Pages

Jumat, 11 November 2011

Windows 2000的系统安全设置 System security settings for Windows 2000

如何让我们的计算机更好、更安全地运行,是每一个用户都在思考的问题,我们将介绍如何利用Windows 2000自身的功能实现对系统的安全控制,希望对广大用户的数据安全有所帮助。 How to make our computers better and safer to run, each user is thinking about the problem, we will describe how to use Windows 2000's own capabilities to achieve the system's security controls, the majority of users want to help data security .

操作人员的设置Windows 95/98系统是一个多用户操作系统,但它在用户管理方面却非常混乱,非法入侵者甚至可以在启动时通过密码确认对话框直接添加新用户,这给我们控制系统带来了很大不便,不过Windows 2000对此进行了改进,它提供了用户名的选择性登录功能,我们可事先将所有用户全部添加在系统中,然后由系统在启动时将这些用户列表显示出来,不同用户从中选择自己的用户名并输入相应的密码之后即可以自己的名义启动系统,而非法用户则无法通过密码确认直接创建新用户,他们只能通过单击“取消”按钮或按 ESC键进入系统。 Operator to set Windows 95/98 system is a multi-user operating system, user management, but it is very confusing, intruders can even start the password confirmation dialog box directly by adding a new user, which gives us control system with to great inconvenience, but Windows 2000 offers an improvement, it provides the user name of selective logging functions, we can all add all users in advance in the system, and then by the system when it starts to display a list of these users different users to choose their own user name and enter the password that you can start the system in their own name, while unauthorized users are unable to confirm directly create a new user password, they can only by clicking "Cancel" button or press the ESC key into the system. 我们可以据此分别对他们的权限进行限制。 Accordingly, we were to restrict their rights.

对超级用户权限的设置对超级用户而言,其操作权限一般不用做太多限制,不过仍须对屏幕保护等功能设置必要的密码,以维护自己离机时系统的安全。 The super user privileges to set the super user, the operating rights in general do not do too many restrictions, but still on the screen to set the necessary protection features such as password, to protect themselves from the machine system's security.

1. 1. 屏幕保护密码通过在桌面右击鼠标,进入“属性→显示属性→屏幕保护程序选项卡→密码保护”进行密码设置。 Screen saver password by right clicking the desktop, go to "Properties → Display Properties → Screen Saver tab → Password protection" password set. 运行屏幕保护,除了设置时间外,还可以在桌面上建立它的快捷方式(找到“WINDOWS\SYSTEM”目录下的.scr文件即可),还可以让它启动后自动运行(通过“启动”组实现并不安全)。 Screen saver is running, in addition to setting time, you can build it on the desktop shortcut (found in "WINDOWS \ SYSTEM" directory . Scr file to), you can also run automatically after it starts (through the "start" group to achieve is not safe).
⑴启动注册表编辑器regedit; ⑴ Start Registry Editor regedit;
⑵展开HKEY_LOCAL_MACHINE\SO ⑵ expand HKEY_LOCAL_MACHINE \ SO
FTWARE\Microsoft\Windows\CurrentVersion\Run分支; FTWARE \ Microsoft \ Windows \ CurrentVersion \ Run branch;
⑶在Run主键中新建一个名为“密码确认”的字符串值; Primary key in the Run ⑶ new one called "password confirmation" string value;
⑷双击新建的“密码确认”的字符串,打开“编辑字符串”对话框; ⑷ Double-click the new "password confirmation" of the string, open the "Edit String" dialog box;
⑸在“编辑字符串”对话框的“键值”栏中输入相应的屏保程序名及所在路径。 ⑸ in the "Edit String" dialog box of the "key" field enter the appropriate screen saver name and the path.
通过这样的设置每次启动系统时屏保都会自动运行,按Ctrl键试图跳过和按“Ctrl+Alt+Del”试图关闭都无能为力,从而确保系统安全。 Through this setting every time you start the system will automatically run when the screensaver, press the Ctrl key and press tried to skip the "Ctrl + Alt + Del" trying to shut down all powerless to ensure system security.

2. 2. 禁止光盘的自动运行功能 CD Autorun ban
Windows Windows
2000的光盘的自动运行功能也是系统安全的隐患,光盘中只要存在autorun. 2000 CD-ROM Autorun feature is also a system security risks, CD-ROM as long as there autorun. inf文件,则系统会自动试图执行文件中open字段后的文件路径(市场上已经出现了破解屏保密码的光盘,如果不禁止光盘的自动运行功能,以上所做的设置都将是白费),步骤为: inf file, the system will automatically try to execute the file  open  field after the file path (there have been on the market screensaver password cracking CD-ROM, CD-ROM if you do not ban the automatic-run feature, the settings made above would be in vain ), the steps are:
⑴展开HKEY_LOCAL_MACHINE\SO ⑴ expand HKEY_LOCAL_MACHINE \ SO
FTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer子键分支; FTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer subkey branch;
⑵在Explorer主键中新建DWORD值NoDriveTypeAutoRun,改值为1。 ⑵ in the primary key in the new Explorer DWORD value NoDriveTypeAutoRun, change the value of 1.

对普通用户权限的设置对普通用户,我们一方面应根据工作需要赋予他们适当的权限,如启动计算机,打开相应的应用程序对自己的数据文件进行拷贝、删除与操作,以保证工作的正常开展;另一方面,为了防止他们对系统进行修改而破坏整个系统,必须对他们的权限进行必要的限制。 For ordinary users to set permissions for ordinary users, we need to work hand should give them the appropriate permissions, such as starting the computer, open the appropriate application data files for your own copy, delete and operations to ensure the normal work ; the other hand, the system in order to prevent their destruction of the entire system modifications must be necessary for their rights restrictions. 对普通用户的权限进行限制的措施主要包括以下几项: For ordinary users to restrict the measures include the following:

1. 1. 删除“开始”菜单中有关命令和项目 Delete the "Start" menu for commands and programs
(1)对“开始”菜单中“收藏夹”选项的操作步骤如下: (1) "Start" menu in the "Favorites" option, follow these steps:
①启动注册表编辑器regedit; ① Start the Registry Editor regedit;
②展开HKEY_LOCAL_USER\SOFTW ② start HKEY_LOCAL_USER \ SOFTW
ARE\Microsoft\Windows\CurrentVersion\Policies\Explorer分支; ARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer branch;
③在Explorer下新建一个名为NoFavoritesMenu的DWORD值,将值改为1,则“开始”菜单中“收藏夹”选项就会消失。 ③ In the Explorer, create a new DWORD value named NoFavoritesMenu, the value to 1, then the "Start" menu in the "Favorites" option will disappear.
(2)对“开始”菜单中“文档”选项的操作步骤如下: (2) of the "Start" menu in the "Document" option, follow these steps:
利用上述方法在Explorer主键下新建NoRecentDocsHistory的DWORD值,将值改为1,则文档中的内容不能被修改。 Using this method the primary key in the Explorer under the new NoRecentDocsHistory DWORD value, the value to 1, the contents of the document can not be modified.
在Explorer主键下新建ClearRecentDocsOnExit的DWORD值,将值改为1,则每次退出系统时,将自动清除文档中的历史记录。 Primary key in Explorer DWORD value under the new ClearRecentDocsOnExit, the value to 1, then each time you exit the system will automatically clear the document history.
在Explorer主键下新建NoRecentDocsMenu的二进制值,将值改为01 00 00 00,则文档菜单消失。 Under the new primary key in Explorer NoRecentDocsMenu binary value, the value to 01 00 00 00, the document menu disappears.
(3)和上面相似,在Explorer主键下新建不同的值可以达到相应的效果,对应如下(括号内为值的类型): (3) and similar to the above, in the Explorer under the new primary key value can be different to achieve the appropriate effect, corresponding to the following (the type of value in brackets):
NoRun(DWORD)=1→“运行”选项消失 NoRun (DWORD) = 1 → "Run" option disappeared
NoSetFolders(二进制)=01 00 00 00→“设置”选项消失 NoSetFolders (binary) = 01 00 00 00 → "Settings" option disappeared
NoSetTaskbar(二进制)=01 00 00 00→禁止设置“任务栏”属性 NoSetTaskbar (binary) = 01 00 00 00 → prohibition set "Taskbar" Properties
NoFind(DWORD)=1→“查找”选项消失 NoFind (DWORD) = 1 → "Find" option disappeared
NoClose(DWORD)=1→“关闭系统”选项消失 NoClose (DWORD) = 1 → "closed system" option disappeared
NoLogOff(二进制)=01 00 00 00→“注销”选项消失 NoLogOff (binary) = 01 00 00 00 → "off" option disappeared
NoSaveSettings(二进制)=01 00 00 00→退出系统时不保存用户对环境所做的设置 NoSaveSettings (binary) = 01 00 00 00 → exit the system does not save user settings made on the environment
NoSetFolders(DWORD)=1→“设置”菜单中“控制面板”和“打印机”选项消失 NoSetFolders (DWORD) = 1 → "Settings" menu "Control Panel" and "printer" option disappeared

2. 2. 删除“网上邻居”等系统图标 Remove the "My Network Places" and the System icon
基于某些特殊需要,我们可能需要禁止普通用户使用桌面上的图标而又无法采用常规方式删除,为此,可采用如下方式: For some special needs, we may need to prohibit ordinary users to use the icon on the desktop but can not be removed using conventional methods, this can be used as follows:
①展开HKEY_LOCAL_USER\SOFTW ① start HKEY_LOCAL_USER \ SOFTW
ARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Desktop\NameSpace分支; ARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Desktop \ NameSpace branch;
②此时我们可以从NameSpace主键中看到“网上邻居”、“我的文档”、“回收站”等分支,只须删除这些分支即可。 ② At this point we can see the primary key from the NameSpace "My Network Places," "My Documents", "Recycle Bin" and other branches, you can simply delete these branches.

3. 3. 在图形界面下隐藏某个驱动器图标 Hidden in the graphical interface of a drive icon
为防止普通用户无意之中的破坏,我们可能希望将保存系统文件的磁盘分区以及光驱、软驱隐藏起来,不允许他们对这些磁盘分区进行访问,为此我们可以进行如下设置: To prevent unintentional damage to ordinary users, we may want to save disk partition and file system drive, floppy drive hidden, they are not allowed access to these partitions, for which we can make the following settings:
①展开HKEY_LOCAL_USER\SOFTW ① start HKEY_LOCAL_USER \ SOFTW
ARE\Microsoft\Windows\CurrentVersion\Policies\Explorer分支; ARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer branch;
②新建二进制值NoDrives,该二进制值就是用于设置是否隐藏某个驱动器的,它由4个二进制字节构成,每个字节的每一位都分别对应一个磁盘驱动器盘符,当某位为1时,资源管理器及我的电脑中的相应驱动器图标即会隐藏起来。 ② new binary value NoDrives, the binary value is used to set whether to hide a drive, it consists of four binary bytes, each byte corresponding to each bit of a disk drive letter, when someone is 1, the Explorer and My Computer in the appropriate drive icon that will be hidden. 驱动器的值是这样确定的,A~Z的值依次为2的0~25次方,把要禁止的驱动器的值相加,转换成十六进制就是NoDrives的键值,如要禁止A、D、E则值为1+8+16=25,转换成十六进制为19,修改NoDrives的键值为19 00 00 00即可。 Drive value is so determined, A ~ Z the value of the order of 2 0 ~ 25 th, the drive to ban the value added, converted to hex is NoDrives keys, such as to ban A, D, E, the value is 1 +8 +16 = 25, 19 converted to hex, modify NoDrives the key to the 19 million.

4. 4. 禁止使用MS-DOS方式采用上述方法隐藏某个磁盘分区的作用仅限于图形界面,但在字符界面如MS-DOS方式无效,因此我们必须采用适当的方法禁止普通用户使用MS-DOS方式。 Prohibit the use of MS-DOS mode using the above method to hide a disk partition function is limited to the graphical interface, but in the character-based interface such as MS-DOS mode is not effective, so we must ban the use of appropriate methods of ordinary users using MS-DOS mode. 方法为: Methods are:
①展开HKEY_LOCAL_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies分支; ① start HKEY_LOCAL_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies Branch;
②在Policies主键下新建一个名为WinOldApp的主键,在WinOldApp主键下新建一个名为Disabled的DWORD值,改值为1(这项用于禁止用户进入Windows 2000的MS-DOS方式)。 ② In the Policies primary key, create a new primary key named WinOldApp, WinOldApp primary key in a new DWORD value called the Disabled, change the value of 1 (this used to ban users from Windows 2000, MS-DOS mode).
③在WinOldApp主键下新建一个名为NoRealMode的DWORD值,将值改为1(这项用于禁止用户在关闭系统时选择切换至MS-DOS方式)。 ③ In WinOldApp primary key, create a new DWORD value named NoRealMode, the value to 1 (this is used to prevent users from shutting down the system when the selection switch to MS-DOS mode).

5. 5. 禁止使用控制面板中的特殊功能前面我们介绍了通过“NoSetFolders”二进制值可禁止“开始”中的“设置”选项,不过有时我们并不希望关闭“控制面板”,而只是希望禁止普通用户使用其中的部分功能,我们可以利用Windows 2000目录下的CONTROL. Prohibit the use of special functions in the control panel in front of us through the "NoSetFolders" binary value against the "Start" in the "Settings" option, but sometimes we do not want to close the "Control Panel", and just want to prohibit ordinary users One part of the function, we can use the Windows 2000 directory CONTROL. INI文件达到目的。 INI file to achieve the purpose.
打开CONTROL. Open CONTROL. INI,在don'tload小节中加上“.CPL=NO”命令,则相应的系统控制项目就会从“控制面板”中消失。 INI, in  don'tload  section with ". CPL = NO" command, the corresponding system control program will be from the "Control Panel" disappeared. 如加上“SYSDM.CPL=NO”则“系统”项目就会消失,有关CPL文件与控制面板中项目的对应关系如下: And with the "SYSDM.CPL = NO" then "System" item will disappear, the CPL file and the corresponding items in the control panel is as follows:
ACCESS. ACCESS. CPL→辅助选项 CPL → Accessibility
APPWIZ. APPWIZ. CPL→添加/删除应用程序 CPL → Add / Remove Applications
DESK. DESK. CPL→显示器 CPL → Display
INETCPL. INETCPL. CPL→Internet属性 CPL → Internet Properties
INTL. INTL. CPL→区域 CPL → Regional
JOY. JOY. CPL→游戏控制器 CPL → Game Controller
MAIN. MAIN. CPL→鼠标、打印机、键盘、输入法、字体 CPL → mouse, printers, keyboards, input method, font
MMSYS. MMSYS. CPL→多媒体、声音 CPL → multimedia, sound
MODEM. MODEM. CPL→调制解调器 CPL → Modem
NETCPL. NETCPL. CPL→网络 CPL → Network
PASSWORD. PASSWORD. CPL→密码 CPL → Password
POWERCFG. POWERCFG. CPL→电源管理 CPL → Power Management
STICPL. STICPL. CPL→扫描仪与数码相机 CPL → Scanners and digital cameras
SYSDM. SYSDM. CPL→系统、添加新硬件 CPL → system, add new hardware
TIMEDATE. TIMEDATE. CPL→日期时间 CPL → date and time
ODBCCP32. ODBCCP32. CPL→ODBC数据源管理器 CPL → ODBC Data Source Administrator
TELEPHON. TELEPHON. CPL→电话 CPL → Phone
THEMES. THEMES. CPL→桌面主题 CPL → Desktop Themes
MLCFG32. MLCFG32. CPL→电子邮件 CPL → E-mail
FINDFAST. FINDFAST. CPL→文件检索 CPL → document retrieval
TOGMOUSE. TOGMOUSE. CPL→Toggle MOUSE CPL → Toggle MOUSE
TWEAKUI. TWEAKUI. CPL→TWEAK UI设置软件 CPL → TWEAK UI Setting Software
注:如加上“.CPL=NO”则隐藏“控制面板”中所有项目。 Note: add ". CPL = NO" to hide the "Control Panel" in all projects.

经上述设置后“控制面板”中的相应项目就不会出现,不过,只要上述文件还存在于计算机中,我们仍然可以运行,如系统托盘中的时间、声音等,我们可通过注册表修改来达到禁用。 Following the above settings "control panel" in the corresponding item will not appear, however, as long as the files still exist on the computer, we can still run, such as the time the system tray, sounds, etc., we can modify the registry to to disabled. 方法为: Methods are:
展开HKEY_LOCAL_USER\SOFTWA Started HKEY_LOCAL_USER \ SOFTWA
RE\Microsoft\Windows\CurrentVersion\Policies\System分支;在System主键下新建名为NoVirt RE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System branch; the primary key in the System under the new name NoVirt
MenuPage的DWORD值,改值为1,则“控制面板/系统”中“虚拟内存”选项卡失效; MenuPage DWORD value, change the value of 1, then "Control Panel / System" in the "Virtual Memory" tab of the failure;
和上面相似,在System主键下新建不同的值可以达到相应的效果,对应如下(括号内为值的类型): And similar to the above, in the System under the new primary key value can be different to achieve the appropriate effect, corresponding to the following (the type of value in brackets):
NoFile SysPage(DWORD)=1→“系统”中“文件系统”选项卡失效 NoFile SysPage (DWORD) = 1 → "System" in "File System" tab failure
NoConfig Page(DWORD)=1→“系统”中“硬件配置文件”选项卡失效 NoConfig Page (DWORD) = 1 → "System" in the "Hardware Profiles" tab failure
NoDev MgrPage(DWORD)=1→“系统”中“设备管理”选项卡失效 NoDev MgrPage (DWORD) = 1 → "System" in "Device Manager" tab failure
NoDisp Background Page(DWORD)=1→“显示”中“背景”选项卡失效 NoDisp Background Page (DWORD) = 1 → "Display" in the "Background" tab failure
NoDisp Scrsav Page(DWORD)=1→“显示”中“屏保”选项卡失效 NoDisp Scrsav Page (DWORD) = 1 → "Display" in the "screensaver" tab failure
NoDisp Appearance Page(DWORD)=1→“显示”中“外观”选项卡失效 NoDisp Appearance Page (DWORD) = 1 → "Display" in the "Appearance" tab failure
NoDisp Settings Page(DWORD)=1→“显示”中“设置、外观、Web页”选项卡失效 NoDisp Settings Page (DWORD) = 1 → "Display" in "setting, appearance, Web page" tab failure
NoDispCPL(DWORD)=1→“显示”设置项将被禁止 NoDispCPL (DWORD) = 1 → "Display" setting is disabled

6. 6. 删除“自建”子菜单中的命令 Remove the "self" sub-menu command
一般来说,单击鼠标右键都会从弹出的快捷菜单发现一个“新建”子菜单,不过有时为了安全起见,我们可能需要删除普通用户“新建”子菜单中的某些新建命令,对此可采用: In general, right-click the shortcut menu from the pop will find a "new" sub-menu, but sometimes for safety reasons, we may need to remove ordinary users "New" submenu in some of the new command, which can be used :
①展开HKEY_CLASSES_ROOT主键; ① Expand the HKEY_CLASSES_ROOT primary key;
②在HKEY_CLASSES_ROOT主键下找到要删除的新建文件类型的次级主键(如“.zip”次级主键); ② to find the primary key in HKEY_CLASSES_ROOT the new file type you want to delete the secondary primary key (such as ". Zip" secondary primary key);
③展开该次级主键下的“ShellNew”分支,将ShellNew分支下除“默认”项外的所有键值全部删除。 ③ Expand the sub-master key under "ShellNew" branch, the branch will be the next addition to ShellNew "default" entry for all foreign keys deleted.

7. 7. 清除“运行”等对话框中的历史记录①展开HKEY_LOCAL_USER\SOFTW Clear the "Run" dialog box, such as the history of ① start HKEY_LOCAL_USER \ SOFTW
ARE\Microsoft\Windows\CurrentVersion\Policies\Explorer分支; ARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer branch;
②该主键的RunMru分支用于显示“运行”的历史记录; ② The primary key of the RunMru branch used to display the "Run" history;
③该主键的DocFindSpecMRU分支用于显示“查找”的历史记录; ③ The primary key of the DocFindSpecMRU branch used to display the "Find" in history;
④HKEY_LOCAL_USER\Network\Recent分支; ④ HKEY_LOCAL_USER \ Network \ Recent branch;
⑤Recent主键用于显示“文档”的历史记录。 ⑤ Recent primary key used to display the "documents" of history.

8. 8. 禁止使用注册表编辑器我们在上述所做的一切工作都是基于注册表修改的,倘若用户非常熟悉注册表的构成,那么他们完全可以通过修改它来恢复被隐藏的项目,所以一定要在完成上述修改工作后把注册表禁用。 We prohibit the use of Registry Editor in the above are based on all the work done to modify the registry, the registry if the user is familiar with the composition, then they can modify it to restore the hidden items, so be sure to complete the The work to modify the registry to disable. 方法为: Methods are:
展开HKEY_LOCAL_USER\SOFTWA Started HKEY_LOCAL_USER \ SOFTWA
RE\Microsoft\Windows\CurrentVersion\Policies\System分支;在System主键下新建一个名为DisableRegistryTools的DWORD值,改值为1。 RE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System branches; in the System called the primary key, create a new DWORD value DisableRegistryTools, change the value of 1. 经过上述步骤后,我们就达到了对相应普通用户的权限进行设置的目的,重复上述操作,可对所有普通用户的权限逐一进行设置,设置完毕后我们应将不同用户的开机密码、电源管理、屏幕保护等初始密码分别告知,并指导他们用“控制面板”中的“密码”设置进行修改。 After these steps, we reached the corresponding ordinary users to set the goal, repeat the above operation, the user can access all the normal settings one by one, we should set up different user after power-on password, power management, The initial password protection screen were told, and guide them to use the "Control Panel" in the "Password" setting to be modified.

对非法用户的权限进行限制对于他们的权限,我们实施最大限度的限制,最好是让他们什么也做不成! On the user's permissions to restrict illegal for their rights, we have implemented the maximum limit, it is best to let them do anything! 为此,我们可重新启动计算机,并在系统弹出用户名登录框时按下ESC,以非法用户身份进入系统,然后进行设置。 To this end, we can restart the computer, and the username box will pop up, press ESC, to the illegal user into the system, and then set.

1. 1. 隐藏桌面所有图标展开HKEY_LOCAL_MACHINE\SOFT Hide all the desktop icons to start HKEY_LOCAL_MACHINE \ SOFT
WARE\Microsoft\Windows\CurrentVersion\Policies\Explorer子键分支;在Explorer主键下新建Nodesktop的DWORD值,将值改为1。 WARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer subkey branch; the primary key in the Explorer under the new Nodesktop DWORD value, change the value to 1.

2. 2. 删除“开始”菜单中所有命令 Delete the "Start" menu for all commands

3. 3. 禁止使用任何程序有了前面的两项限制措施,我们即可达到对一般非法入侵者进行控制的目的。 Prohibit the use of any program with the previous two restrictions, we can achieve control of the general purpose of the illegal invaders. 不过对那些高级别的入侵者,上面两项控制是远远不够的,他们仍可通过种种方式对系统进行破坏。 But for those high-level intruders, the above two controls is not enough, they can still damage the system in various ways. 而真正彻底的控制则是不允许运行任何程序。 The real control is not allowed to completely run any program. 方法为: Methods are:
①展开HKEY_LOCAL_MACHINE\SO ① Expand the HKEY_LOCAL_MACHINE \ SO
FTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer子键分支; FTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer subkey branch;
②在Explorer主键下新建RestrctRun的DWORD值,将值改为1。 ② in the Explorer under the new RestrctRun primary key DWORD value, change the value to 1.
不过你也可以发一下善心,给他几个Windows 2000自带的游戏玩一玩,方法为: But you can also send about good-hearted, to give him a few Windows 2000 comes with the game and play, methods are:
在Explorer主键下新建名为RestrctRun的主键,在其下分别新建名为1、2、3、4的字符串值,将值分别改为MSHEARTS. In Explorer, under the new name RestrctRun primary key primary key, respectively, in their next new string value named 1,2,3,4, the values ​​were changed to MSHEARTS. EXE、FREECELL. EXE, FREECELL. EXE、WINMINE. EXE, WINMINE. EXE、SOL. EXE, SOL. EXE(只需程序名,无需路径),则系统只能运行网上红心大战、空当接龙、扫雷、纸牌。 EXE (program name only, without path), the system can only run Internet Hearts, FreeCell, Minesweeper, Solitaire. 无法执行其它任何程序。 Can not perform any other procedure.

关键性的系统控制措施 Key system controls
看完前面的介绍,有些读者可能认为系统已经万无一失了,不过事实并非如此,还有很多“后门”可以为入侵者提供方便,如软盘启动网络及电子邮件等,我们必须将后门一一关闭(注:这些功能的关闭将对所有用户起到限制作用)。 After reading the previous introduction, some readers may think that the system is foolproof, but is not the case, there are a lot of "back door" to provide convenience for the invaders, such as floppy disks and e-mail network, we must close the back door of eleven ( Note: All these features off will play in restricting the user).
1. 1. 禁止采用软盘及光盘启动计算机。 Prohibiting the use of floppy disks and CD-ROM to start the computer. 即CMOS设置为C only; The CMOS is set to C only;
2. 2. 防治网络及电子邮件入侵。 Intrusion prevention network and e-mail.

随着网络的流行,各种黑客程序也越来越多,非法入侵者完全可以通过网络的形式在你的计算机中安上一个“后门”,然后入侵系统,这就需要使用专门的杀毒软件及防火墙软件来保护系统。 As the network's popular, more and more of a hacker program, intruders can form a network of placement in your computer a "back door", and then invade the system, which requires the use of specialized anti-virus software and firewalls software protection system. 至此,我们对Windows 2000的系统设置完毕,这可以使广大的新接触Windows 2000的用户有一个更安全的操作环境。 So far, we have Windows 2000 system is set up, which can make contact with the majority of new users of Windows 2000 have a more secure operating environment. 也给有经验的网管一个方便管理的环境。 Also experienced a convenient network management environment.

Tidak ada komentar:

Posting Komentar