you can ensure their security, and others cannot easily destroy them. In the "Group Policy" window, expand the "Computer Configuration & Rarr; Windows Settings & Rarr; Security Settings & Rarr; Local Policies" in the right pane, and then select "Audit Policy" under the branch. Option. In the right pane, double-click the “Review Object Access” option in the pop-up “Local Security Policy Settings” window, and ““Local Policy Settings” in the box will be “successful” and “ld”; ;Failure” checkboxes are marked with a check mark. Through the above settings, we can make Windows XP system more secure. In fact, we provide more security settings for users in Group Policy. Here we mainly choose several typical settings, and other security policy settings. I will not repeat them one by one.

control illegal downloading files often we drove IE when browsing the web, there will always encounter some good movies, software, wanted to download, so not only take up hard disk space, but also It brings a lot of problems to our system security. In order to make our system more secure, we need to install a lot of software to shield the download function, which is not only troublesome and bothersome. In fact, Windows XP has already considered these in Group Policy, and also set the corresponding options. When the IE download function is disabled, in the console window, expand “computer configuration →admin template →Windows Components→security function →limit file download”, double-click "Internet Explorer" in the right window, then pop up A settings dialog, click "Enable" to enable this policy setting, which will prevent non-user initiated file download prompts for Internet Explorer processes. & ldquo; OK & rdquo; can not use IE to download files later. File and Folder Settings Auditing Windows XP can use audit trails to access user accounts, login attempts, system shutdowns or restarts, and similar events for accessing files or other objects. If you use Group Policy to audit files and folders, you can ensure their security, and others cannot easily destroy them. In the "Group Policy" window, expand the "Computer Configuration & Rarr; Windows Settings & Rarr; Security Settings & Rarr; Local Policies" in the right pane, and then select "Audit Policy" under the branch. Option. In the right pane, double-click the “Review Object Access” option in the pop-up “Local Security Policy Settings” window, and ““Local Policy Settings” in the box will be “successful” and “ld”; ;Failure” checkboxes are marked with a check mark. Through the above settings, we can make Windows XP system more secure. In fact, we provide more security settings for users in Group Policy. Here we mainly choose several typical settings, and other security policy settings. I will not repeat them one by one.