Eng
Настройки По Умолчанию В Windows XP Pro SP2 – Eng
Приводится список некоторых параметров после установки английской версии Windows XP по умолчанию. Эти параметры установлены для учетной записи, созданной при установке Windows XP Pro SP2. Аналогичный перечень для русской версии Windows – на странице /Настройки По Умолчанию В Windows XP Pro SP 2
Local Users and groups
Local Users
| Name | Full Name | Description |
| Administrator | Built-in account for administering the computer/domain | |
| Guest | Built-in account for guest access to the computer/domain | |
| HelpAssistant | Remote Desktop Help Assistant Account | Account for Providing Remote Assistance |
| PAPA | Full Name | Description |
| SUPPORT_388945a0 | CN=Microsoft Corporation, L=Redmond, S=Washington, C=US | This is a vendor's account for the Help and Support Service |
Local groups
| Name | Description |
| Administrators | Administrators have complete and unrestricted access to the computer/domain |
| Backup Operators | Backup Operators can override security restrictions for the sole purpose of backing up or restoring files |
| Guests | Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted |
| Network Configuration Operators | Members in this group can have some administrative privileges to manage configuration of networking features |
| Power Users | Power Users possess most administrative powers with some restrictions. Thus, Power Users can run legacy applications in addition to certified applications |
| Remote Desktop Users | Members in this group are granted the right to logon remotely |
| Replicator | Supports file replication in a domain |
| Users | Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications |
| HelpServicesGroup | Group for the Help and Support Center |
Local Security Policy – User rights assingnmemt
| Policy | Security Setting |
| Access this computer from the network | Everyone, Administrators, Users, Power Users, Backup Operators |
| Act as part of the operating system | |
| Add workstations to domain | |
| Adjust memory quotas for a process | LOCAL SERVICE, NETWORK SERVICE, Administrators |
| Allow logon through Terminal Services | Administrators, Remote Desktop Users |
| Back up files and directories | Administrators, Backup Operators |
| Bypass traverse checking | Everyone, Administrators, Users, Power Users, Backup Operators |
| Change the system time | Administrators, Power Users |
| Create a pagefile | Administrators |
| Create a token object | |
| Create global objects | Administrators,INTERACTIVE,SERVICE |
| Create permanent shared objects | |
| Debug programs | Administrators |
| Deny access to this computer from the network | SUPPORT_388945a0, Guest |
| Deny logon as a batch job | |
| Deny logon as a service | |
| Deny logon locally | SUPPORT_388945a0, Guest |
| Deny logon through Terminal Services | |
| Enable computer and user accounts to be trusted for delegation | |
| Force shutdown from a remote system | Administrators |
| Generate security audits | LOCAL SERVICE,NETWORK SERVICE |
| Impersonate a client after authentication | Administrators,SERVICE |
| Increase scheduling priority | Administrators |
| Load and unload device drivers | Administrators |
| Lock pages in memory | |
| Log on as a batch job | SUPPORT_388945a0 |
| Log on as a service | NETWORK SERVICE |
| Log on locally | Guest, Administrators, Users, Power Users, Backup Operators |
| Manage auditing and security log | Administrators |
| Modify firmware environment values | Administrators |
| Perform volume maintenance tasks | Administrators |
| Profile single process | Administrators, Power Users |
| Profile system performance | Administrators |
| Remove computer from docking station | Administrators, Users, Power Users |
| Replace a process level token | LOCAL SERVICE,NETWORK SERVICE |
| Restore files and directories | Administrators, Backup Operators |
| Shut down the system | Administrators, Users, Power Users, Backup Operators |
| Synchronize directory service data | |
| Take ownership of files or other objects | Administrators |
Local Security Settings – Local Policies
Security Options
| Policy | Security Setting |
| Accounts: Administrator account status | Enabled |
| Accounts: Guest account status | Disabled |
| Accounts: Limit local account use of blank passwords to console logon only | Enabled |
| Accounts: Rename administrator account | Administrator |
| Accounts: Rename guest account | Guest |
| Audit: Audit the access of global system objects | Disabled |
| Audit: Audit the use of Backup and Restore privilege | Disabled |
| Audit: Shut down system immediately if unable to log security audits | Disabled |
| DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax | Not defined |
| DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax | Not defined |
| Devices: Allow undock without having to log on | Enabled |
| Devices: Allowed to format and eject removable media | Administrators |
| Devices: Prevent users from installing printer drivers | Disabled |
| Devices: Restrict CD-ROM access to locally logged-on user only | Enabled |
| Devices: Restrict floppy access to locally logged-on user only | Disabled |
| Devices: Unsigned driver installation behavior | Warn but allow installation |
| Domain controller: Allow server operators to schedule tasks | Not defined |
| Domain controller: LDAP server signing requirements | Enabled |
| Domain controller: Refuse machine account password changes | Not defined |
| Domain member: Digitally encrypt or sign secure channel data (always) | Enabled |
| Domain member: Digitally encrypt secure channel data (when possible) | Enabled |
| Domain member: Digitally sign secure channel data (when possible) | Enabled |
| Domain member: Disable machine account password changes | Disabled |
| Domain member: Maximum machine account password age | 30 days |
| Domain member: Require strong (Windows 2000 or later) session key | Disabled |
| Interactive logon: Do not display last user name | Disabled |
| Interactive logon: Do not require CTRL+ALT+DEL | Not defined |
| Interactive logon: Message text for users attempting to log on | |
| Interactive logon: Message title for users attempting to log on | Not defined |
| Interactive logon: Number of previous logons to cache (in case domain controller is not available) | 10 logons |
| Interactive logon: Prompt user to change password before expiration | 14 days |
| Interactive logon: Require Domain Controller authentication to unlock workstation | Disabled |
| Interactive logon: Require smart card | Not defined |
| Interactive logon: Smart card removal behavior | No Action |
| Microsoft network client: Digitally sign communications (always) | Disabled |
| Microsoft network client: Digitally sign communications (if server agrees) | Enabled |
| Microsoft network client: Send unencrypted password to third-party SMB servers | Disabled |
| Microsoft network server: Amount of idle time required before suspending session | 15 minutes |
| Microsoft network server: Digitally sign communications (always) | Disabled |
| Microsoft network server: Digitally sign communications (if client agrees) | Disabled |
| Microsoft network server: Disconnect clients when logon hours expire | Enabled |
| Network access: Allow anonymous SID/Name translation | Disabled |
| Network access: Do not allow anonymous enumeration of SAM accounts | Enabled |
| Network access: Do not allow anonymous enumeration of SAM accounts and shares | Disabled |
| Network access: Do not allow storage of credentials or. NET Passports for network authentication | Disabled |
| Network access: Let Everyone permissions apply to anonymous users | Disabled |
| Network access: Named Pipes that can be accessed anonymously | COMNAP, COMNODE, SQL\QUERY, SPOOLSS, LLSRPC, browser |
| Network access: Remotely accessible registry paths | System\CurrentControlSet\Control\ProductOptions, System\CurrentControlSet\Control\Print\Printers, System\CurrentControlSet\Control\Server Applications, System\CurrentControlSet\Services\Eventlog, Software\Microsoft\OLAP Server, Software\Microsoft\Windows NT\CurrentVersion, System\CurrentControlSet\Control\ContentIndex, System\CurrentControlSet\Control\Terminal Server, System\CurrentControlSet\Control\Terminal Server\UserConfig, System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration |
| Network access: Shares that can be accessed anonymously | COMCFG,DFS$ |
| Network access: Sharing and security model for local accounts | Guest only – local users authenticate as Guest |
| Network security: Do not store LAN Manager hash value on next password change | Disabled |
| Network security: Force logoff when logon hours expire | Disabled |
| Network security: LAN Manager authentication level | Send LM & NTLM responses |
| Network security: LDAP client signing requirements | Negotiate signing |
| Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | No minimum |
| Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | No minimum |
| Recovery console: Allow automatic administrative logon | Disabled |
| Recovery console: Allow floppy copy and access to all drives and all folders | Disabled |
| Shutdown: Allow system to be shut down without having to log on | Enabled |
| Shutdown: Clear virtual memory pagefile | Disabled |
| System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | Disabled |
| System objects: Default owner for objects created by members of the Administrators group | Object creator |
| System objects: Require case insensitivity for non-Windows subsystems | Enabled |
| System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | Enabled |
Состояние служб по умолчанию
Пустое поле в столбце Status означает состояние Stopped.
| Name | Description | Status | Startup Type | Log On As |
| Alerter | Notifies selected users and computers of administrative alerts.If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. | Disabled | Local Service | |
| Application Layer Gateway Service | Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. | Started | Manual | Local Service |
| Application Management | Provides software installation services such as Assign, Publish, and Remove. | Manual | Local System | |
| Automatic Updates | Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. | Started | Automatic | Local System |
| Background Intelligent Transfer Service | Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. | Manual | Local System | |
| ClipBook | Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. | Disabled | Local System | |
| COM+ Event System | Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Manual | Local System |
| COM+ System Application | Manages the configuration and tracking of Component Object Model (COM)±based components. If the service is stopped, most COM±based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. | Manual | Local System | |
| Computer Browser | Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. | Automatic | Local System | |
| Cryptographic Services | Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local System |
| DCOM Server Process Launcher | Provides launch functionality for DCOM services. | Started | Automatic | Local System |
| DHCP Client | Manages network configuration by registering and updating IP addresses and DNS names. | Started | Automatic | Local System |
| Distributed Link Tracking Client | Maintains links between NTFS files within a computer or across computers in a network domain. | Started | Automatic | Local System |
| Distributed Transaction Coordinator | Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. | Manual | Network Service | |
| DNS Client | Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Network Service |
| Error Reporting Service | Allows error reporting for services and applictions running in non-standard environments. | Started | Automatic | Local System |
| Event Log | Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. | Started | Automatic | Local System |
| Fast User Switching Compatibility | Provides management for applications that require assistance in a multiple user environment. | Started | Manual | Local System |
| Help and Support | Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local System |
| HTTP SSL | This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. | Manual | Local System | |
| Human Interface Device Access | Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. | Disabled | Local System | |
| IMAPI CD-Burning COM Service | Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start. | Manual | Local System | |
| Indexing Service | Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. | Manual | Local System | |
| IPSEC Services | Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. | Started | Automatic | Local System |
| Logical Disk Manager | Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local System |
| Logical Disk Manager Administrative Service | Configures hard disk drives and volumes. The service only runs for configuration processes and then stops. | Manual | Local System | |
| Messenger | Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start. | Disabled | Local System | |
| MS Software Shadow Copy Provider | Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. | Manual | Local System | |
| Net Logon | Supports pass-through authentication of account logon events for computers in a domain. | Manual | Local System | |
| NetMeeting Remote Desktop Sharing | Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. | Manual | Local System | |
| Network Connections | Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. | Started | Manual | Local System |
| Network DDE | Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. | Disabled | Local System | |
| Network DDE DSDM | Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. | Disabled | Local System | |
| Network Location Awareness (NLA) | Collects and stores network configuration and location information, and notifies applications when this information changes. | Started | Manual | Local System |
| Network Provisioning Service | Manages XML configuration files on a domain basis for automatic network provisioning. | Manual | Local System | |
| NT LM Security Support Provider | Provides security to remote procedure call (RPC) programs that use transports other than named pipes. | Manual | Local System | |
| Performance Logs and Alerts | Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. | Manual | Network Service | |
| Plug and Play | Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. | Started | Automatic | Local System |
| Portable Media Serial Number Service | Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. | Manual | Local System | |
| Print Spooler | Loads files to memory for later printing. | Started | Automatic | Local System |
| Protected Storage | Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. | Started | Automatic | Local System |
| QoS RSVP | Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. | Manual | Local System | |
| Remote Access Auto Connection Manager | Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. | Manual | Local System | |
| Remote Access Connection Manager | Creates a network connection. | Manual | Local System | |
| Remote Desktop Help Session Manager | Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box. | Manual | Local System | |
| Remote Procedure Call (RPC) | Provides the endpoint mapper and other miscellaneous RPC services. | Started | Automatic | Network Service |
| Remote Procedure Call (RPC) Locator | Manages the RPC name service database. | Manual | Network Service | |
| Remote Registry | Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local Service |
| Removable Storage | Manual | Local System | ||
| Routing and Remote Access | Offers routing services to businesses in local area and wide area network environments. | Disabled | Local System | |
| Secondary Logon | Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local System |
| Security Accounts Manager | Stores security information for local user accounts. | Started | Automatic | Local System |
| Security Center | Monitors system security settings and configurations. | Started | Automatic | Local System |
| Server | Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local System |
| Shell Hardware Detection | Provides notifications for AutoPlay hardware events. | Started | Automatic | Local System |
| Smart Card | Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. | Manual | Local Service | |
| SSDP Discovery Service | Enables discovery of UPnP devices on your home network. | Started | Manual | Local Service |
| System Event Notification | Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. | Started | Automatic | Local System |
| System Restore Service | Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties | Started | Automatic | Local System |
| Task Scheduler | Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local System |
| TCP/IP NetBIOSHelper | Enables support for NetBIOSover TCP/IP NetBT service and NetBIOSname resolution. | Started | Automatic | Local Service |
| Telephony | Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. | Manual | Local System | |
| Telnet | Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. | Disabled | Local System | |
| Terminal Services | Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. | Started | Manual | Local System |
| Themes | Provides user experience theme management. | Started | Automatic | Local System |
| Uninterruptible Power Supply | Manages an uninterruptible power supply (UPS) connected to the computer. | Manual | Local System | |
| Universal Plug and Play Device Host | Provides support to host Universal Plug and Play devices. | Manual | Local Service | |
| Volume Shadow Copy | Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. | Manual | Local System | |
| WebClient | Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local Service |
| Windows Audio | Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local System |
| Windows Firewall/Internet Connection Sharing (ICS) | Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. | Started | Automatic | Local System |
| Windows Image Acquisition (WIA) | Provides image acquisition services for scanners and cameras. | Manual | Local System | |
| Windows Installer | Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. | Manual | Local System | |
| Windows Management Instrumentation | Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local System |
| Windows Management Instrumentation Driver Extensions | Provides systems management information to and from drivers. | Manual | Local System | |
| Windows Time | Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local System |
| Wireless Zero Configuration | Provides automatic configuration for the 802.11 adapters | Started | Automatic | Local System |
| WMI Performance Adapter | Provides performance library information from WMI HiPerf providers. | Manual | Local System | |
| Workstation | Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. | Started | Automatic | Local System |
Прочитано 1.386 раз