批处理设置windows服务器的代码ThecSafe1.9.4第2/3页
更新时间:2008年01月19日 20:41:21 作者:
一个既是服务器安全设置工具,也是一个学习批处理非常好的教程。虽然入手看是难了点,只有带着问题去学习才能真正的去了解。
@REM Performance Logs and Alerts (效能记录文件及警示)
@REM 微软:收集本地或远程计算机基于预先配置的计划参数的性能数据,然后将此数据写入日志或触发警报。如果此服务被终止,将不会收集性能信息。如果此服务被禁用,任何依赖它的服务将无法启动。
@REM 补充: 没什么价值的服务
@REM 建议: 禁用
sc config SysmonLog start= DISABLED
sc stop SysmonLog
@REM Telephony (电话语音)
@REM 微软:为本机计算机上及经由局域网络连接到正在执行此服务的服务器上,控制电话语音装置和 IP 为主语音联机的程序,提供电话语音 API (TAPI) 支持。
@REM 补充: 一般的拨号调制解调器或是一些 DSL/Cable 可能用到
@REM 依存: Plug and Play、remote Procedure Call (RPC)、remote Access Connection Manager、remote Access Auto Connection Manager
@REM 建议: 手动
sc config TapiSrv start= DISABLED
sc stop SysmonLog
@REM Distributed Link Tracking Client (分布式连结追踪客户端)
@REM 微软: 维护计算机中或网络网域不同计算机中 NTFS 档案间的连结。
@REM 补充: 维护区网内不同计算机之间的档案连结
@REM 依存:remote Procedure Call (RPC)
@REM 建议: 禁用
sc config TrkWks start= DISABLED
sc stop TrkWks
@REM Portable Media Serial Number
@REM 微软: Retrieves the serial number of any portable music player connected to your computer
@REM 补充:透过联机计算机重新取得任何音乐拨放序号?没什么价值的服务
@REM 建议: 禁用
sc config WmdmPmSN start= DISABLED
sc stop WmdmPmSN
@REM WMI Performance Adapter
@REM 微软: 提供来自 WMIHiPerf 提供者的效能链接库信息。
@REM 补充: 如上所提
@REM 依存:remote Procedure Call (RPC)
@REM 建议: 禁用
sc config WmiApSrv start= DISABLED
sc stop WmiApSrv
@REM Automatic Updates
@REM 微软: 启用重要 Windows 更新的下载及安装。如果停用此服务,可以手动的从 Windows Update 网站上更新操作系统。
@REM 补充: 允许 Windows 于背景自动联机之下,到 Microsoft Servers 自动检查和下载更新修补程序
@REM 建议: 禁用
sc config wuauserv start= DISABLED
sc stop wuauserv
@REM Fast User Switching Compatibility[For XP]
@REM 为在多用户下需要协助的应用程序提供管理。依赖RPC。
sc config FastUserSwitchingCompatibility start= DEMAND
sc stop FastUserSwitchingCompatibility
@REM System Restore Service[For XP]
@REM 执行系统还原功能。要停止服务,请从“我的电脑”的属性中的系统还原选项卡关闭系统还原。
sc config srservice start= DISABLED
sc stop srservice
@REM SSDP Discovery Service[For XP]
@REM 启动您家庭网络上的 UPnP 设备的发现。
sc config SSDPSRV start= DISABLED
sc stop SSDPSRV
@REM telnet
@REM 允许远程用户登录到此计算机并运行程序,并支持多种 TCP/IP Telnet 客户,包括基于 UNIX 和 Windows 的计算机。如果此服务停止,远程用户就不能访问程序,任何直接依靠它的服务将会启动失败。
sc config TlntSvr start= DISABLED
sc stop TlntSvr
@REM Universal Plug and Play Device Host[For XP]
@REM 为主持通用即插即用设备提供支持。
sc config upnphost start= DEMAND
sc stop upnphost
@REM Security Center[For XP]
@REM 监视系统安全设置和配置。
sc config wscsvc start= DISABLED
sc stop wscsvc
@REM System Event Notification
@REM 监视系统事件并通知 COM+ 事件系统“订阅者(subscriber)”。如果此服务被停用,COM+ 事件系统“订阅者”将接收不到系统事件通知。如果此服务被禁用,任何依赖于它的服务将无法启用。
@REM 建议: 禁用
sc config SENS start= DISABLED
sc stop SENS
@REM COM+ Event System
@REM 支持系统事件通知服务 (SENS),此服务为订阅的组件对象模型 (COM) 组件提供自动分布事件功能。如果停止此服务,SENS 将关闭,而且不能提供登录和注销通知。如果禁用此服务,显式依赖此服务的其他服务都将无法启动。
@REM 建议: 禁用
sc config EventSystem start= DISABLED
sc stop EventSystem
@REM Windows Audio
@REM 管理基于 Windows 的程序的音频设备。如果此服务被终止,音频设备及其音效将不能正常工作。如果此服务被禁用,任何依赖它的服务将无法启动。
@REM 补充:服务器上用什么声卡呀,去掉了!
@REM 建议: 禁用
sc config AudioSrv start= DISABLED
sc stop AudioSrv
@REM Computer Browser
@REM 维护网络上计算机的更新列表,并将列表提供给计算机指定浏览。如果服务停止,列表不会被更新或维护。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。
@REM 建议: 禁用
sc config Browser start= DISABLED
sc stop Browser
@REM Task Scheduler
@REM 使用户能在此计算机上配置和计划自动任务。如果此服务被终止,这些任务将无法在计划时间里运行。如果此服务被禁用,任何依赖它的服务将无法启动。
@REM 建议: 禁用
sc config Schedule start= DISABLED
sc stop Schedule
@REM Routing and Remote Access
@REM 在局域网以及广域网环境中为企业提供路由服务。
@REM 建议: 禁用
sc config RemoteAccess start= DISABLED
sc stop RemoteAccess
@REM Removable Storage
@REM 管理和编录可移动媒体并操作自动化可移动媒体设备。如果这个服务被停止,依赖可移动存储的程序,如备份和远程存储将放慢速度。如果禁用这个服务,所有专依赖这个服务的服务将无法启动。
@REM 建议: 禁用
sc config NtmsSvc start= DISABLED
sc stop NtmsSvc
@REM Remote Registry
@REM 使远程用户能修改此计算机上的注册表设置。如果此服务被终止,只有此计算机上的用户才能修改注册表。如果此服务被禁用,任何依赖它的服务将无法启动。
@REM 建议: 禁用
sc config RemoteRegistry start= DISABLED
sc stop RemoteRegistry
@REM Print Spooler
@REM 管理所有本地和网络打印队列及控制所有打印工作。如果此服务被停用,本地计算机上的打印将不可用。如果此服务被禁用,任何依赖于它的服务将无法启用。
@REM 建议: 禁用
sc config Spooler start= DISABLED
sc stop Spooler
@REM Error Reporting Service
@REM 收集、存储和向 Microsoft 报告异常应用程序崩溃。如果此服务被停用,那么错误报告仅在内核错误和某些类型用户模式错误时发生。如果此服务被禁用,任何依赖于它的服务将无法启用。
@REM 建议: 禁用
sc config ERSvc start= DISABLED
sc stop ERSvc
@REM Workstation
@REM 创建和维护到远程服务的客户端网络连接。如果服务停止,这些连接将不可用。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。黑客可以用此服务看到所有计算机用户。
@REM 建议: 禁用
sc config lanmanworkstation start= DISABLED
sc stop lanmanworkstation
@REM Help and Support
@REM 启用在此计算机上运行帮助和支持中心。如果停止服务,帮助和支持中心将不可用。如果禁用服务,任何直接依赖于此服务的服务将无法启动。
@REM 建议: 禁用
sc config helpsvc start= DISABLED
sc stop helpsvc
Echo 系统服务优化设定完毕! 请按任意键返回并选4继续...
pause >nul
Goto start
:Reg
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 注册表相关设定
reg delete HKEY_CLASSES_ROOT\WScript.Shell /f
reg delete HKEY_CLASSES_ROOT\WScript.Shell.1 /f
reg delete HKEY_CLASSES_ROOT\Shell.application /f
reg delete HKEY_CLASSES_ROOT\Shell.application.1 /f
reg delete HKEY_CLASSES_ROOT\WSCRIPT.NETWORK /f
reg delete HKEY_CLASSES_ROOT\WSCRIPT.NETWORK.1 /f
regsvr32 /s /u wshom.ocx
regsvr32 /s /u wshext.dll
regsvr32 /s /u shell32.dll
Echo 注册表危险组件删除设定完毕! 请按任意键返回并选5继续...
PAUSE >nul
Goto start
:Ddos
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 防DDOS洪水攻击处理
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_BINARY /d "01 00 00 00" /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsHistory /t REG_BINARY /d "01 00 00 00" /f
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DontDisplayLastUserName /t REG_SZ /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareServer /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareWks /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirect /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v KeepAliveTime /t REG_DWORD /d "0x000927c0" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SynAttackProtect /t REG_DWORD /d "00000002" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpen /t REG_DWORD /d "0x000001f4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpenRetried /t REG_DWORD /d "00000190" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxConnectResponseRetransmissions /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxDataRetransmissions /t REG_DWORD /d "00000003" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TCPMaxPortsExhausted /t REG_DWORD /d "00000005" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v DisableIPSourceRouting /t REG_DWORD /d "00000002" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpTimedWaitDelay /t REG_DWORD /d "0x0000001e" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpNumConnections /t REG_DWORD /d "0x00004e20" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnablePMTUDiscovery /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v NoNameReleaseOnDemand /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableDeadGWDetect /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v PerformRouterDiscovery /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirects /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v BacklogIncrement /t REG_DWORD /d "00000005" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v MaxConnBackLog /t REG_DWORD /d "0x000007d0" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v EnableDynamicBacklog /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MinimumDynamicBacklog /t REG_DWORD /d "00000014" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MaximumDynamicBacklog /t REG_DWORD /d "00007530" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v DynamicBacklogGrowthDelta /t REG_DWORD /d "0x0000000a" /f
Rem 关闭445端口
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v SMBDeviceEnabled /t REG_DWORD /d "00000000" /f
Rem 关闭135端口
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole" /v EnableDCOM /t REG_SZ /d "N" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc" /v "DCOM Protocols" /t REG_MULTI_SZ /d "" /f
Rem 禁止dump file的产生和删除现有MEMORY.DMP文件
Rem dump文件在系统崩溃和蓝屏的时候是一份很有用的查找问题的资料。然而,它也能够给黑客提供一些敏感信息比如一些应用程序的密码等。
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 00000000 /f
attrib %SystemRoot%\MEMORY.DMP -s -r -h
del %SystemRoot%\MEMORY.DMP /s /q /f
Echo 防DDOS洪水攻击处理完毕! 请按任意键返回并选6继续...
PAUSE >nul
Goto start
:Ipsec
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 导入常来网专用IP安全策略
netsh ipsec static importpolicy ThecSafe.ipsec
netsh ipsec static set policy name="常来网专用安全策略" assign=y
Rem 导入常来网专用组策略
secedit /configure /db ThecSafe.sdb /cfg ThecSafe.inf /quiet
del ThecSafe.sdb
Echo 导入常来网专用安全策略完毕! 请按任意键返回并选7继续...
PAUSE >nul
Goto start
:restartiis
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 重启IIS使设置生效
iisreset.exe
Echo IIS服务重启完毕! 请按任意键返回并选其他操作继续...
PAUSE >nul
Goto start
:Auto
CLS
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Echo 正在清理系统垃圾文件,请稍等......
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
del /f /s /q %windir%\temp\*.*
del /f /s /q %userprofile%\cookies\*.*
del /f /s /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
del /f /s /q "%userprofile%\recent\*.*"
Echo 清理系统垃圾完成! 现在自动转入下一步继续执行......
CLS
Echo 正在删除系统危险文件的访问权限,只留管理组成员!请稍等......
cscript.exe xcacls.vbs "%SystemDrive%/boot.ini" /G Administrators:F
cscript.exe xcacls.vbs "%SystemDrive%/boot.ini" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemDrive%/AUTOEXEC.BAT" /G Administrators:F
cscript.exe xcacls.vbs "%SystemDrive%/AUTOEXEC.BAT" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/Internet Explorer/iexplore.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/Internet Explorer/iexplore.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/net.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/net.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/net1.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/net1.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/cmd.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/cmd.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/ftp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ftp.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/scrrun.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/scrrun.dll" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/shell.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shell.dll" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/netstat.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/netstat.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/regedit.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/regedit.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/secedit.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/secedit.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/gpresult.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/gpresult.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/gpupdate.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/gpupdate.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/at.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/at.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/attrib.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/attrib.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/format.com" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/format.com" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/logoff.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/logoff.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/shutdown.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shutdown.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/telnet.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/telnet.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/wscript.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/wscript.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/doskey.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/doskey.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/help.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/help.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/ipconfig.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ipconfig.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/nbtstat.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/nbtstat.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/print.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/print.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/xcopy.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/xcopy.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/edit.com" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/edit.com" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/regedt32.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/regedt32.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/reg.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/reg.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/register.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/register.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/replace.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/replace.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/nwscript.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/nwscript.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/share.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/share.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/ping.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ping.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/ipsec6.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ipsec6.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/netsh.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/netsh.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/debug.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/debug.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/route.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/route.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/tracert.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/tracert.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/powercfg.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/powercfg.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/nslookup.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/nslookup.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/arp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/arp.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/rsh.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/rsh.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/netdde.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/netdde.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/mshta.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/mshta.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/mountvol.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/mountvol.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/tftp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/tftp.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/setx.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/setx.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/find.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/find.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/finger.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/finger.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/where.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/where.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/regsvr32.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/regsvr32.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/cacls.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/cacls.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/sc.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/sc.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/shadow.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shadow.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/runas.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/runas.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshom.ocx" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshom.ocx" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshext.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshext.dll" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/shell32.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shell32.dll" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/zipfldr.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/zipfldr.dll" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/PCHealth/HelpCtr/Binaries/msconfig.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/PCHealth/HelpCtr/Binaries/msconfig.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/notepad.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/notepad.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/regedit.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/regedit.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/winhelp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/winhelp.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/winhlp32.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/winhlp32.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/notepad.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/notepad.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/edlin.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/edlin.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/posix.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/posix.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/atsvc.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/atsvc.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/qbasic.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/qbasic.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/runonce.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/runonce.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/syskey.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/syskey.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/cscript.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/cscript.exe" /D Guests:F /E
Echo 给系统危险文件设置权限设定完毕! 现在自动转入下一步继续执行......
CLS
Echo 正在给系统危险文件夹设置权限,请稍等......
Rem 删除C盘所有的Everone权限
cd/
cscript.exe xcacls.vbs "%SystemDrive%" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemRoot%" /r "Everyone" /e
@REM "cscript.exe xcacls.vbs "%SystemRoot%/Registration" /r "Everyone" /e " 这个不能去Everyone权限
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Inetpub/aspnet_client" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /r "Everyone" /e
Rem 删除C盘所有的CREATOR OWNER权限
cd/
cscript.exe xcacls.vbs "%SystemRoot%" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/repair" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/WindowsUpdate" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data" /r "CREATOR OWNER" /e
Rem 删除C盘所有的Power Users权限
cd/
cscript.exe xcacls.vbs "%SystemRoot%" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/repair" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/WindowsUpdate" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /r "Power Users" /e
Rem 删除C盘所有的TERMINAL SERVER USER权限
cd/
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "TERMINAL SERVER USER" /e
Rem 添加Guests组拒绝权限[IUSR_XXX或某个虚拟主机用户组禁止列目录,可有效防止FSO类木马]
cd/
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/repair" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/inetsrv" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/inetsrv/MetaBack" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/inetsrv/ASP Compiled Templates" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/IIS Temporary Compressed Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/Microsoft.NET/Framework/v1.1.4322/Temporary ASP.NET Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/Microsoft.NET/Framework/v2.0.50727/Temporary ASP.NET Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/DSS/achineKeys" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/RSA/MachineKeys" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /D Guests:1;1 /E
Rem 删除C盘的所有的users的访问权限
cd/
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/addins" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/AppPatch" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Connection Wizard" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Debug" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Driver Cache" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Help" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/IIS Temporary Compressed Files" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/java" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/msagent" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/mui" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/repair" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Resources" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/security" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/TAPI" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/twain_32" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Web" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/3com_dmi" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/administration" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/Cache" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/CatRoot2" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/Com" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/dhcp" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/drivers" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/export" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/icsxml" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/lls" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/LogFiles" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/MicrosoftPassport" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/mui" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/oobe" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/ShellExt" /r "users" /e
@Rem cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "users" /e 这里影响.NET程序的正常运行,所以去掉!
相关文章
本文主要介绍使用 at 和 schtasks 两个命令实现常见任务计划的增删查改等操作,需要的朋友可以参考下2022-10-10
copy 将一个或多个文件从一个位置复制到其他位置...2007-09-09
收集21个DOS常用命令...2007-09-09
枚举显示批处理bat...2007-08-08
WinXP自动开机登陆WoW bat实现...2006-11-11
这篇文章主要介绍了bat/cmd批处理连接SqlServer数据库查询脚本,需要的朋友可以参考下2015-04-04
一直用bat实现部分功能,对于我们仍需要控制是否满意我们的要求,下面是if帮助文档,方便查询2008-05-05
本文主要介绍了windows CMD生成文件夹树状图tree命令的使用,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧2022-07-07
dos命令行中cd命令用法,需要的朋友可以参考下2012-06-06
在CMD命令行下修改Windows注册表方法及Hiv技术,注册表regedit的未公开的参数的可以在cmd下使用2012-06-06
最新评论