Windows Security

-
Account Policy / Password Policy
Length, Complex, Max days, Remember password, Min days
Create account: net user <username> <password> /add
Example: net user abc 123456 /add
Delete account: net user <username> /delete

Account Policy / Account Lockout Policy
Account lockout duration: after reach the try time limit, lock time
Account lockout threshold: try time limit
Reset account lockout counter after: after some time, the lockout counter will be clean

Local Policy / Audit Policy
Audit account logon events: record the login fail or success
Audit account management: record the account change: create, delete, change group ...
Audit object access: record the file access or directory access success or fail (need to add audit user in file or directory properties)

Local Policy / User Rights Assignment
Access this computer from the network: control the account to visit the share folder to login by network
Force shutdown from a remote system: control to shutdown computer from remote desktop connection
Change the system time: give power to change system time 
Deny log on locally: the account only can use to visit the share resource but can not log in the server
Deny access to this computer from the network

Local Policy / Security Options
Shutdown: Allow system to be shut down without having to log on
Interactive logon: Do not display last user name
Accounts: Limit local account use of blank passwords to console logon only

Software Restriction Policies (Need Restart)
Additional Rules \ New Hash Rule: define the exe file can not be execute
Additional Rules \ New Path Rule: define the all the file in this path can not be execute

Group Policy(gpedit.msc)
Computer Configuration \ Administrative Templates \ AutoPlay Policies
1. Turn off Autoplay: close the autoplay feature
2. Default behavior for AutoRun: disable the autorun script

User Configuration \ Administrative Templates \ Systems 
1. Prevent access to registry editing tools
2. Don't run specifiied Windows applications: prevent application running by the execution file name

Computer Configuration \ Administrative Templates \ Windows Components \ Windows Logon Options
1. Display information about previous logons during user logon

When user login the server, system send out email automatically
1. write send email script;
2. set the script to following position
User Configuration \ Windows Settings \ Scripts(Logon/Logoff)
Put the script in the path: C:\Windows\System32\GroupPolicy\User\Scripts\Logon

Comments

Post a Comment

Popular posts from this blog

Nginx Proxy & Load Balance & LNMP

-
Nginx Proxy Service E-commerce website Server 1: provide image request response (  apache / nginx ) Server 2: provide dynamic request response ( php-fpm / apache-php ) Server 3: provide static request response ( apache / nginx ) Server 4: provide data request response ( mysql ) It need one additional nginx server 1. Install nginx 2. proxy to specific server Example location / {      proxy_pass http://192.168.199.187:80/; } location /bbs/ {      proxy_pass http://192.168.199.187:80/bbs/; } location ~* \.(jpg|png|gif)$  {      proxy_pass http://172.16.100.7; } Enhance the log information and specific the hostname location / {      proxy_pass  http://192.168.199.187:80/;      proxy_set_header <parameter name>  $host;  (client requst the hostname )      proxy_set_header <parameter name> $remote_addr; ...
Read more

Snort+barnyard2+Snorby CentOS 6.5_64 Installation

-
#download packages: daq-2.0.2.tar.gz ImageMagicK-6.8.9-8.tar.gz oinkmaster-2.0.tar.gz ruby-1.9.3-p547.tar.gz snort-2.9.6.2.tar.gz snortrules-snapshot-2962.tar.gz MySQL-server-5.5.40-1.rhel5.x86_64.rpm MySQL-client-5.6.21-1.rhel5.x86_64.rpm MySQL-devel-5.6.21-1.rhel5.x86_64.rpm MySQL-shared-5.6.21-1.rhel5.x86_64.rpm epel-release-6-8.noarch.rpm barnyard2-2.1.13.tar.gz #install yum package rpm -ivh epel-release-6-8.noarch.rpm yum install gcc-c++ patch readline readline-devel zlib zlib-devel flex git yum install libyaml-devel libffi-devel openssl-devel make  yum install bzip2 autoconf automake libtool bison iconv-devel libxml2-devel libxslt  yum install gcc g++ build-essential libssl-devel libreadline5-devel zlib1g-devel linux-headers-generic libsqlite3-devel libxslt-devel curl-devel sqlite-devel yum --enablerepo=epel install jasper jasper-libs jasper-devel #Mysql install yum remove mysql mysql-libs rpm -ivh MySQL-server-5.5.40-1.rh...
Read more

ORACLE Error

-
Image
oracle official error explanation  http://docs.oracle.com/cd/E11882_01/server.112/e17766/toc.htm 从服务器下载ALERT日志文件,传输方式需要选择"ASCII" ORA-01078: failure in processing system parameters 发生场景:新建数据库第一次启动时 SQL> startup ORA-01078: failure in processing system parameters LRM-00109: could not open parameter file ‘/home/oracle/oracle/product/10.2.0/db_1/dbs/initorcl.ora’ 原因:oracle_sid没有配置正确 解决方案: 1. 修改oracle用户.bash_profile文件中ORACLE_SID后的内容; 2. 重新已oracle用户登录; ORA-01157: cannot identify/lock data file string - see DBWR trace file  Cause: The background process was either unable to find one of the data files or failed to lock it because the file was already in use. The database will prohibit access to this file but other files will be unaffected. However the first instance to open the database will need to access all online data files. Accompanying error from the operating system describes why the file could not be identified. Action: Have operating system make file ...
Read more