Win2003环境下的一键系统安全批处理
程序员文章站
2022-04-25 11:57:59
复制代码 代码如下:@echo off echo ---------------------------------- echo ----正在备份注册表 请稍后....--...
复制代码 代码如下:
@echo off
echo ----------------------------------
echo ----正在备份注册表 请稍后....----
echo ----------------------------------
reg export "hkey_local_machine" c:/reg_backup.reg
echo ----------------------
echo ----注册表备份完成----
echo ----------------------
ping 127.0.0.1 -n 3 >nul
echo -----------------------------------
echo ----安全配置正在改写 请稍候...----
echo -----------------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------
echo ----正在禁用空连接----
echo ----------------------
reg add hkey_local_machine\system\currentcontrolset\control\lsa /v restrictanonymous /t reg_dword /d 1 /f
echo --------------------------
echo ----禁用空连接设置完毕----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------
echo ----正在删除默认共享----
echo ------------------------
reg add hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters /v autoshareserver /t reg_dword /d 0 /f
echo ----------------------------
echo ----删除默认共享设置完毕----
echo ----------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------------
echo ----正在修改ttl值请稍后...----
echo ------------------------------
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v defaultttl /t reg_dword /d 53 /f
echo -------------------
echo ----ttl修改完毕----
echo -------------------
@ping 127.0.0.1 -n 3 >nul
echo -----------------------
echo ----防止syn洪水攻击----
echo -----------------------
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v synattackprotect /t reg_dword /d 2 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v enablepmtudiscovery /t reg_dword /d 0 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v nonamereleaseondemand /t reg_dword /d 1 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v enabledeadgwdetect /t reg_dword /d 0 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v keepalivetime /t reg_dword /d 300000 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v performrouterdiscovery /t reg_dword /d 0 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v enableicmpredirects /t reg_dword /d 0 /f
echo -------------------------------
echo ----防止syn洪水攻击设置完毕----
echo -------------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------------
echo ------------------------------
echo ---- 系统服务修改 ----
echo ------------------------------
echo ------------------------------
@ping 127.0.0.1 -n 3 >nul
echo --------------------
echo ----修改3389端口----
echo --------------------
reg add "hkey_local_machine\system\currentcontrolset\control\terminal server\wds dpwd\tds\tcp" /v portnumber /t reg_dword /d 44454 /f
reg add "hkey_local_machine\system\currentcontro1set\control\tenninal server\winstations\rdp\tcp" /v portnumber /t reg_dword /d 44454 /f
echo --------------------
echo ----修改port完毕----
echo --------------------
@ping 127.0.0.1 -n 3 >nul
echo -------------------------------------
echo ----正在开启系统防火墙 请稍后....----
echo -------------------------------------
sc config sharedaccess start= auto & net start sharedaccess
echo ------------------------
echo ----系统防火墙已开启----
echo ------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------
echo ----正在关闭共享打印服务----
echo ----------------------------
@sc config spooler start= disabled
sc config lanmanserver start= disabled
sc config lmhosts start= disabled
echo --------------------------
echo ----已关闭共享打印服务----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------
echo ----正在关闭远程协助服务----
echo ----------------------------
@sc config rdsessmgr start= disabled
echo --------------------------
echo ----已关闭远程协助服务----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------------
echo ----正在关闭远程注册表服务----
echo ------------------------------
@sc config remoteregistry start= disabled
echo ----------------------------
echo ----已关闭远程注册表服务----
echo ----------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------
echo ----关闭自动硬件播放通知----
echo ----------------------------
sc config shellhwdetection start= disabled
echo -----------------------
echo ----自动播放通知关闭---
echo -----------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------------------
echo ----正在关闭替换凭据下的启动进程服务----
echo ----------------------------------------
sc config seclogon start= disabled
echo --------------------------
echo ----已关闭启动进程服务----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------------------
echo ----ieee 802.11 适配器的自动配置----
echo ------------------------------------
sc config wzcsvc start= disabled
echo ------------------
echo ----已关闭ieee----
echo ------------------
@ping 127.0.0.1 -n 3 >nul
echo --------------------------
echo ----客户端跟踪服务关闭----
echo --------------------------
sc config trksvr start= disabled
sc config msdtc start= disabled
echo ----------------------------
echo ----已关闭客户端跟踪服务----
echo ----------------------------
@ping 127.0.0.1 -n 3 >nul
echo --------------------
echo ----帮助中心关闭----
echo --------------------
sc config helpsvc start= disabled
echo --------------------------
echo ----已关闭帮助中心服务----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo --------------------------------
echo --------------------------------
echo ---- 系统权限加固 ----
echo --------------------------------
echo --------------------------------
echo -------------------------------------------------------
echo ----c盘(系统盘) (administrators,system完全控制权限)----
echo -------------------------------------------------------
cacls c:\ /t /c /g administrators:f system:f
echo -------------------------------------------
echo ----common files (everyone用户只读权限)----
echo -------------------------------------------
cacls "c:\program files\common files" /t /e /c /g everyone:r
echo -------------------------------------------------------------
echo ----iis temporary compressed files (everyone用户更改权限)----
echo -------------------------------------------------------------
cacls "c:\windows\iis temporary compressed files" /t /e /c /g everyone:c
echo --------------------------------------------
echo ----microsoft.net (everyone用户只读权限)----
echo --------------------------------------------
cacls c:\windows\microsoft.net /t /e /c /g everyone:r
echo ------------------------------------------------------
echo ----temporary asp.net files (everyone用户更改权限)----
echo ------------------------------------------------------
cacls "c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files" /t /e /c /g everyone:c
echo ------------------------------------------------------
echo ----temporary asp.net files (everyone用户更改权限)----
echo ------------------------------------------------------
cacls "c:\windows\microsoft.net\framework\v2.0.50727\temporary asp.net files" /t /e /c /g everyone:c
echo -------------------------------------------
echo ----registration (everyone用户读取权限)----
echo -------------------------------------------
cacls c:\windows\registration /t /e /c /g everyone:r
echo -----------------------------------
echo ----temp (everyone用户更改权限)----
echo -----------------------------------
cacls c:\windows\temp /t /e /c /g everyone:c
echo -------------------
@echo off
echo ----------------------------------
echo ----正在备份注册表 请稍后....----
echo ----------------------------------
reg export "hkey_local_machine" c:/reg_backup.reg
echo ----------------------
echo ----注册表备份完成----
echo ----------------------
ping 127.0.0.1 -n 3 >nul
echo -----------------------------------
echo ----安全配置正在改写 请稍候...----
echo -----------------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------
echo ----正在禁用空连接----
echo ----------------------
reg add hkey_local_machine\system\currentcontrolset\control\lsa /v restrictanonymous /t reg_dword /d 1 /f
echo --------------------------
echo ----禁用空连接设置完毕----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------
echo ----正在删除默认共享----
echo ------------------------
reg add hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters /v autoshareserver /t reg_dword /d 0 /f
echo ----------------------------
echo ----删除默认共享设置完毕----
echo ----------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------------
echo ----正在修改ttl值请稍后...----
echo ------------------------------
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v defaultttl /t reg_dword /d 53 /f
echo -------------------
echo ----ttl修改完毕----
echo -------------------
@ping 127.0.0.1 -n 3 >nul
echo -----------------------
echo ----防止syn洪水攻击----
echo -----------------------
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v synattackprotect /t reg_dword /d 2 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v enablepmtudiscovery /t reg_dword /d 0 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v nonamereleaseondemand /t reg_dword /d 1 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v enabledeadgwdetect /t reg_dword /d 0 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v keepalivetime /t reg_dword /d 300000 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v performrouterdiscovery /t reg_dword /d 0 /f
reg add hkey_local_machine\system\currentcontrolset\services\tcpip\parameters /v enableicmpredirects /t reg_dword /d 0 /f
echo -------------------------------
echo ----防止syn洪水攻击设置完毕----
echo -------------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------------
echo ------------------------------
echo ---- 系统服务修改 ----
echo ------------------------------
echo ------------------------------
@ping 127.0.0.1 -n 3 >nul
echo --------------------
echo ----修改3389端口----
echo --------------------
reg add "hkey_local_machine\system\currentcontrolset\control\terminal server\wds dpwd\tds\tcp" /v portnumber /t reg_dword /d 44454 /f
reg add "hkey_local_machine\system\currentcontro1set\control\tenninal server\winstations\rdp\tcp" /v portnumber /t reg_dword /d 44454 /f
echo --------------------
echo ----修改port完毕----
echo --------------------
@ping 127.0.0.1 -n 3 >nul
echo -------------------------------------
echo ----正在开启系统防火墙 请稍后....----
echo -------------------------------------
sc config sharedaccess start= auto & net start sharedaccess
echo ------------------------
echo ----系统防火墙已开启----
echo ------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------
echo ----正在关闭共享打印服务----
echo ----------------------------
@sc config spooler start= disabled
sc config lanmanserver start= disabled
sc config lmhosts start= disabled
echo --------------------------
echo ----已关闭共享打印服务----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------
echo ----正在关闭远程协助服务----
echo ----------------------------
@sc config rdsessmgr start= disabled
echo --------------------------
echo ----已关闭远程协助服务----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------------
echo ----正在关闭远程注册表服务----
echo ------------------------------
@sc config remoteregistry start= disabled
echo ----------------------------
echo ----已关闭远程注册表服务----
echo ----------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------
echo ----关闭自动硬件播放通知----
echo ----------------------------
sc config shellhwdetection start= disabled
echo -----------------------
echo ----自动播放通知关闭---
echo -----------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------------------
echo ----正在关闭替换凭据下的启动进程服务----
echo ----------------------------------------
sc config seclogon start= disabled
echo --------------------------
echo ----已关闭启动进程服务----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------------------
echo ----ieee 802.11 适配器的自动配置----
echo ------------------------------------
sc config wzcsvc start= disabled
echo ------------------
echo ----已关闭ieee----
echo ------------------
@ping 127.0.0.1 -n 3 >nul
echo --------------------------
echo ----客户端跟踪服务关闭----
echo --------------------------
sc config trksvr start= disabled
sc config msdtc start= disabled
echo ----------------------------
echo ----已关闭客户端跟踪服务----
echo ----------------------------
@ping 127.0.0.1 -n 3 >nul
echo --------------------
echo ----帮助中心关闭----
echo --------------------
sc config helpsvc start= disabled
echo --------------------------
echo ----已关闭帮助中心服务----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo --------------------------------
echo --------------------------------
echo ---- 系统权限加固 ----
echo --------------------------------
echo --------------------------------
echo -------------------------------------------------------
echo ----c盘(系统盘) (administrators,system完全控制权限)----
echo -------------------------------------------------------
cacls c:\ /t /c /g administrators:f system:f
echo -------------------------------------------
echo ----common files (everyone用户只读权限)----
echo -------------------------------------------
cacls "c:\program files\common files" /t /e /c /g everyone:r
echo -------------------------------------------------------------
echo ----iis temporary compressed files (everyone用户更改权限)----
echo -------------------------------------------------------------
cacls "c:\windows\iis temporary compressed files" /t /e /c /g everyone:c
echo --------------------------------------------
echo ----microsoft.net (everyone用户只读权限)----
echo --------------------------------------------
cacls c:\windows\microsoft.net /t /e /c /g everyone:r
echo ------------------------------------------------------
echo ----temporary asp.net files (everyone用户更改权限)----
echo ------------------------------------------------------
cacls "c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files" /t /e /c /g everyone:c
echo ------------------------------------------------------
echo ----temporary asp.net files (everyone用户更改权限)----
echo ------------------------------------------------------
cacls "c:\windows\microsoft.net\framework\v2.0.50727\temporary asp.net files" /t /e /c /g everyone:c
echo -------------------------------------------
echo ----registration (everyone用户读取权限)----
echo -------------------------------------------
cacls c:\windows\registration /t /e /c /g everyone:r
echo -----------------------------------
echo ----temp (everyone用户更改权限)----
echo -----------------------------------
cacls c:\windows\temp /t /e /c /g everyone:c
echo -------------------
echo ----assembly (everyone用户读取权限)----
echo ---------------------------------------
cacls c:\windows\assembly /t /e /c /g everyone:r
echo -------------------------------------
echo ----winsxs (everyone用户读取权限)----
echo -------------------------------------
cacls c:\windows\winsxs /t /e /c /g everyone:r
echo ------------------------------------
echo ----fonts (everyone用户读取权限)----
echo ------------------------------------
cacls c:\windows\fonts /t /e /c /g everyone:r
echo ---------------------------------------
echo ----system32 (everyone用户读取权限)----
echo ---------------------------------------
cacls c:\windows\system32 /t /e /c /g everyone:r
echo ------------------------------------------
echo ----msdtc (networkservice用户更改权限)----
echo ------------------------------------------
cacls c:\windows\system32\msdtc /t /e /c /g networkservice:c
echo -----------------------------------------------------
echo ----asp compiled templates (everyone用户更改权限)----
echo -----------------------------------------------------
cacls "c:\windows\system32\inetsrv\asp compiled templates" /t /e /c /g everyone:c
echo ------------------------------------
echo ----*.exe (去除everyone用户权限)----
echo ------------------------------------
cacls c:\windows\system32\*.exe /e /c /r everyone
echo ------------------------------------
echo ----cmd.exe (去除system用户权限)----
echo ------------------------------------
cacls c:\windows\system32\cmd.exe /e /c /r system
echo ------------------------------------
echo ----net.exe (去除system用户权限)----
echo ------------------------------------
cacls c:\windows\system32 et.exe /e /c /r system
echo -------------------------------------
echo ----net1.exe (去除system用户权限)----
echo -------------------------------------
cacls c:\windows\system32 et1.exe /e /c /r system
echo ----------------------------------------
echo ----msdtc.exe (everyone用户读取权限)----
echo ----------------------------------------
cacls c:\windows\system32\msdtc.exe /e /c /g everyone:r
echo ------------------------------------------
echo ----dllhost.exe (everyone用户读取权限)----
echo ------------------------------------------
cacls c:\windows\system32\dllhost.exe /e /c /g everyone:r
echo ------------------------------------------
echo ----svchost.exe (everyone用户读取权限)----
echo ------------------------------------------
cacls c:\windows\system32\svchost.exe /e /c /g everyone:r
echo --------------------
echo --------------------
echo ----系统加固完毕----
echo --------------------
echo --------------------
@ping 127.0.0.1 -n 3 >nul
echo -----------------------------
echo ----安全设置完毕 欢迎使用----
echo -----------------------------
echo ------------------
echo ----重启服务器----
echo ------------------
@ping 127.0.0.1
shutdown -r
@pause
将上面的代码保存为1.cmd或1.bat,双击运行下即可。
推荐阅读
-
Win2003下通过IP安全策略限制udp-flood发包的批处理代码
-
script_tool_for_linux.bash: Linux 环境下的 hosts 一键部署脚本
-
Win2003环境下的一键系统安全批处理
-
DISCUZ在win2003环境下 Unable to access ./include/common.inc.php in... 的问题终极解决方案
-
script_tool_for_windows.bat Windows 环境下的 hosts 一键部署脚本
-
一键配置jdk环境变量的批处理代码
-
DISCUZ在win2003环境下 Unable to access ./include/common.inc.php in... 的问题终极解决方案_php技巧
-
DISCUZ在win2003环境下 Unable to access /include/commonincphp in 的问题终极解决方案
-
DISCUZ在win2003环境下 Unable to access /include/commonincphp in 的问题终极解决方案
-
Win2003下PHP运行环境的简易安装配置