1. Weakness description: Administrator default account name is easy to lead to brute force cracking
Implementation Risk: Low
Reinforcement process:
- Right click on My Computer | Manage
- Select "Computer Management (Local)"
- Select "Local Users and Groups" in "System Tools"
- Select "Users"
Select the administrator account in the right pane, right-click, and select "Rename"
Fallback: Rename the administrator account to administrator
2. The automatic login of the account is not prohibited
Weakness description: easy to cause misoperation or illegal operation
Implementation Risk: Low
Reinforcement process:
Click "Start and Run", type "regedit" in the input box to open the Registry Editor, and then click to expand "HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/Current Version/Winlogon" in the left console of the Registry Editor , and then select "Edit Add String Value", type "AutoAdminLogon" in the value name, then click on the blank position in the window, and then double-click the newly created string "AutoAdminLogon", in the pop-up "Edit String" Enter "0" in the dialog box to set the system to disable automatic login.
Method Two:
Open Run, enter "rundll32 netplwiz.dll,UsersRunDll", and in the pop-up "User Account" window, hook the hook in front of "To use this machine, the user needs to enter the user name and password".
Fallback solution: Delete the "AutoAdminLogon" key value item in the registry HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/Current Version/Winlogon
Judgments based:
AutoAdminLogon key value is not 0 does not meet security requirements
3. Password Policy
Weakness description: It is easy to cause the account password to be guessed
Implementation Risk: Low
Reinforcement process:
Enter gpedit.msc in Run to open Windows Settings->Local Security Policy->Account Policies->Password Policy and set the relevant items as follows:
- Password must meet complexity requirements (enabled)
- Minimum password length (8 characters)
- Maximum password usage period (90 days)
- Password minimum age (2 days)
- Enforce password history (24 remembered passwords)
Store passwords with reversible encryption (disabled)
Fallback Solution: Restore Password Policy
Judgment basis: The password policy does not meet the security specifications