Original link: https://wlnxing.com/archives/72.html
foreword
After starting to use mac computer, file synchronization between windows and mac became some problem. I turned my attention to the smb protocol, and planned to use the windows computer as the server, and other devices as the client to use the smb protocol to connect to share files. However, smb is basically not very safe. After searching for some information on the Internet, it is basically done. I feel relatively safe and convenient. The following is my tossing process.
More schemes refer to this article: https://post.smzdm.com/p/akxwkxqk/ Thanks to the original author!
close smb1.0
win + s search windows function to find SMB 1.0/CIFS 文件共享支持is confirmed to be off
Create a local user dedicated to smb shares
Use this user share to control the permissions of this user
win + s search计算管理
Follow the path in the picture to enter:
系统工具=>本地用户和组=>用户Right Click, Create New User
Then fill in the relevant information, remember below
- Uncheck Require password change at next login
- Check User cannot change password
- Check the password does not expire
Then click OK
Assign permissions to users
win + s to search for local security policy
Follow the path in the figure to enter:
本地策略=>用户权限分配
Access this computer from the network
Find从网络访问此计算机
You can delete the default everyone and user users (does not affect the remote desktop)
Then click添加用户或组below =>高级=>立即查找
Find the user you just created in the search results below, double-click to add, and then confirm all the way
Deny logins locally and deny logins via Remote Desktop Services
Use the same place and method in the previous section to find the same method of拒绝本地登录to add the user you just created, and confirm all the way
Deny local login: that is, do not allow specific users to log in on this computer
Also find the same method of拒绝通过远程桌面服务登录, all the way to determine
Deny login via Remote Desktop Services: This account is not allowed to log in to the system using Remote Desktop
After this setting is completed, this user can only use smb sharing, which is our purpose
Some group policy settings that make transport more secure
win + s search for组策略, open组策略
ps If the windows version is the home version, there is no security policy, please upgrade to the windows professional version, or look for upgrade tutorials online, be careful of viruses
I won’t say the path, just follow the location in the picture to find it
- Disable “Enable insecure guest login”
- Communication digital signature related
- ban printer
- IMPORTANT!!!!
网络访问:本地账户的共享和安全模型set to classic
Turn on network sharing (protected sharing)
win + s search for高级共享设置
The network of ps windows is divided into two types, one is called
公用and the other is专用. The difference between the two is that the公用is generally
It is to use the computer in a public network environment. Windows settings will be more secure. Of course, it is not so convenient to share files.专用is generally used in a network that you trust, and it is more inclined to your own. sharing of things
Note which network is currently in use when changing
- The network discovery setting can be turned off, so that others just can’t search your computer directly, you need to connect through IP, which is more secure
- Turn on file and printer sharing, this must be turned on, otherwise the file cannot be shared
Others are set according to the picture
Finishing, setting up a shared folder
In one location, create a new folder to put things that need to be shared by smb, of course, existing folders can also be
Right click on the folder (file),属性=>高级共享
Check the共享此文件夹, the共享名here is the name of the folder you see in smb
Then click permissions, delete everyone user, click添加to add the previously created user in the same way as above, and then tick the permissions below.
In this way, windows as the smb server is set up. Put the folder files that need to be shared into the shared folder we set, or after setting the folder to be shared, use other devices in the same network to connect
This article is reprinted from: https://wlnxing.com/archives/72.html
This site is for inclusion only, and the copyright belongs to the original author.