Настройки след инсталация
Изтегляне 15.46 Kb.
|
| Настройки след инсталация
Проблеми са възможни във връзка с една от кръпките на Microsoft, чиято идея е да не позволява самостоятелното разпространение на червеи из мрежата. Вече всеки нов Windows щял да бъде на този принцип. Аз намериха къде точно са основните промени на дадената кръпка. Microsoft просто променя значенията на няколко клона в :
START -> SETTINGS -> Control Panel -> Administrative Tools -> Local Security Policy -> Local Policies -> Security Options
Там трябва да промените няколко клона за да изглеждат така : Accounts: Administrator account status - > Not Applicable Accounts: Guest account status - > Not Applicable Accounts: Limit local account use of blank passwords to console logon only - > Enabled Audit: Audit the access of global system objects - > Disabled Audit: Audit the use of Backup and Restore privilege - > Disabled Audit: Shut down system immediately if unable to log security audits - > Disabled Devices: Allow undock without having to log on - > Enabled Devices: Allowed to format and eject removable media - > Administrators Devices: Unsigned driver installation behavior - > Warn but allow installation Domain controller: Allow server operators to schedule tasks - > Not defined Domain controller: LDAP server signing requirements - > Not defined Domain controller: Refuse machine account password changes - > Not defined Domain member: Digitally encrypt or sign secure channel data (always) - > Enabled Domain member: Digitally encrypt secure channel data (when possible) - > Enabled Domain member: Digitally sign secure channel data (when possible) - > Enabled Domain member: Disable machine account password changes - > Disabled Domain member: Require strong (Windows 2000 or later) session key - > Disabled Interactive logon: Message text for users attempting to log on - > --------------- Interactive logon: Message title for users attempting to log on - > Not defined Interactive logon: Require Domain Controller authentication to unlock workstation - > Disabled Interactive logon: Smart card removal behavior - > No Action Microsoft network client: Digitally sign communications (always) - > Disabled Microsoft network client: Digitally sign communications (if server agrees) - > Enabled Microsoft network client: Send unencrypted password to third-party SMB servers - > Disabled Microsoft network server: Amount of idle time required before suspending session - > 15 minutes Microsoft network server: Digitally sign communications (always) - > Disabled Microsoft network server: Digitally sign communications (if client agrees) - > Disabled Microsoft network server: Disconnect clients when logon hours expire - > Enabled Network access: Allow anonymous SID/Name translation - > Not Applicable Network access: Do not allow anonymous enumeration of SAM accounts - > Disabled Network access: Do not allow anonymous enumeration of SAM accounts and shares - > Disabled Network access: Do not allow storage of credentials or .NET Passports for network authentication - > Disabled Network access: Let Everyone permissions apply to anonymous users - > Disabled Network access: Shares that can be accessed anonymously - > COMCFG,DFS$ Network access: Sharing and security model for local accounts - > Classic - local users authenticate as themselves Network security: Do not store LAN Manager hash value on next password change - > Disabled Network security: Force logoff when logon hours expire - > Disabled Network security: LAN Manager authentication level - > Send LM & NTLM responses Network security: LDAP client signing requirements - > Negotiate signing Network security: Minimum session security for NTLM SSP based (including secure RPC) clients - > No minimum Network security: Minimum session security for NTLM SSP based (including secure RPC) servers - > No minimum System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing - > Disabled System objects: Default owner for objects created by members of the Administrators group - > Object creator System objects: Require case insensitivity for non-Windows subsystems - > Enabled System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) - > Enabled
При така на правени настройки на Local Policies Security Options ви гарантирам, че няма никакви проблеми с работата в мрежа даже и за юзерите ползващи Win98. ПС. И естествено ако държите на сигурността трябва да си настроите и вградения Firewall а според мен най-добре изобщо да бъде изключен. Как да стане това, можете да прочетете тук Каталог: programs -> PC%20Help PC%20Help -> Cmd cmd exe Файл на процеса PC%20Help -> Доставчик на линковете PC%20Help -> Ръчно чистене на вируси PC%20Help -> "Букварни" съвети, за онези, що желаят наистина да си клокнат машините, но са още в пелени PC%20Help -> Рува ли си да ползвате ntfs? Преди всичко трябва да имате впредвид че ntfs PC%20Help -> Многооо внимавайте да не пипнете нещо, което не ви трябва ! 1 – да забраним acpi PC%20Help -> Internet Explorer 0 може да е сигурен браузер Изтегляне 15.46 Kb. Сподели с приятели:
|