外文翻譯---asp的開發(fā)準則及安全管理

1、<p><b>　　附 錄</b></p><p><b>　　外文原文：</b></p><p>　　The exploitation criteria and security management of the asp</p><p>　　Exploitation criteria :</p>

2、<p>　　Application servers have been, or ultimately will be used in Web server, which usually operate in the IIS ASP page computer. ASP is the only object of your client. It offers specialized systems and security c

3、onsiderations. While many of the Web sites use ASP simply not components, but in this article that ASP is the Internet as a bridge between the client and components. The following ASP components Guidelines (English) :<

4、;/p><p>　　ASP and the division of services between components</p><p>　　ASP server in the most commonly used building for the client to use HTML or XML documents, so we focused on the use of the pro

5、gram. This leads to a common problem, if ASP page on the server, then they are part of the operational level? Components in the world, the answer usually is not. Although the ASP server is in operation, but may be relate

6、d to space applications in the same server, but it can not make it a part of the business logic. With user interface development tool, or as the opening o</p><p>　　Let us look at some of the most important o

7、perational level and that level division guidelines :</p><p>　　Separation of the UI code and business logic. This includes preparation coupled with the UI code, such as the use of ASP components MTS internal

8、 target it with the business logic code separation, as in a different DLL.</p><p>　　affair will be separated with the ASP page. Services ASP in certain cases beyond compare, but the components and multi-stor

9、ey applications will change this situation. Components should not be dependent on the client layer to manage their affairs and business logic semantics.</p><p>　　Will be expressed components (use solicit and

10、 responsive components) and Web server on the same machine and / or tenor. If the use of ASP internal components of the target objects on remote machines, then all of the internal components will be available in retail f

11、orm. Server client access is COM+ server, which significantly reduced the performance and security of complicated. These markings will be lay in COM+ applications mark as "library activated" .</p><p&

12、gt;　　ASP exist in server, ASP pages must be consistent with resource sharing rules, and remember to flexibility. Look at the following details :</p><p>　　In the "conversation", management should av

13、oid user specific state. Keep ASP stateless and where possible to allow resources pool.</p><p>　　Mode operation:</p><p>　　In evaluating whether a code of business logic layer or expressed, may I

14、 ask myself: "If I have to use click-phone applications to replace my ASP page, then the code are there?</FONT></SPAN></P></p><p>　　<P class=MsoNormal style="TEXT-JUSTIFY: inte

15、r-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN lang=EN-US><FONT face="Times New Roman" size=3>"If the answer is" yes ", then it could try to business logic code

16、into machine code or user interface to help.</p><p>　　If changed after the client code can not be used, or if it is constructed with the help of the user interface, the code is expressed services layer. It A

17、SP page, or in the internal components used </p><p>　　ASP components. It does not belong to the operational targets of components. Understanding of the distinction between desktop and ASP client</p>&

18、lt;p>　　It was modular incumbent engine，different table's top' tradition uniline ran win32 application from that asp. Key distinction generalize as follows: Thread management : ASP is a multi-client threads. Th

19、is means that it can have many activities in the operation, perhaps at the same time dealing with different ASP page. This shows that it is not the only pseudo-objects to exclusive system users. This may be unexpected re

20、actions, for example, into a bad habit : the object stored in ASP application </p><p>　　Security environment : ASP is the Web site of the Internet Information Services 5.0 implementation, a low, medium, high

21、 three separate degrees. The Web site can even have different security setup, or refuse to allow anonymous access, for customer and so on. All these have generated a lot of programs, namely, the use of different end-user

22、 account is your object.</p><p>　　Easy rose : This is not a technical issue, but Web applications provide facilities Deputy effect. Traditionally, the increase in user base for desktop applications, the numb

23、er of requests carefully planned well known to the client transferred. ASP has changed the process in motion and operational, ASP-Visual Basic applications can be conveniently opened for local or worldwide for all staff,

24、 all business partners and customers all use. This approach can be used to describe - owned super links ind</p><p>　　In the use of Visual Basic ASP should target? In the context of the establishment and abol

25、ition of pages of your audience. In other words, as far as possible so that no state ASP pages only in a state of dependence conversation or temporary applications variables. Not to target storage applications in English

26、 or variables. This will lock in your conversation ASP systems, the expected value of flexibility may cancel all. In other words, the Web servers handle no more than a few dozens of users. I</p><p>　　The col

27、umn includes a lot of technology, practice and skills development can contribute to the expansion and reliable ASP components and applications.</p><p>　　Not to be quoted or applications memory at conversatio

28、n all the inserted object components are Visual Basic 6.0 "cell thread", that is to say they are operating in the Inter module. This means that if the thread established targets, then the object of all resource

29、s must use the same threads. Many threads (from it Web site users) use the same examples Agency targets, raises a series of activities, the application process may become bottlenecks.</p><p>　　In addition, i

30、n conversation with Server .Create Object stored within the object STA to be implemented threads can be effectively linked to the current user, thus it will be the largest applications to give users a few restrictions th

31、e 20xN (N = number of processors).</p><p>　　Mode operation:</p><p>　　If you according to our suggest to take object stateless, are not used for storage of a client, and stored in the context of

32、their applications. Client will be able to establish an independent, use and cancellation of their own target. This reduces the need for maintaining conversation - because they do not retain the skills unique to the stat

33、e. Recommended approach is to target a state, it needs a database or other storage area to visit (such as cookies and LDAP). If applications require the us</p><p>　　ASP security management :</p><p

34、>　　The basic concept of security management</p><p>　　Safety management is based on information and ASP solution to manage the security strategy has set the security level definition process. Including man

35、agement of the response to violations of the security act. ASP can be controlled without fear of attack and ASP clients business continuity, so to be able to deal with malicious attacks could really an art.</p>&l

36、t;p>　　Safety management in large measure dependent on the security strategy. These strategies could produce from different sources. To be considered when designing security strategy are :</p><p>　　Service

37、 level agreement on the definition of external customer needs external security law requires external suppliers within the ASP security strategy and security strategy in the ASP environment integrated customer circumstan

38、ces, the internal / external security strategy, For each solution, ASP must be defined security strategy. The strategy should be based on the various aspects of the most reliable Hop. According to customer needs, and eve

39、n the basic structure will be very different design. </p><p>　　The dedicated network joint of the both asp solution and safety precautions completeness by asp proceed end-to-end Control usually，these purpor

40、t asp versus proprietary basic structure subassembly possess full control，include asp and client of compartment. </p><p>　　Public : ASP solutions and security measures by ASP component control. Usually, this

41、 means that within the ASP is in control of its own website, but does not guarantee to provide solutions to the public network with control. However, the ASP can be used as "virtual private network" (VPN) to ca

42、rry out such technical links between ASP and client security.</p><p>　　Mixed : the solution is a combination of the previous two. "dedicated" and "common" solutions are used. In ensuring

43、security solutions, and also involves ASP customers.</p><p>　　There are five dimensions of the process needed to improve the MOF model : planning : planning activities including in customer requirements, as

44、well as internal and external strategies based on the legitimate demands of the SLA security component. In a dialogue with clients at the same time, it may be necessary to establish or adjust internal security strategy.

45、Of course we should decide whether to do so by the ASP. This resulted in a level of security planning, including all aspects of the sec</p><p>　　Implementation : Put stratification plane execute possession n

46、ecessary safety precautions，withal observe SLA suffer have definitive security part for in force. at a pinch，this phase return should put make ultra internal security policy over in force..</p><p>　　Assessme

47、nt : Assessment is essential to end security management process. It involves determining the strategy and measures adopted by the state and effectiveness.</p><p>　　Maintenance : maintenance based on the foll

48、owing security measures on the basis of : the results of regular inspections, the risk of changes in the situation clearly, and SLA or other conditions change.</p><p>　　Control : control activities can organ

49、ize and guide the security management process itself. Definition of a process control activities, functions, roles, responsibilities assigned, organizational structure and reporting structure. It is a continuing process

50、and to ensure the engine improvements.</p><p>　　Security management process must be continuous self improvement. New solutions, new technologies, new personnel, new steps, negligence may lead to the installa

51、tion of integrated security attackers solution.</p><p>　　ASP security configuration tool, ASP configuration tool for security managers should be very familiar with, because the system was associated with all

52、 aspects of information security, it is essential.</p><p>　　These tools should be very easy for you to answer the following questions : "My computer security?<SPAN style="mso-spacerun: yes"

53、> </SPAN>"or" My network security?<SPAN style="mso-spacerun: yes"> </SPAN>". These tools should allow for the definition of security strategy has covered all aspects of con

54、figuration and analysis, such as : account strategy. Installation or alteration visit strategies, including domain or local password strategies, domain or local domain Kerberos account lock strateg</p><p>　　

55、Local strategy. Of the local audit strategies, a wide range of user competence and the distribution of security option, such as diskettes, CD-ROM such control. Restricted group. To be embedded in the group and the alloca

56、tion of any other specific group or modify designated members of the group (such as Administrators, Server Operators, Backup Operators and Power Users, etc.). This should not be used as a management tool to use general m

57、embers-only used to control specific groups (with sensitive </p><p>　　Document or folder sharing. Distribution systems and document services Reorientation of equipment services devices installed. This includ

58、es visiting various networks, the sharing of documents and the closure of anonymous visits opening packet signatures and security of the option.</p><p>　　System Registry : installation or modification of the

59、 system of security of the Register. Storage systems : a local system or to modify the document tree inventory volumes and safety. Preparation : ASP for customers and prepare a secure environment for users to establish s

60、ecure, and documents. These tools should also help to monitor security strategy has been defined in all its aspects, such as : account strategy - passwords, lock and Kerberos installation.</p><p>　　The all t

61、hese figure of the use, closed loop video frequency grade of the both the access control of the start-up mode and access control of the policy of the mount of the both local policy-look through, user purview and secu

62、rity option. Event log-system, application, security and directory services log has reference to security option. event log-system, application, security and directory services log 'mount. restricted group-compose a

63、person engaged in some field of activity. System servic</p><p>　　Physics visit system-versus equipment drawing visit, calorie type key. These instrument return ought to could analysis block policy，all the wh

64、ile descend solstice subscriber stage. command rest instrument came analyses surveillance course suffer make a raise of. These instrument usually in particular trust statistical technique to.</p><p>　　The AS

65、P managers can use Windows 2000 "Windows 2000 security configuration tool set" for the following components of some or all of the above security. "security templates" management module. "security

66、 templates" management module is an independent Microsoft management control (MMC) management module, which can create templates based on the text document that includes all aspects of security for security.</p&g

67、t;<p>　　"security configuration and analysis" management module. "security configuration and analysis" management module is independent MMC management module, or it can analysis of the security

68、 of the Windows 2000 operating system. Based on its operational use "security templates" management modules security templates to establish the content.</p><p>　　Secedit.exe. Secedit.exe is a "

69、;security configuration and analysis" of the order management module line version. It enables security configuration and analysis in the absence of graphical user interface (GUI) of the implementation.</p>&l

70、t;p>　　Group strategy for the security of expansion. "security configuration tool set" also includes a group of the expansion strategy editorial management modules for configuration and local security policy

71、domain or organizational unit (OU) security strategy. Local security strategy include only the " Account number Strategy" and "local strategy" security. Domain or OU for the definition of security str

72、ategy may include all security.</p><p><b>　　外文資料翻譯譯文：</b></p><p>　　ASP的開發(fā)準則及安全管理</p><p><b>　　開發(fā)準則：</b></p><p>　　應用程序服務器被,或最終將被 Web 服務器所使用，它通常是運行

73、 ASP 頁面的 IIS 計算機。ASP 是您的對象的唯一客戶機。它帶來了專門的線程和安全考慮。雖然許多使用 ASP 的 Web 站點根本就不用組件，但在這篇文章中假定 ASP 是 Internet 客戶機和組件之間的橋梁。下面的 ASP 組件準則提供：</p><p>　　ASP 和組件之間的劃分服務 </p><p>　　ASP 最常用于在服務器上創(chuàng)建供客戶機使用的 HTML 或 XM

74、L 文件，因此我們主要討論這種使用方案。這就引出了一個常見的問題，如果 ASP 頁面在服務器上，那么它們是否屬于業(yè)務層的一部分呢？在組件世界中，答案通常是否。雖然 ASP 確實在服務器上運行，而且可能與應用程序服務器在同一個空間，但是這不能使它成為業(yè)務邏輯的一部分。</p><p>　　隨著用戶界面工具的發(fā)展或者隨著啟用更多的業(yè)務對業(yè)務方案，擁有這種明確的區(qū)別將獲得巨大的回報。</p><p&

75、gt;　　讓我們來看一些最重要的業(yè)務層和表示層劃分準則：</p><p>　　令 UI 代碼與業(yè)務邏輯分離。這包括編寫與 UI 耦合的代碼，例如使用 ASP 內(nèi)部組件的 MTS 對象，讓它與業(yè)務邏輯代碼分離，如同在不同的 DLL 中。</p><p>　　將事務與 ASP 頁面分離。事務 ASP 在某些情況下非常好，但是組件和多層應用程序會改變這種情況。組件不應該依賴由客戶機層來管理它們的

76、事務和業(yè)務邏輯語義。</p><p>　　將表示組件（使用請求和響應的組件）與 Web 服務器放在相同的機器和/或進程中。如果將使用 ASP 內(nèi)部組件對象的對象放在遠程機器上，那么對內(nèi)部組件的所有調(diào)用將以回調(diào)形式發(fā)生。調(diào)用 IIS 客戶機的是 COM+ 服務器，它顯著降低了性能并使安全配置復雜化?？梢詫⑦@些調(diào)整對象放在標記為“庫激活”的 COM+ 應用程序中。 </p><p>　　ASP

77、 存在于服務器上，因此 ASP 頁面必須符合資源共享規(guī)則，并且記住可伸縮性。請看下面的詳細內(nèi)容：</p><p>　　在“會話”中，管理應盡量避免用戶特定的狀態(tài)。保持 ASP 無狀態(tài)，并在可能的情況下允許資源池。 </p><p><b>　　操作方式：</b></p><p>　　在評價某個代碼段是否屬于業(yè)務邏輯或者表示層時，請問一下自己，“

78、如果我必須用按鍵式電話應用程序代替我的 ASP 頁面，那么該代碼是否還有用？”如果答案為“是”，那么可以嘗試將它劃分為業(yè)務邏輯代碼或者用戶界面幫助器代碼。 </p><p>　　如果改變了客戶機后該代碼不能用，或者如果它是構造用戶界面的幫助器，則該代碼屬于表示服務層。它在 ASP 頁面中，或在使用 ASP 內(nèi)部組件的組件中。它不屬于業(yè)務對象組件。</p><p>　　理解桌面與 ASP 客

79、戶機的區(qū)別 </p><p>　　ASP 是組件的特殊客戶機，不同于桌面上的傳統(tǒng)單線程 Win32 應用程序。主要區(qū)別概括如下:</p><p>　　線程管理：ASP 是多線程客戶機。這意味著可以有許多并發(fā)活動一起運行，也許在同一時刻處理不同的 ASP 頁面。這說明不能使對象偽稱它是唯一的使用者來獨占系統(tǒng)。這樣做可能有意外的反應，例如，養(yǎng)成一個壞習慣：將對象存儲在 ASP 會話或者應用程序

80、變量中。</p><p>　　安全環(huán)境：ASP 是由 Web 站點中的 Internet Information Services 5.0 執(zhí)行的，有低、中、高三種隔離度。甚至這些 Web 站點可以有不同的安全設置、允許或拒絕匿名訪問、驗證客戶等等。所有這些設置產(chǎn)生了大量的方案，即不同的用戶賬戶最終用的是您的對象。</p><p>　　輕松增長：這不是技術問題，而是 Web 應用程序所提供

81、設施的副效應。傳統(tǒng)上，為桌面應用程序增加用戶基，要求仔細計劃好向已知數(shù)量客戶機的轉出。ASP 已經(jīng)改變了該過程，在啟動和運行后，ASP-Visual Basic 應用程序可以方便地打開，供當?shù)氐幕蚴澜绶秶乃新殕T、所有業(yè)務伙伴和所有客戶使用?？梢杂眠@種方式描述 - 擁有超鏈接的單個電子郵件可以使用戶基成十倍地增長。您的應用程序為此作好準備了嗎？唯一了解的方式是對 Web 站點進行強度測試，以獲得實際性能的預期值。關于強度測試的詳細信息

82、，請參閱“應用程序生命周期”一節(jié)。 </p><p>　　在 ASP 內(nèi)應該如何使用 Visual Basic 對象？在頁面范圍內(nèi)創(chuàng)建和取消您的對象。也就是說，盡可能使 ASP 頁面無狀態(tài)，只在暫時狀態(tài)下依賴會話或應用程序變量。不要將對象存儲在會話或應用程序變量中。這將 ASP 線程鎖定到您的會話、取消所有可伸縮性的預期值。也就是說，Web 服務器處理的用戶數(shù)不會超過幾十個。如果需要在會話或應用程序中存儲內(nèi)容，請

83、使之成為數(shù)據(jù)而不是對象。還有可以遵守的許多其他準則。我們建議您閱讀 MSDN Voices 上 J. D. Meier 撰寫的專欄“Servin it Up”。該專欄包括了大量的技術、實踐和技巧，有助于開發(fā)可擴展的、可靠的 ASP 和組件應用程序。</p><p>　　不要將引用存儲在會話或應用程序中的 VB 對象中所有 Visual Basic 6.0 組件都是“單元線程”的，就是說它們都運行在 STA 單元中

84、。這意味著如果在線程中創(chuàng)建對象，那么對該對象的所有調(diào)用都必須用同一線程服務。許多線程（來自并發(fā) Web 站點用戶）使用 STA 對象的同一實例，會引起一連串的活動，有可能成為應用程序中的瓶頸。</p><p>　　此外，在會話范圍內(nèi)存儲用 Server. Create object 創(chuàng)建的 STA 對象，可以有效地將執(zhí)行線程聯(lián)系到當前用戶，從而將應用程序的最大并發(fā)用戶數(shù)限制到默認的 20xN（N = 處理器數(shù)量）

85、。</p><p><b>　　操作方式 </b></p><p>　　如果您按照我們的建議使對象無狀態(tài)，則不需要存儲引用以供客戶機復用，并在應用程序范圍內(nèi)存儲它們?？蛻魴C將能夠獨立創(chuàng)建、使用和取消它們自己的對象。這就減少了保持會話特有對象的需要，原因是它們不保留會話特有的狀態(tài)。推薦的方式是使對象無狀態(tài)，它在需要時訪問數(shù)據(jù)庫或其他存儲區(qū)（例如 cookies 和 LD

86、AP）。如果需要使用會話或應用程序范圍的數(shù)據(jù)，請將數(shù)據(jù)，而不是處理數(shù)據(jù)的對象，存儲在此。您可以創(chuàng)建一個類，來封裝對所需值的處理。</p><p><b>　　ASP安全管理：</b></p><p>　　ASP 安全管理的基本概念</p><p>　　安全管理是根據(jù)對信息和 ASP 解決方案安全策略中的設定來管理已定義的安全級別的過程。其中包括

87、管理對違反安全行為的反應?？梢钥刂乒舳挥脫?ASP 以及 ASP 客戶業(yè)務的持續(xù)性，能夠這樣來對付惡意方的攻擊可真是一門藝術。 </p><p>　　安全管理在很大程度上依賴于安全策略。這些策略可從不同來源中產(chǎn)生。設計安全性時要考慮的策略有： </p><p>　　服務級別協(xié)議中定義的外部客戶需求 </p><p>　　關于安全的外部法律要求 </p&g

88、t;<p>　　外部供應商安全策略 </p><p>　　內(nèi)部 ASP 安全策略 </p><p>　　在 ASP 和客戶環(huán)境的集成情況下，內(nèi)部/外部的安全策略 </p><p>　　對于每個解決方案，ASP 必須定義安全策略。該策略應是基于上述各個方面的最可靠的合。 </p><p>　　根據(jù)客戶的需求，即使是基本結構的設計也

89、會很不相同。通常使用三種安全設計： </p><p>　　專用：ASP 解決方案和安全措施完全由 ASP 進行端對端的控制。通常，這意味著 ASP 對所有的基本結構組件具有完全的控制，包括 ASP 和客戶之間的專用網(wǎng)絡連接。 </p><p>　　公用：ASP 解決方案和安全措施由 ASP 部分控制。通常，這意味著 ASP 在自己的站點內(nèi)具有控制權，但是不保證對用來提供解決方案的公用網(wǎng)絡具

90、有控制權。然而，ASP 可使用像“虛擬專用網(wǎng)絡”(VPN) 這樣的技術來進行 ASP 和客戶安全之間的連接。 </p><p>　　混合：該解決方案是前面兩種的組合?！皩Ｓ谩焙汀肮谩苯鉀Q方案都使用。在確保安全的解決方案時，同時涉及到 ASP 和客戶。 </p><p>　　該過程有五個層面需要遵照 MOF 模型進行改進： </p><p>　　規(guī)劃：規(guī)劃活動包括在

91、客戶要求、內(nèi)部和外部策略以及合法要求的基礎上建立 SLA 安全部分的方式。在與客戶進行對話的同時，可能有必要確定或調(diào)整內(nèi)部安全策略。當然要由 ASP 來決定是否這樣做。此層面的結果是產(chǎn)生一個安全規(guī)劃，其中包括安全策略和所有方面的設計（基本結構、人員、步驟、環(huán)境、基礎合同等等）。 </p><p>　　實施：實施層面執(zhí)行所有必要的安全措施，以遵守 SLA 中已經(jīng)定義的安全部分。必要時，此階段還將實施更改過的內(nèi)部安全

92、策略。 </p><p>　　評估：評估是結束安全管理過程所必不可少的。它涉及所采用措施和所確定策略的狀態(tài)和有效性。 </p><p>　　維護：安全措施的維護建立在以下方面的基礎上：定期檢查的結果、對變化的風險狀況的洞察，以及 SLA 或其它條件的更改。 </p><p>　　控制：控制活動可組織并指導安全管理過程本身?？刂苹顒佣x子進程、功能、角色、責任分配、組

93、織結構和報告結構。它是過程的引擎并確保進行持續(xù)的改進。 </p><p>　　安全管理過程必須不斷地進行自身改進。新解決方案、新技術、新人員、新步驟、疏忽都可能導致攻擊者攻破所安裝的安全解決方案。自：動態(tài)網(wǎng)站制作指南 | www.knowsky.com</p><p>　　ASP 的安全配置工具 </p><p>　　ASP 管理員應當對安全配置工具非常熟悉，因為要

94、獲得系統(tǒng)中與安全相關的所有方面的信息，這是必不可少的。 </p><p>　　這些工具應當使您非常容易地回答以下問題：“我的計算機安全嗎？”，或者“我的網(wǎng)絡安全嗎？”。這些工具應當允許對已定義的安全策略所包含的所有方面進行配置和分析，例如： </p><p>　　賬號策略。 設置或更改訪問策略，包括域或本地密碼策略、域或本地賬戶鎖定策略以及域 Kerberos 策略（在適用情況下）。 &l

95、t;/p><p>　　本地策略。 配置本地審核策略、用戶權限分配和各式各樣的安全選項，例如對軟盤、CD-ROM 等的控制。 </p><p>　　受限制的組。 對內(nèi)置的組以及要進行配置的任何其它特定組指定或更改組成員（如 Administrators、Server Operators、Backup Operators、Power Users 等）。這不應作為一般的成員管理工具來使用 - 只用來

96、控制特定組（具有指定給他們的敏感功能）的成員。 </p><p>　　系統(tǒng)服務。 配置安裝在系統(tǒng)上不同服務（包括網(wǎng)絡傳輸服務如 TCP/IP、NetBIOS、CIFS 文件共享、打印等）的安全性。如果不使用，則會停止 TCP/IP 之外的服務。有關詳細信息，請參見 http://www.microsoft.com/technet/ </p><p>　　文件或文件夾共享。 配置文件系統(tǒng)和重

97、定向器服務的設置。這包括訪問各種網(wǎng)絡文件共享時關閉匿名訪問以及啟用數(shù)據(jù)包簽名和安全性的選項。 </p><p>　　系統(tǒng)注冊表： 設置或更改有關系統(tǒng)注冊表項的安全性。 </p><p>　　系統(tǒng)存儲： 設置或更改本地系統(tǒng)文件卷和目錄樹的安全性。 </p><p>　　準備： 為客戶和 ASP 準備一個安全的環(huán)境，以便安全地創(chuàng)建用戶、文件等。 </p>

98、<p>　　這些工具還應當有助于監(jiān)視安全策略中已定義的所有方面，例如： </p><p>　　賬號策略 - 密碼、鎖定以及 Kerberos 設置。 </p><p>　　本地策略 - 審核、用戶權限和安全選項. </p><p>　　事件日志 - 系統(tǒng)、應用程序、安全和目錄服務日志的設置。 </p><p>　　受限制的組 - 有

99、關組的成員的策略。 </p><p>　　系統(tǒng)服務 - 系統(tǒng)服務的啟動模式和訪問控制。 </p><p>　　注冊表 - 注冊表項的訪問控制。 </p><p>　　文件系統(tǒng) - 文件夾和文件的訪問控制。 </p><p>　　物理訪問系統(tǒng) - 對設備的訪問、卡式鑰匙的使用、閉環(huán)視頻等。 </p><p>　　這些工具

100、還應當可以分析組策略，一直下行至用戶級?？梢允褂闷渌ぞ邅矸治霰O(jiān)視過程中收集到的全部數(shù)據(jù)。這些工具通常特別依賴于統(tǒng)計技術。 </p><p>　　使用 Windows 2000 的 ASP 管理員可用“Windows 2000 安全配置工具集”的下列組件來配置上述部分或全部的安全方面。 </p><p>　　“安全模板”管理單元。“安全模板”管理單元是獨立的 Microsoft 管理控制臺

101、 (MMC) 管理單元，它可以創(chuàng)建基于文本的模板文件，該文件包含所有安全方面的安全設置。 </p><p>　　“安全配置和分析”管理單元。“安全配置和分析”管理單元是獨立的 MMC 管理單元，它可以配置或分析 Windows 2000 操作系統(tǒng)的安全性。其操作基于使用“安全模板”管理單元創(chuàng)建的安全模板的內(nèi)容。 </p><p>　　Secedit.exe。Secedit.exe 是“安全