This article introduces the "seven tricks" of how to prevent illegal user intrusions through seven-step settings.
First trick: Screen protection
After enabling screen protection in Windows, as long as the time we leave the computer (or do not operate the computer) reaches the preset time, the system will automatically start the screen saver. When the user moves the mouse or taps the keyboard to return to the normal working state, the system will open a password confirmation box. Only after entering the correct password can you return to the system. Users who do not know the password will not be able to enter the working state, thus protecting the security of the data.
Tip: Some screen savers with incomplete design do not block the "Ctrl+Alt+Del" key combination of the system, so you need to test whether the program has this major bug after the settings are completed.
However, screen saver can only be automatically started after the user leaves for 1 minute. Do we have to sit by the computer and wait for N minutes to see the screen saver activated before leaving? In fact, we just need to open the system subdirectory in the Windows installation directory, and then find the corresponding screen saver (the extension is SCR), right-click to drag them on the desktop, select the "Create Shortcuts in Current Location" command in the pop-up menu to create a shortcut for these screen savers on the desktop.
After that, we double-click this shortcut when we leave the computer to quickly start screen saver.
The second trick: cleverly hide the hard drive
Under the "By Web Page" viewing mode, a warning message will pop up when entering the Windows directory, telling you that this is a system folder. If "Modifying the content of this folder may cause the program to run abnormally, if you want to view the content of this folder, please click Show File". Click "Show File" to enter the directory.
The reason is that there are two files in the Windows root directory. Copy these two files to the root directory of a drive (because these two files are hidden files, you must click the "View" tab in the folder options before and select "Show all files" so that you can see these two files). Press the "F5" key to refresh and see what happened, and whether it was the same as when entering the Windows directory.
Next, we open it with "Notepad", which is a file written in HTML language. Use your imagination to modify it as much as possible.
It doesn't matter if you don't understand the HTML language. First find "Show file" to delete it. Find "Modifying the folder may cause the program to run abnormally. To view the contents of the folder, please click Show file", and change it to your favorite text, such as "Safely place, free people, please leave quickly."
Change "To view the contents of this folder, click" to "Other, you will be responsible for the consequences!", and then drag the slider down to the 9th line to find "(file://%TEMPLATEDIR%)". This is the path of the gear picture in the lower right corner of the window when displaying warning information, and change it to the path of your own picture. For example, replace the content after "//" with "d: upian". Remember that the suffix name of the picture must be typed out here, otherwise the picture will not be displayed.
Of course, you can also use web tools like Dreamweaver and FrontPage to achieve better results, and then just copy the original file to the back of the text below and overwrite the content between "~" in the original file.
*This file was automatically generated by Microsoft Internet EXPlorer 5.0
*using the file %THISDIRPATH% .
Save and exit, press the "F5" key to refresh, isn't it very personal? The next thing to do is to use "Super Rabbit" to hide the drive you want, and you can enjoy your work without restarting. Finally, let me tell you one more trick, which is to simply delete all the contents of "~" in the original file, which will create the illusion that this is an empty drive for those who open your drive, making the files in it safer.
The third move: Disable the "Start" menu command
Group policy functions are integrated in Windows 2000/XP, through which various software, computer and user policies can be set up to enhance the security of the system in some ways. Run the "Start → Run" command, enter "" in the "Open" column of the "Run" dialog box, and then click the "OK" button to start the Windows XP Group Policy Editor.
In "Local Computer Policy", expand the "User Configuration → Administrative Templates → Taskbar and Start Menu" branch step by step, and the relevant policies for "Taskbar" and "Start Menu" are provided in the right window.
When disabling the Start menu command, in the right window, policies such as deleting the utility group, the My Documents icon, the Documents menu, and the Online Neighbors icon are provided. When cleaning the "Start" menu, just enable the policy corresponding to the unwanted menu items. For example, taking the example of deleting the "My Document" icon, the specific operation steps are:
1) Double-click the "Delete My Document Icon from Start Menu" option with your mouse in the policy list window.
2) In the "Settings" tab of the pop-up window, select the "Enabled" radio button, and then click "OK".
The fourth move: Disable desktop related options
Windows XP's desktop is like your desk and sometimes needs to be organized and cleaned. With the Group Policy Editor, this work will be easy. Just expand the User Configuration → Administrative Templates → Desktop branch in Local Computer Policy to display the corresponding policy options in the window on the right.
1) Hidden system icons on the desktop
If you hide the system icon on the desktop, the traditional method is to modify the registry, which will inevitably cause certain risks. Using the Group Policy Editor can achieve this goal easily and quickly.
To hide the "Online Neighbors" and "Internet EXPlorer" icons on the desktop, just enable the "Hide Online Neighbors on the desktop" and "Hide Internet EXPlorer Icons on the desktop" policy options in the right window. If you hide all icons on your desktop, just enable "Hide and Disable All Projects on your desktop".
When the "Delete My Documents icon on desktop" and "Delete My Computer Icon on desktop" are enabled, the "My Computer" and "My Documents" icons will disappear from your computer desktop. If you no longer like the "Recycle Bin" icon on the desktop, you can also delete it. The specific method is to enable the "Delete Recycle Bin from desktop" policy item.
2) Prohibit certain changes to the desktop
If you do not want others to change the settings of your computer desktop at will, enable the policy option "Don't save settings when exit" in the right window. When you enable this setting, other users can make certain changes to the desktop, but some changes, such as the icon and the location of the opening window, the location of the taskbar and the size of the user cannot save after the user logs out.
Fifth trick: Disable access to the "Control Panel"
If you do not want other users to access the computer's control panel, you just need to run the Group Policy Editor and expand the "Local Computer Policy → User Configuration → Administrative Templates → Control Panel" branch in the left window, and then enable the "No Access Control Panel" policy in the right window.
This setting prevents the startup of Control Panel Program Files, and the result is that others will not be able to start Control Panel or run any Control Panel projects. In addition, this setting will delete the Control Panel from the Start menu, and this setting will also delete the Control Panel folder from Windows Explorer.
Tip: If you want to select a Control Panel item from the property items in the context menu, a message will appear stating that the setting prevents this action.
The sixth trick: Set user permissions
When multiple people share a computer, set user permissions in Windows XP, you can follow the following steps:
1) Run the Group Policy Editor program.
2) Expand the "Computer Configuration → Windows Settings → Security Settings → Local Policy → User Permission Assignment" branch step by step in the left window of the editor window.
3) Double-click the user permissions that need to be changed, click the "Add user or group" button, then double-click the user account you want to assign to the permissions, and finally click the "OK" button to exit.
Seventh trick: Folder settings review
Windows XP can use auditing to track user accounts used to access files or other objects, login attempts, system shutdown or restarts, and similar events, while auditing files and folders under NTFS partitions can ensure the security of files and folders. The steps to set up audits for files and folders are as follows:
1) In the Group Policy window, expand the "Computer Configuration → Windows Settings → Security Settings → Local Policy" branch in the right window step by step, and then select the "Audit Policy" option under this branch.
2) Double-click the "Audit Object Access" option with the mouse in the right window.
3) Right-click the file or folder you want to review, select the "Properties" command in the pop-up menu, and then select the "Safety" tab in the pop-up window.
4) Click the "Advanced" button and select the "Audit" tab.
5) Choose your operation according to the specific situation:
If you set up audits for a new group or user, you can click the Add button, type a new username in the Name box, and then click the OK button to open the Audit Project dialog box.
To view or change the original group or user audit, select the user name and click the View/Edit button.
To delete the original group or user audit, you can select the user name and click the "Delete" button.
6) If necessary, select the place you want to review in the Apply to list in the "Apply to" list in the "Audit Items" dialog box.
7) If you want to prohibit files and subfolders in the directory tree from inheriting these audit items, select the "Apply these audit items only for objects and/or containers within this container" check box.
Note: You must be a member of the Administrator group or a user authorized in Group Policy with the Administrative Audit and Security Log permission can audit files or folders. Before Windows XP audits files and folders, you must enable "Audit Object Access" of "Audit Policy" in Group Policy. Otherwise, when you set up file and folder review, an error message will be returned, and the files and folders will not be reviewed.
First trick: Screen protection
After enabling screen protection in Windows, as long as the time we leave the computer (or do not operate the computer) reaches the preset time, the system will automatically start the screen saver. When the user moves the mouse or taps the keyboard to return to the normal working state, the system will open a password confirmation box. Only after entering the correct password can you return to the system. Users who do not know the password will not be able to enter the working state, thus protecting the security of the data.
Tip: Some screen savers with incomplete design do not block the "Ctrl+Alt+Del" key combination of the system, so you need to test whether the program has this major bug after the settings are completed.
However, screen saver can only be automatically started after the user leaves for 1 minute. Do we have to sit by the computer and wait for N minutes to see the screen saver activated before leaving? In fact, we just need to open the system subdirectory in the Windows installation directory, and then find the corresponding screen saver (the extension is SCR), right-click to drag them on the desktop, select the "Create Shortcuts in Current Location" command in the pop-up menu to create a shortcut for these screen savers on the desktop.
After that, we double-click this shortcut when we leave the computer to quickly start screen saver.
The second trick: cleverly hide the hard drive
Under the "By Web Page" viewing mode, a warning message will pop up when entering the Windows directory, telling you that this is a system folder. If "Modifying the content of this folder may cause the program to run abnormally, if you want to view the content of this folder, please click Show File". Click "Show File" to enter the directory.
The reason is that there are two files in the Windows root directory. Copy these two files to the root directory of a drive (because these two files are hidden files, you must click the "View" tab in the folder options before and select "Show all files" so that you can see these two files). Press the "F5" key to refresh and see what happened, and whether it was the same as when entering the Windows directory.
Next, we open it with "Notepad", which is a file written in HTML language. Use your imagination to modify it as much as possible.
It doesn't matter if you don't understand the HTML language. First find "Show file" to delete it. Find "Modifying the folder may cause the program to run abnormally. To view the contents of the folder, please click Show file", and change it to your favorite text, such as "Safely place, free people, please leave quickly."
Change "To view the contents of this folder, click" to "Other, you will be responsible for the consequences!", and then drag the slider down to the 9th line to find "(file://%TEMPLATEDIR%)". This is the path of the gear picture in the lower right corner of the window when displaying warning information, and change it to the path of your own picture. For example, replace the content after "//" with "d: upian". Remember that the suffix name of the picture must be typed out here, otherwise the picture will not be displayed.
Of course, you can also use web tools like Dreamweaver and FrontPage to achieve better results, and then just copy the original file to the back of the text below and overwrite the content between "~" in the original file.
*This file was automatically generated by Microsoft Internet EXPlorer 5.0
*using the file %THISDIRPATH% .
Save and exit, press the "F5" key to refresh, isn't it very personal? The next thing to do is to use "Super Rabbit" to hide the drive you want, and you can enjoy your work without restarting. Finally, let me tell you one more trick, which is to simply delete all the contents of "~" in the original file, which will create the illusion that this is an empty drive for those who open your drive, making the files in it safer.
The third move: Disable the "Start" menu command
Group policy functions are integrated in Windows 2000/XP, through which various software, computer and user policies can be set up to enhance the security of the system in some ways. Run the "Start → Run" command, enter "" in the "Open" column of the "Run" dialog box, and then click the "OK" button to start the Windows XP Group Policy Editor.
In "Local Computer Policy", expand the "User Configuration → Administrative Templates → Taskbar and Start Menu" branch step by step, and the relevant policies for "Taskbar" and "Start Menu" are provided in the right window.
When disabling the Start menu command, in the right window, policies such as deleting the utility group, the My Documents icon, the Documents menu, and the Online Neighbors icon are provided. When cleaning the "Start" menu, just enable the policy corresponding to the unwanted menu items. For example, taking the example of deleting the "My Document" icon, the specific operation steps are:
1) Double-click the "Delete My Document Icon from Start Menu" option with your mouse in the policy list window.
2) In the "Settings" tab of the pop-up window, select the "Enabled" radio button, and then click "OK".
The fourth move: Disable desktop related options
Windows XP's desktop is like your desk and sometimes needs to be organized and cleaned. With the Group Policy Editor, this work will be easy. Just expand the User Configuration → Administrative Templates → Desktop branch in Local Computer Policy to display the corresponding policy options in the window on the right.
1) Hidden system icons on the desktop
If you hide the system icon on the desktop, the traditional method is to modify the registry, which will inevitably cause certain risks. Using the Group Policy Editor can achieve this goal easily and quickly.
To hide the "Online Neighbors" and "Internet EXPlorer" icons on the desktop, just enable the "Hide Online Neighbors on the desktop" and "Hide Internet EXPlorer Icons on the desktop" policy options in the right window. If you hide all icons on your desktop, just enable "Hide and Disable All Projects on your desktop".
When the "Delete My Documents icon on desktop" and "Delete My Computer Icon on desktop" are enabled, the "My Computer" and "My Documents" icons will disappear from your computer desktop. If you no longer like the "Recycle Bin" icon on the desktop, you can also delete it. The specific method is to enable the "Delete Recycle Bin from desktop" policy item.
2) Prohibit certain changes to the desktop
If you do not want others to change the settings of your computer desktop at will, enable the policy option "Don't save settings when exit" in the right window. When you enable this setting, other users can make certain changes to the desktop, but some changes, such as the icon and the location of the opening window, the location of the taskbar and the size of the user cannot save after the user logs out.
Fifth trick: Disable access to the "Control Panel"
If you do not want other users to access the computer's control panel, you just need to run the Group Policy Editor and expand the "Local Computer Policy → User Configuration → Administrative Templates → Control Panel" branch in the left window, and then enable the "No Access Control Panel" policy in the right window.
This setting prevents the startup of Control Panel Program Files, and the result is that others will not be able to start Control Panel or run any Control Panel projects. In addition, this setting will delete the Control Panel from the Start menu, and this setting will also delete the Control Panel folder from Windows Explorer.
Tip: If you want to select a Control Panel item from the property items in the context menu, a message will appear stating that the setting prevents this action.
The sixth trick: Set user permissions
When multiple people share a computer, set user permissions in Windows XP, you can follow the following steps:
1) Run the Group Policy Editor program.
2) Expand the "Computer Configuration → Windows Settings → Security Settings → Local Policy → User Permission Assignment" branch step by step in the left window of the editor window.
3) Double-click the user permissions that need to be changed, click the "Add user or group" button, then double-click the user account you want to assign to the permissions, and finally click the "OK" button to exit.
Seventh trick: Folder settings review
Windows XP can use auditing to track user accounts used to access files or other objects, login attempts, system shutdown or restarts, and similar events, while auditing files and folders under NTFS partitions can ensure the security of files and folders. The steps to set up audits for files and folders are as follows:
1) In the Group Policy window, expand the "Computer Configuration → Windows Settings → Security Settings → Local Policy" branch in the right window step by step, and then select the "Audit Policy" option under this branch.
2) Double-click the "Audit Object Access" option with the mouse in the right window.
3) Right-click the file or folder you want to review, select the "Properties" command in the pop-up menu, and then select the "Safety" tab in the pop-up window.
4) Click the "Advanced" button and select the "Audit" tab.
5) Choose your operation according to the specific situation:
If you set up audits for a new group or user, you can click the Add button, type a new username in the Name box, and then click the OK button to open the Audit Project dialog box.
To view or change the original group or user audit, select the user name and click the View/Edit button.
To delete the original group or user audit, you can select the user name and click the "Delete" button.
6) If necessary, select the place you want to review in the Apply to list in the "Apply to" list in the "Audit Items" dialog box.
7) If you want to prohibit files and subfolders in the directory tree from inheriting these audit items, select the "Apply these audit items only for objects and/or containers within this container" check box.
Note: You must be a member of the Administrator group or a user authorized in Group Policy with the Administrative Audit and Security Log permission can audit files or folders. Before Windows XP audits files and folders, you must enable "Audit Object Access" of "Audit Policy" in Group Policy. Otherwise, when you set up file and folder review, an error message will be returned, and the files and folders will not be reviewed.