How to turn off Remote Assistance to prevent other computers from viewing any information of this computer remotely?

First, it is forbidden to enjoy 1 by default. Check local * * * to enjoy resource operation -cmd- input net share 2. Delete * * enjoy (enter one at a time) netshare admin $/ delete netshare c $/ delete netshare d $/ delete (if there are e, f, ... you can continue to delete) 3. Delete ipc$ null connection. Run into regedit, and look up the numerical data of the numerical name RestrictAnonymous in HKEY-local _ Machine System Current Control Control SA from 0 to 1 in the registry. 4. Close your own 13. There are vulnerabilities in ports 9, ipc and RPC. The way to close the 139 port is to select the Internet Protocol (TCP/IP) attribute in the LAN connection in the network and dial-up connection, and enter the advanced TCP/IP settings and WINS settings, one of which is "Disable NETBIOS of TCP/IP". Check it to close port 65439. RPC vulnerability is prohibited. -Second, set up service items. Do a good job of internal defense-scheme A. Service strategy: control panel → management tools → services Close the following services: 1. Alerts [Notify selected users and computers to manage alerts] 2. Clipbook [enables the Clipbook Viewer to store information and communicate with remote computers *. 3. Distributed file system [record group, which is scattered, becomes a logical name, * * * enjoys it. Remote computers can't access * * * after shutdown. 4. Distributed link tracking server [applicable to local area network distributed link tracking client service] 5. Access to human-machine interface devices [realizing universal input access to human-machine interface devices (HID)] 6. IMAPI CD-Burning COM service [managing CD recording] 7. Indexing service [providing indexed contents and attributes of files on local or remote computers and leaking information] 8. Kerberos key distribution center [authorization protocol login network] 9. License log [Monitor IIS and SQL, and stop without installing IIS and SQL] 10. Messenger [alarm] 1 1. NET Meeting Remote Desktop Sharing [Collection of Customer Data Left by NetMeeting Company] 12. Network DDE[ provides dynamic data exchange for programs running on the same computer or different computers] 13. Network DDE DSDM[ Manage dynamic data exchange (DDE) network * * * Enjoy] 14. Spooler [Printer service, printers are not allowed] 15. Remote Desktop Help Session Manager [Managing and Controlling Remote Assistance] 16. Remote Registry [Allows remote computer users to modify local registry] 17. Routing and remote access [providing routing services in local area networks and wide area networks. Hackers spy on the registration information of routing service] 18. The server [supports this computer to enjoy file, print and name channels through the network * * *]. 19. Special management console helper [allowing administrators to remotely access the command prompt using emergency management services ]20.TCP/IPNetBIOS helper [providing TCP/ NetBIOS on IP services and NetBIOS name resolution of clients on the network so that users can * * * enjoy files, print and log on to the network] 2 1. Telnet[ allows remote users to log on to this computer and run programs] 22. Terminal services [allowing users to connect to remote computers interactively] 23. Windows Image Capture (WIA)[ Photography Services, Applications and Digital Cameras]-Plan B. Account Policy: 1. Open the administrative tool. Local security settings. Password policy 1. Passwords must meet complex requirements. Enable 2. Minimum password. I set 10 3. Maximum password life. I am the default. Disable recovery encryption of stored passwords-Plan C. Local policy: Open administrative tools to find local security settings. Local policies. Audit strategy 1. Audit policy changes failed successfully. 2. Auditing the login event failed successfully. 4. The audit trail process failed. 5. The Audit Directory Service cannot access 6. Failure 7. Auditing system events failed successfully 8. Audit account login time failed. Successful 9. Audit account management failed successfully, then go to administrative tools and find the right-click property of the event viewer application to set the maximum log size. I set 5 12000KB and selected the right-click property that does not override the event security to set the maximum log size. I also set 5 12000KB. Select Do not overwrite the event system right-click property to set the upper limit of the log size. I have set it to 5 12000KB. Choose not to overwrite the event d plan. Security Policy: Open the management tool to find local security settings. Local policies. Security option 1. Interactive login. You don't need to press CTRL+ALT. People need it, so it's better to enable it. But personally, I don't need to enter a password for direct login] 2. Network access. Anonymous enumeration of SAM accounts is not allowed. 3. Network access. Anonymous * * * likes to delete the following values. 4. Network access. Anonymous named pipes delete the following values. 5. Network access. Delete the following values from the remotely accessible registry path. 6. Network access. Delete the following values from the subpath of the remotely accessible registry. 7. Network access. Restrict anonymous access to named pipes and enjoy 8. Account. Rename the guest account [it is best to write a Chinese name that you can remember]. To let hackers guess customers, you have to delete this account, which will be explained in detail later. Account. Rename the system administrator account [recommended Chinese name]-Scheme E. User rights allocation strategy: open the management tool to find the local security settings. Local policies. User rights assignment 1. Except Admin, we deleted four. Of course, we will establish our own ID in the future. 2. Forced shutdown from the remote system, the administrator account was also deleted, leaving no account. 3. deny access to this computer from the network to delete the ID. 4. Access this computer from the network, or delete the Admin. If you don't use a service like 3389, 5. Delete remote desktop users through the terminal-plan F. Open the administrative tool Terminal Services Configuration 1. After opening, click Connect, right click, Properties and Remote Control. Remote control is not allowed at point 2. General. 3. Network card, set the maximum number of connections to 0. 4. Advanced, and delete the permissions inside. [I didn't set it] and then click the server settings. On Active Desktop, set it as disabled. And restrict everyone who uses one session-G Plan, users and group policies to open management tools, computer management, local users and groups, users to delete Support_388945a0 users, etc., leaving only adminisrator permissions and the name, computer management, local users and groups you changed. We won't be grouped. score Settings)-Scheme 10, DIY Raiders [according to personal needs] 1. Automatically log off the user (locally) when the login time runs out, so as to prevent the hacker's password from infiltrating. 2. The login screen does not display the last login name (remote). If the 3389 service is turned on, no one else will have a username left. Let him guess your user name. 3. Additional restrictions on anonymous connections. 4. Don't press ALT+CRTL+DEL. 5. Allow shutdown before login [to prevent remote shutdown/startup and forced shutdown/startup]. 6. Only locally logged-in users can access the CD. 7. Only locally logged-in users can access the floppy disk drive. 8. Cancel the shutdown reason prompt 1. 2. In the "Power Button" setting item of this page, set "When the computer power button is pressed" to "Shut down", and click "OK" to exit the setting box; 3. When you need to turn it off in the future, you can directly press the power button to turn it off. Of course, we can also enable the sleep function key to realize fast shutdown and startup; 4. If hibernation mode is not enabled in the system, you can open the power option in the control panel window and enter the hibernation tab page, where you can select the "Enable hibernation" option. 9. It is forbidden to start the shutdown event tracking "Start->" Run-> "to run; Enter "gpedit.msc" and select "Computer Configuration"-> on the left side of the window that appears. Management template "(management template)->" system, double-click the shutdown event tracker in the right window, select Disable in the dialog box that appears, and click OK to save and exit. You will see a shutdown window similar to windows 2000-Third, modify permissions to prevent viruses or Trojans from damaging the system. Windows2003 and above are suitable for this method. Because if we use commands to restrict the write and modify permissions of system32, then they cannot be written into it. Look at the command-A command cacls C:windowssystem32/g administrator: r It is forbidden to modify or write the directory of C:Windows system 32 cacls c: windowssystem32/g administrator: f resume modifying and writing the directory of c: windowssystem32, so that viruses and the like can't get in. If you think this is not safe enough, you can also modify other dangerous directories, such as directly modifying the permissions of drive C. However, after modifying C, you need to restore the permissions first when installing the software. -b command cacls C: /G administrator:R prohibits the modification and writing of disk C, and cacls C: /G administrator:F resumes the modification and writing of disk C to prevent viruses. If you think that some virus firewalls consume too much memory, this method can solve it a little. I hope you like this method. _-command X suggests that senior administrators use the following command [please modify the parameters by yourself due to different versions of win] cacls% systemroot% system32cmd.exe/e/diiusr _ comspec prohibits network users and local users from using cmdcalcls% systemroot% system32cmd.exe/e/diiusr _ LSA to restore network users under the command line and gui. Local users use cmdcalcls% systemroot% system32tpftp.exe/e/diusr _ LSA at command line and gui. Prohibit network users and local users from using tftp.exe cacls% systemroot% system32tpftp.exe/e/ Tftp.exe cacls% systemroot% system32ftp32.exe/e/D iusr _ LSA is used by local users to restore network users and prohibit network users under the command line and gui. Under the command line and gui, local users use tftp32.exe cacls% systemroot% system32tfpt32.exe/e/diusr _ LSA to restore network users, and local users use tftp32.exe- under the command line and gui. Four. Encryption of important file names [NTFS format] The purpose of this command is to encrypt password files such as windows and QQ. Decryption: Enter "cipher /d file name (or folder name)" in DOS window or command line of Start | Run. -V. Modifying the Registry Defense D.D.O.S Changing the following values in the registry can help you defend against a certain intensity of DoS attacks SynattackProtectreg _ dword 2 EnablePMTUDISOVERY REG _ dword. 0 nonameleaseondemand REG _ DWORD 1 EnableDeadGWDetect REG _ DWORD 0 KeepAliveTime REG _ DWORD 300， 000 performarouertiscoveryreg _ dword 0 Enable ICM Directions reg _ dword 0 For more new defense skills, please search for other information, because I dare not make fun of my hard disk. So I didn't do the experiment. ............................................................................................................................................... ........................., I now publish the ports I know as follows (please contact me if you feel that filtering is still dangerous: OICQ 250875628 Port Protocol Application 21TCP FTP 25 TCP SMTP 53 TCP DNS 80 TCP HTTP Server1433 TCP SQL Server 5631TCP PCAnywhere 5632 ud. P PCANYWHERE 6 (non-port) IP protocol 8 (non-port) IP protocol So, according to our own experience, Close the following ports TCP 2122 23 25 TCP SMTP 53 TCP DNS 80135 epmap138 [shock wave]139 SMB 4451025 DCE/1 Ff 70682-0a 5655 Generally, only Tencent OICQ will open 4000 or 8000 ports, so we only need to run the native JAVA to use port 4000-7, protect personal privacy 1, and TT browser to choose another browser to browse the website. It can well resist some malicious scripts and so on. Even if TT is infected, you can delete it and reinstall it. [TT is Tencent's browser] (but some people like to use MyIE because I haven't used it for a long time and don't know much about him. I don't think he has any advantage in safety. I hope my friends who support MyIE don't hit me. Otherwise, I will cry ...) 2. Move my document to the Explorer, right-click my document, select Properties, click the Move button in the target folder tab, select the target disk, and then press OK. In Windows 2003, "My Documents" is hard to find, and you can't see it on the desktop or at the beginning. It is suggested that friends who often use it make a shortcut and put it on the desktop. 3. Move IE temporary files to Start → Control Panel → Internet Options, click the Settings button in the Internet Files column of the General tab, click the Move Folder button in the pop-up form, select the target folder, click OK, and select Yes in the pop-up dialog box, and the system will automatically log in again. Click Local Connection, Advanced and Security Log to change the directory of the log to the directory of the log instead of C: redistribute the size of the log storage value. I have IPSEC up 10000 KB-Eight, the help firewall of third-party software: Skynet firewall (recommended) [Attention of second-party dealers] Antivirus software: Postscript of Kaspersky second-hand dealers: Now the hacker's attack has been transferred from the traditional system vulnerabilities to your browser, so you should also pay attention to your browser while upgrading some traditional vulnerability patches.