Customizing a Network Using the Registry phần 2

Chia sẻ: Nghia Tuan | Ngày: | Loại File: PDF | Số trang:7

0
45
lượt xem
6
download

Customizing a Network Using the Registry phần 2

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

The PortNumber value entry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServe r\WinStations\RDP-Tcp\PortNumber 2.

Chủ đề:
Lưu

Nội dung Text: Customizing a Network Using the Registry phần 2

  1. 1. Figure 8.33: The PortNumber value entry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServe r\WinStations\RDP-Tcp\PortNumber 2. Now, to access the server using the new setting, type the new port number after the IP address of the computer to which you want to connect. If the new port is 8098, and the IP address of the server is 192.168.1.8, the new IP address and port combination will be 192.168.1.8:8098. Client Settings To configure client settings for Remote Desktop, you need to open the Properties window for specific user accounts. To do so, proceed as follows: 1. Open Control Panel, select the Administrative tools option, and then start Users and Computers or Active Directory Users and Computers MMC snap-ins (depending on the role of your computer and whether it participates in a domain). 2. Right-click the user account that will be used for administrative access, and select the Properties command from the context menu to open the properties window. Go to the Sessions tab (Fig. 8.34). Notice that the settings on the Sessions tab are similar to those found in Terminal Services Configuration. However, the settings specified using the Terminal Services Configuration tool override those set for the individual user.
  2. Figure 8.34: The Sessions tab of the user account properties window 3. The Remote control tab (Fig. 8.35) settings establish whether or not this account can be remotely controlled. Administrative accounts and user accounts that are used by administrators for Remote Desktop should not be configured to allow remote control. Therefore, in order to strengthen security, it is recommended that the user clear the Enable remote control checkbox, as shown in this illustration.
  3. Figure 8.35: The Remote control tab of the user account properties window Note In addition to settings that enhance security, strong policies and procedures will increase security as well. More detailed information on this topic will be provided in Chapter 9. Registry Entries for the W32Time Service One of the most confusing elements in Windows 2000 and Windows Server 2003 domains is the W32Time service, which is integrated into the operating system in order to ensure that date and time are properly synchronized throughout your organization. Unfortunately, installation instructions don't explain the reliance of user authentication on time, and, therefore, many organizations run into logon problems. The W32Time service settings are stored in the registry under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameter s key (Fig. 8.36).
  4. Figure 8.36: The W32Time service settings in the system registry The value entries that you can specify here to tune the W32Time service are outlined in Table 8.3. Table 8.3: W32Time Service Registry Values Value name Data type Description Values AvoidTimeSyncOnWan REG_DWORD Synchronize with a 0 = Site is ignored computer that is at a [default]. different site. 1 = Do not synchronize with a time source that is at a different site. GetDcBackofMaxTimes REG_DWORD The maximum number of 0 = The wait between times to double the back attempts is at a off interval when minimum and no successive attempts to event is logged. find a domain controller fail. An event is logged 7 = [default] every time a full wait occurs. GetDcBackofMinutes REG_DWORD The starting number of 15 =[default] minutes to wait before looking for a domain controller, if the last attempt failed. LocalNTP REG_DWORD Start the SNTP server. 0 = Don't start the SNTP server, unless this computer is a domain controller
  5. Table 8.3: W32Time Service Registry Values Value name Data type Description Values [default]. 1 = Always start the SNTP server. NtpServer REG_SZ Stores the value from Blank by defaut. NET TIME/SETSNTP. Sample data value: 192.4.41.40 Period REG_DWORD Control how often the 0 = once a day time service synchronizes. 65535, every 2 days 65534, every 3 days 65533, every week (7 days) 65532, every 45 minutes until 3 good synchronizations occur, then once every 8 hours (3 per day) [default] 65531, every 45 minutes until 1 good synchronization occurs, then once every day ReliableTimeSource REG_DWORD Does this computer have 0 = No [default] a reliable time source? 1 = This computer has a reliable time source (this is only useful on a domain controller). Type REG_SZ How does this computer Nt5DS = synchronize synchronize to domain hierarchy or manually configured source
  6. Table 8.3: W32Time Service Registry Values Value name Data type Description Values [default] NTP = synchronize to manually configured source NoSync = do not synchronize time Adj REG_DWORD Maintains computer clock Change not information between recommended reboots msSkewPerDay REG_DWORD Maintains computer clock Change not information between recommended reboots Note Period can be a type REG_SZ with special values: Bidaily, every 2 days; Tridaily, every 3 days; Weekly, every week (7 days); SpecialSkew, every 45 minutes until 3 good synchronizations occur, then once every 8 hours (3 per day) [default]; DailySpecialSkew, every 45 minutes until 1 good synchronization occurs, then once every day. Disabling Dynamic DNS Registration By default, all computers running Windows 2000, Windows XP, or Windows Server 2003 attempt to dynamically register on the DNS servers specified on the General tab of the TCP/IP properties window. To disable this feature, click the Advanced button on the General tab of the Internet Protocol (TCP/IP) Properties window. The Advanced TCP/IP Settings window will open. Go to the DNS tab and clear the Register this connection's addresses in DNS checkbox. In case you want to perform the same operation using the registry, open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\In terfaces key, and set the DisableDynamicUpdate value (of REG_DWORD data type) to 1. Disabling Persistent Network Connections To disable the option for restoring persistent network connections, start the registry editor, open the HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsNT\CurrentVersion\Network\
  7. Persistent Connections key, and locate the SaveConnections setting. The default value for this setting is yes (Fig. 8.37). To disable persistent network connections, set this value to no. Figure 8.37: The HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsNT\CurrentVersion\Network\ Persistent Connections registry key Not To disable persistent network connections for users, set the SaveConnections value e to no in all existing user profiles. This information is stored in the registry under the following keys: HKEY_\USERS\\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ Network\Persistent Connections.
Đồng bộ tài khoản