<p><a href="https://docs.microsoft.com/ko-kr/windows-server/administration/windows-commands/auditpol-set" target="_blank" class="ke-link">https://docs.microsoft.com/ko-kr/windows-server/administration/windows-commands/auditpol-set</a>   </p><p><a href="https://superuser.com/questions/1059822/change-audit-policy-through-the-registry" target="_blank" class="ke-link">https://superuser.com/questions/1059822/change-audit-policy-through-the-registry</a>   </p><p>auditpol /set /category:"Logon/Logoff" /success:enable /failure:enable</p><p>로그인 감사 켜기</p><p> </p><p>감사 모두 켜기</p><p>auditpol /set /user:mikedan /exclude /category:* /success:enable</p><p>auditpol /set /category:detailed Tracking /success:enable</p><p> </p><p> </p><p><a href="https://www.axcelsec.com/2017/12/host-configuration-assessment-windows.html" target="_blank" class="ke-link">https://www.axcelsec.com/2017/12/host-configuration-assessment-windows.html</a></p><p>secedit /export /cfg cfg.ini > nul <br>net user administrator > netuseradmin.txt <br>auditpol.exe /get /category:* > auditpol.txt <br>netsh advfirewall show allprofiles > firewall.txt <br>net accounts > netaccount.txt <br>gpresult /f /h evid/gporesult.html > nul <br>accesschk /accepteula -q -a * > accesschk.txt</p><div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1HRzv/958723fd895b80926824f9439472383729b743d5?download" data-file-name="새 폴더.zip" data-file-size="698507" data-mimetype="application/x-zip-compressed" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1HRzv%26fldid%3DAurF%26dataid%3D106%26fileid%3D1%26regdt%3D20220608220534&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1HRzv%2F958723fd895b80926824f9439472383729b743d5')"><div class="image"></div><div class="desc"><div class="filename"><span class="name">새 폴더</span><span class="type">.zip</span></div><div class="size">682.14KB</div></div></a></div><p>이렇게 해서 쓰라고 하네요 </p><p> </p><p><a href="https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/user-rights-assignment" target="_blank" class="ke-link">https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/user-rights-assignment</a>  <br><a href="https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/allow-log-on-locally" target="_blank" class="ke-link">https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/allow-log-on-locally</a> <br>SeInteractiveLogonRight 로그온 할당</p><p>secedit /export /cfg cfg.ini > nul <br>type cfg.ini | grep "^SeDenyNetworkLogonRight\|^SeDenyBatchLogonRight\|^SeDenyInteractiveLogonRight"</p><p>grep 구지 설치 할 필요가 없다 그냥 노트로 열면됨 편집해서.</p><p>notepad cfg.ini</p><p> </p><p>안나오면 끝에 Guest 수정 해서 입력 하면 된다</p><p>SeDenyNetworkLogonRight = Guest<br>SeDenyInteractiveLogonRight = Guest</p><p>이런식으로 수정 해서 넣기 SeDenyInteractiveLogonRight 로컬 로그인</p><p> </p><p>구지 설치 안해도 됨</p><p><a href="https://chocolatey.org/install" target="_top" class="ke-link">https://chocolatey.org/install</a> 이거 먼져 설치 해야 설치됨 ㅎㅎ 파워쉘로 하면 어렵지 않다.</p><p>choco install grep -y</p><p>설치를 미리 해야 한다.</p><p> </p><p><a href="https://hj-kwon.tistory.com/28" target="_blank" class="ke-link">https://hj-kwon.tistory.com/28</a></p><p> </p><p>내보내기 </p><p>md d:\secedit </p><p>secedit /export /cfg d:\secedit\cfg.ini > nul</p><p> </p><p>tar -cvzf secedit.zip d:\secedit</p><p>만약을 위해 압축 하기</p><p> </p><p>notepad d:\secedit\cfg.ini</p><p>수정하기</p><p> </p><p>SeDenyBatchLogonRight = Guest</p><p>없다면 삽입 해주기</p><p> </p><p>적용하기</p><p>secedit /configure /db test.sdb /cfg d:\secedit\cfg.ini</p><p>입력 하기는 안됨 -_-;; 아쉽게.. 이건 됨. db는 그냥 아무거나 적으면 된다. 없다면</p><p> </p><p><a href="https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service" target="_blank" class="ke-link">https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service</a></p><p>로그인 관련 거부 관련 많다 좌측에 참고. </p><p>SeDenyServiceLogonRight = Guest</p><p>SeDenyRemoteInteractiveLogonRight = Guest</p><p>서비스 로그인 거부 원격 로그인 거부.</p><p> </p><p> </p><p><a href="https://docs.microsoft.com/ko-kr/windows/security/identity-protection/access-control/security-identifiers" target="_blank" class="ke-link">https://docs.microsoft.com/ko-kr/windows/security/identity-protection/access-control/security-identifiers</a>  여기서 ID 검색</p><p><a href="https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/allow-log-on-locally" target="_blank" class="ke-link">https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/allow-log-on-locally</a> </p><p>로컬 로그인 허용 부분 수정</p><p>SeInteractiveLogonRight    S-1-5-32-546 게스트 제거</p><p> </p><p>*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551</p><p>기존으로 있는 애들. 이건 건들면 안된다. </p><p> </p><p> </p><p>gpupdate /force</p><p> </p><p> </p><p><a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/secedit-import" target="_blank" class="ke-link">https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/secedit-import</a></p><p>아무리 해도 수정이 안된다 ㅠ</p><p> </p><p>아쉽게 입력은 오류가 나서 되질 않는다. 출력만 가능 gpedit.msc에서 수작업으로 수정 해야 하는듯</p><p> </p><p> </p><p><a href="https://superuser.com/questions/774728/event-4797-an-attempt-was-made-to-query-the-existence-of-a-blank-password-for-a" target="_blank" class="ke-link">https://superuser.com/questions/774728/event-4797-an-attempt-was-made-to-query-the-existence-of-a-blank-password-for-a</a>   </p><p> </p><p>auditpol /backup /file:"%userprofile%\Desktop\auditpol.bak"</p><p>auditpol /clear</p><p>감사 에러가 자꾸 날때. 다시 설정 하기 이렇게 하고 다시 등록 하면 된다</p><p> </p><p>auditpol /restore /file:"%userprofile%\Desktop\auditpol.bak"</p><p>복구 하기 </p>
<!-- -->
첫댓글 https://www.technipages.com/windows-administrator-account-login-screen
https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings
https://docs.microsoft.com/ko-kr/windows/security/identity-protection/access-control/special-identities
https://www.axcelsec.com/2017/12/host-configuration-assessment-windows.html
https://serverfault.com/questions/911131/how-can-i-locate-registry-key-for-group-policy-settings 레지스트로 찾을수 없다고 하네요
https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/user-rights-assignment
https://docs.microsoft.com/ko-kr/windows/security/threat-protection/security-policy-settings/allow-log-on-locally
SeInteractiveLogonRight 로그온 할당
SeDenyInteractiveLogonRight = Guest,*S-1-5-21
실험
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services
SeRemoteInteractiveLogonRight = *S-1-5-32-544
,*S-1-5-32-555 삭제
실험
https://blog.naver.com/dorisolution/222412764817 검사 배치파일