Although considered the "heart" of the operating system, but by default the Registry in all Windows systems are still "open" freely and accessible through the Internet or intranet. A technical hacker has the ability to use this vulnerability to attack your computer system, or your organization. Therefore, to ensure safety, you need to disable this approach.
Attention There may be a risk before editing Registry , you need to back up this component. & nbsp;
Modify the Registry
For Windows 2000, Windows XP, and Windows Server 2003:
& nbsp;
-
Start - & gt; Run.
-
Regedt32.exe, and click OK.
-
Search for:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
ControlSecurePipeServers. -
If the key winreg is already available, you will move on to step 8; If not, you need to create this value by selecting Edit - & gt; Add Key.
-
Name the new key winreg , the REG_SZ class.
-
Select the new key, then select Edit - & gt; Add Value.
-
Enter the following parameters:
Name: Description
Type: REG_SZ
Value: Registry Server
& nbsp; -
Choose the key winreg , and select Security - & gt; Permissions.
-
You can add, remove or remove the permissions of the listed accounts. & Nbsp;
-
Close the Registry Editor window, and restart the computer. & Nbsp;
+ If you have a working group of servers and workstations that are not a member of the Administrators group, you need to grant the appropriate permissions to these accounts.
+ If the system you are changing is a server or system that allows remote access for legitimate users, you must grant access to service accounts associated with the winreg key. The
Modify the network
In addition to direct intervention and Registry, you need to do some other network-related work to secure your system. It is blocking TCP / UDP ports 135, 137, 138, 139, and 445 at the router or firewall application. Blocking these ports will not only disable remote access to the registry but also prevent hackers from performing remote Windows system attacks.
The above ports will also help you speed up your system's performance. However, before proceeding, make sure that the services associated with the ports are no longer needed.
