Shulou(Shulou.com)06/01 Report--

This article shows you how to use limited user account permissions to strengthen the security of windows system, concise and easy to understand, absolutely can make you shine, through the detailed introduction of this article I hope you can gain something.

When discussing the trade-off between system security and convenience, tipping the scales too far toward convenience can sometimes have disastrous consequences. Therefore, sacrificing some convenience to strengthen system security by limiting user account power should be a noteworthy and unavoidable problem.

Hiding account names

This can be done by modifying the registry:

1. Run the "regedit" command at the "Run" of the "Start" menu to enter the Registry Editor;

2. Open HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/SpecialAccounts/UserList, create a new DWORD value, set the name of this value to the name of the account you want to hide, and set the value to 0 xp System Download.

This way, your hidden accounts (such as admin accounts) will not appear on the welcome screen. To log in to an account that isn't on the welcome screen, press Ctrl+Alt+Delete twice to display the "Log in to Windows" dialog box, enter your username and password. However, accounts hidden in this way cannot use the quick user switch feature, because the technique of pressing Ctrl+Alt+Delete twice only works when no one else is logged on to the computer.

The author hid his administrator account in the dormitory, leaving only a public account on the welcome screen. Students only needed to enter the password to enter the system. This is convenient for students, but also to prevent the busybody of my administrator password questioning.

Forcing access to specific accounts through automatic login

Of course, you can go even further and use the seemingly insecure automatic login feature. That way, you can force other users into a particular account without inciting them to guess the passwords of other accounts. Specific methods:

1. In the Start menu, run the command control userpasswords2 at Run, enter User Account, cancel the check box of "User must enter user name and password to use this computer" in the "User" tab column, and click OK (as shown in Figure 1);

2. Windows will then pop up a prompt box (Figure 2) asking you to enter the username and password for the account you are automatically logged into each time your computer starts.

Of course, other settings can be made in the HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon primary key to further control the automatic login process:

1. In fact, after completing the automatic login, the user can completely log out of the account, and then return to the welcome screen, and then select another account to log in. In this case, setting up automatic login seems to make little sense. To avoid this, add a string value called ForceAutoLogin to the primary key mentioned above and set it to 1. In this way, the system will automatically log in to the specified account even after logging out;

2. By default, you can hold down the Shift key at startup to prevent automatic login. To eliminate the Shift key's effect on automatic logins, add a string value called IgnoreShiftOverride and set it to 1;

3. You can also limit the number of times automatic login can be carried out, so that it reaches this number of times, automatically close this function. To do this, add a DWORD value called AutoLogonCount and set it to the number of times you want to use automatic logins. This way, AutoLogonCount is decremented by 1 each time the computer starts and performs an automatic login. When it is reduced to 0, Windows changes the value of AutoAdminLogin to 0(turns off automatic login) and deletes the AutoLogonCount value.

It is strongly recommended to leave a backdoor for yourself. If you follow all the above methods, you will no longer be able to log in with other accounts. Of course, if the account you specify is at least user level (which is already considered a relatively safe level), although it cannot modify the registry, it can at least run the control userpasswords2 command, so there is room for manoeuvre.

Limit the use of hard disk partitions and folders

If you feel that restricting user account power is not enough, some partitions do not want others to use or only give them the right to read and run, then you can set their security attributes (the premise is that the system should be Windows XP Pro and your partition must be NTFS format, so that its attributes have a "security" label bar, if it is FAT format, it is recommended to use PQMagic and other software to convert it to NTFS format, which is more beneficial to system security). The specific steps are as follows:

1. After logging in to the system as an administrator, right-click a partition in My Computer and select Properties-> Security. In the Security tab, you can add or delete groups or users to which the partition belongs. After selecting a user, you can select and set its permissions (as shown in Figure 3);

2. To add a user, click "Add", click "Advanced" in the "Select User or Group" window, and then click "Find Now". Select a user in the user group list at the bottom of the window, and return to the "Security" tab after confirmation. At this time, you can see the added user in the "Group or User Name" column;

3. Select a user and click Delete to delete it. In this way, you can remove other users, so that the partition belongs only to the administrator user, when logging in to the system with other user accounts, you can not enter and use the partition depth xp system download.

If you don't want to be too extreme, and for the convenience of logging in as a user, you can keep only the administrator user and Everyone user:

Click Everyone user, click only the "Read and Run" option in the permissions bar below (and automatically select the "List folder directory" and "Read" permissions), so that other users cannot write new information to the partition.

Of course, you can also make a folder in the partition not used by other users, the operation is the same as above (just right-click the object for folder). However, there is one issue that must be resolved here, namely,"paternal inheritance." When deleting a user to which the folder belongs, a security prompt box will pop up (as shown in Figure 4), indicating that you cannot delete the user. This is because the partition or folder in which the folder is located has not been deleted by the user to whom they belong, so deletion cannot be performed (but addition can be performed). At this time, you should cut off the inheritance of the child folder to the parent folder permissions, as follows:

Click the Advanced button in the Security column of Properties, and cancel the check box of "Inherit permission items from parent items that can be applied to child objects, including those explicitly defined here" under the Permission tab column (as shown in Figure 5). After confirming, a safety prompt box will pop up and select the "Copy" button to complete the operation. This allows you to perform the delete operation.

Note: All of the above operations require users to log on to the system as administrators or as members of their group.

The above content is to use the method of restricting user account permissions to strengthen the operation method of windows system security, have you learned knowledge or skills? If you want to learn more skills or enrich your knowledge reserves, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.