首页>操作系统>dos批处理>服务器 安全设置 批处理分享
回复
« 返回列表
灯火互联
灯火互联
管理员
管理员
  • 注册日期2011-07-27
  • 发帖数41778
  • QQ
  • 火币41290枚
  • 粉丝1086
  • 关注100
写私信 打招呼
  • 终身成就奖
  • 最爱沙发
  • 忠实会员
  • 灌水天才奖
  • 贴图大师奖
  • 原创先锋奖
  • 特殊贡献奖
  • 宣传大使奖
  • 优秀斑竹奖
  • 社区明星
阅读:2501回复:0

服务器 安全设置 批处理分享

楼主#
更多 发布于:2013-06-03 11:37
第一个比较全,推荐使用第一个
复制代码 代码如下: 

@ECHO OFF 
CLS 
TITLE SERVER SAFE SETUP PRO 
COLOR 0A 
echo y|cacls.exe C:\ /p Administrators:f system:f "network service":r 
echo y|cacls.exe D:\ /p Administrators:f system:f servU:f "network service":r 
echo y|cacls.exe E:\ /p Administrators:f system:f servU:f "network service":r 
echo y|cacls.exe "C:\Program Files" /t /p Administrators:f system:f everyone:r 
echo y|cacls.exe "C:\Program Files\Common Files" /t /g Administrators:f system:f everyone:r 
echo y|cacls.exe c:\windows /p Administrators:f system:f 
echo y|cacls.exe c:\windows\system32 /p Administrators:f system:f 
echo y|cacls.exe C:\WINDOWS\system32\inetsrv /p Administrators:f system:f everyone:r 
echo y|cacls.exe "C:\Documents and Settings" /p Administrators:f system:f 
echo y|cacls.exe "C:\Documents and Settings\All Users" /t /p Administrator:f system:f everyone:r 
echo y|cacls.exe c:\windows\temp /p everyone:f 
echo y|cacls.exe %systemroot%\system32\shell32.dll /p Administrators:f 
echo y|cacls.exe %systemroot%\system32\wshom.ocx /p Administrators:f 
echo y|cacls.exe c:\windows\system32\*.exe /p Administrators:f system:f 
echo y|cacls.exe "c:\Documents and Settings\All Users" /e /g everyone:r 
echo y|cacls.exe %systemroot%\system32\svchost.exe /e /g "network service":r 
echo y|cacls.exe %systemroot%\system32\msdtc.exe /e /g "network service":r 
echo y|cacls.exe %windir%\system32\mtxex.dll /e /g everyone:r 
echo y|cacls.exe c:\windows\system32\cmd.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\net.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\net1.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\sc.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\at.exe /p Administrator:f 
echo y|cacls.exe %windir%\system32\dllhost.exe /e /g everyone:r 
echo y|cacls.exe c:\windows\system32\netsh.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\net.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\cacls.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\cmdkey.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\ftp.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\tftp.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\reg.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\regedt32.exe /p Administrator:f 
echo y|cacls.exe c:\windows\system32\regini.exe /p Administrator:f 
echo y|cacls.exe %windir%\assembly /e /t /g "network service":r 
echo y|cacls.exe %windir%\Microsoft.NET /e /t /g everyone:r 
echo y|cacls.exe "%windir%\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /g everyone:f 
echo y|cacls.exe %windir%\system32\mscoree.dll /e /g everyone:r 
echo y|cacls.exe %windir%\system32\ws03res.dll /e /g everyone:r 
echo y|cacls.exe %windir%\system32\msxml*.dll /e /g everyone:r 
echo y|cacls.exe C:\WINDOWS\system32\urlmon.dll /e /g everyone:r 
echo y|cacls.exe C:\WINDOWS\system32\mlang.dll /e /g everyone:r 
echo y|cacls.exe C:\WINDOWS\system32\TAPI32.dll /e /g everyone:r 
echo y|cacls.exe C:\WINDOWS\system32\WININET.dll /e /g everyone:r 
cacls c:\windows\assembly /e /t /p "network service":r 
cacls c:\windows\Microsoft.NET /e /t /p "network service":r 
cacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /p "network service":f 
cacls C:\WINDOWS\system32\mscoree.dll /e /g everyone:r 
cacls C:\WINDOWS\system32\ws03res.dll /e /g everyone:r 
cacls c:\WINDOWS /e /g "network service":r 
if exist c:\windows cacls c:\windows /e /g "network service":r 
cacls c:\windows\Microsoft.NET /e /t /p "network service":r 
cacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /p "network service":f 
cacls "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /e /t /p "network service":f 
cacls c:\windows\system32 /e /g "network service":r 
cacls c:\windows\system32\rasapi32.dll /e /g "network service":r 
echo y|cacls.exe C:\WINDOWS\system32\inetsrv\adsiis.dll /p Administrators:f autosystem:f 
echo y|cacls.exe C:\WINDOWS\system32\inetsrv\iisadmpwd /p Administrators:f autosystem:f 
echo y|cacls.exe C:\WINDOWS\system32\inetsrv\MetaBack /p Administrators:f autosystem:f 
cacls C":\Program Files\Serv-U" /e /g "servu":f 
cacls d:\wwwroot /e /g servU:f 
echo 以上设置服务器目录权限 
 
net stop Browser 
sc config Browser start= disabled 
net stop lanmanserver 
sc config lanmanserver start= disabled 
net share c$ /delete 
net share d$ /delete 
net share e$ /delete 
net share f$ /delete 
net share admin$ /delete 
net share ipc$ /delete 
echo 以上删除默认共享,设置服务项 
echo .. delshare.reg ....... 
echo Windows Registry Editor Version 5.00> c:\delshare.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:\delshare.reg 
echo "AutoShareWks"=dword:00000000>> c:\delshare.reg 
echo "AutoShareServer"=dword:00000000>> c:\delshare.reg 
echo .. delshare.reg ..... 
regedit /s c:\delshare.reg 
echo .. delshare.reg .... 
del c:\delshare.reg 
echo . 
echo ........ 
echo . 
echo ========================================================= 
echo . 
echo .....................dos.... 
echo . 
echo ......... 
echo Windows Registry Editor Version 5.00> c:\dosforwin.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>> c:\dosforwin.reg 
echo "EnableICMPRedirect"=dword:00000000>> c:\dosforwin.reg 
echo "DeadGWDetectDefault"=dword:00000001>> c:\dosforwin.reg 
echo "DontAddDefaultGatewayDefault"=dword:00000000>> c:\dosforwin.reg 
echo "EnableSecurityFilters"=dword:00000000">> c:\dosforwin.reg 
echo "AllowUnqualifiedQuery"=dword:00000000>> c:\dosforwin.reg 
echo "PrioritizeRecordData"=dword:00000001>> c:\dosforwin.reg 
echo "ReservedPorts"=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,\>> c:\dosforwin.reg 
echo 00,00,00,00>> c:\dosforwin.reg 
echo "SynAttackProtect"=dword:00000002>> c:\dosforwin.reg 
echo "EnablePMTUDiscovery"=dword:00000000>> c:\dosforwin.reg 
echo "NoNameReleaseOnDemand"=dword:00000001>> c:\dosforwin.reg 
echo "EnableDeadGWDetect"=dword:00000000>> c:\dosforwin.reg 
echo "KeepAliveTime"=dword:00300000>> c:\dosforwin.reg 
echo "PerformRouterDiscovery"=dword:00000000>> c:\dosforwin.reg 
echo "EnableICMPRedirects"=dword:00000000>> c:\dosforwin.reg 
echo . 
echo ========================================================== 
echo .. dosforwin.reg ..... 
regedit /s c:\dosforwin.reg 
echo .. dosforwin.reg .... 
del c:\dosforwin.reg 
echo ============================================================== 
echo . 
echo =============================================================== 
echo ..Remote Registry Service........... 
echo ......... 
echo . 
echo Windows Registry Editor Version 5.00> c:\regedit.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]>> c:\regedit.reg 
echo "Start"=dword:00000004>> c:\regedit.reg 
echo . 
echo .. regedit.reg ..... 
regedit /s c:\regedit.reg 
echo . 
echo ...... 
del c:\regedit.reg 
echo =============================================================== 
echo ..Messenger....... 
echo ......... 
echo Windows Registry Editor Version 5.00> c:\message.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]>> c:\message.reg 
echo "Start"=dword:00000004>> c:\message.reg 
echo . 
echo .. message.reg ..... 
regedit /s c:\message.reg 
echo . 
echo .. message.reg 
del c:\message.reg 
echo =============================================================== 
 
echo =============================================================== 
echo ..lanmanserver....... 
echo ......... 
echo Windows Registry Editor Version 5.00> c:\lanmanserver.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]>> c:\lanmanserver.reg 
echo "Start"=dword:00000004>> c:\lanmanserver.reg 
echo . 
echo .. lanmanserver.reg ..... 
regedit /s c:\lanmanserver.reg 
echo . 
echo .. lanmanserver.reg 
del c:\lanmanserver.reg 
 
echo ============================================================== 
echo ...TCP/IP NetBios Helper Service 
echo ......... 
echo Windows Registry Editor Version 5.00> c:\netbios.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]>> c:\netbios.reg 
echo "Start"=dword:00000004>> c:\netbios.reg 
echo . 
echo .. netbios.reg ..... 
regedit /s c:\netbios.reg 
echo . 
echo .. netbios.reg 
del c:\netbios.reg 
regedit /s forddos.reg


第二个
复制代码 代码如下: 

echo. 
echo ------------------------------------------------------ 
echo. 
echo ........... 
echo. 
net share c$ /delete 
net share d$ /delete 
net share e$ /delete 
net share f$ /delete 
net share admin$ /delete 
net share ipc$ /delete 
net stop Server 
net start Server 
echo. 
echo .......... 
echo. 
echo ------------------------------------------------------ 
echo. 
echo ................. 
echo. 
echo .. delshare.reg ....... 
echo Windows Registry Editor Version 5.00> c:\delshare.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:\delshare.reg 
echo "AutoShareWks"=dword:00000000>> c:\delshare.reg 
echo "AutoShareServer"=dword:00000000>> c:\delshare.reg 
echo .. delshare.reg ..... 
regedit /s c:\delshare.reg 
echo .. delshare.reg .... 
del c:\delshare.reg 
echo . 
echo ........ 
echo . 
echo ========================================================= 
echo . 
echo .....................dos.... 
echo . 
echo ......... 
echo Windows Registry Editor Version 5.00> c:\dosforwin.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>> c:\dosforwin.reg 
echo "EnableICMPRedirect"=dword:00000000>> c:\dosforwin.reg 
echo "DeadGWDetectDefault"=dword:00000001>> c:\dosforwin.reg 
echo "DontAddDefaultGatewayDefault"=dword:00000000>> c:\dosforwin.reg 
echo "EnableSecurityFilters"=dword:00000000">> c:\dosforwin.reg 
echo "AllowUnqualifiedQuery"=dword:00000000>> c:\dosforwin.reg 
echo "PrioritizeRecordData"=dword:00000001>> c:\dosforwin.reg 
echo "ReservedPorts"=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,\>> c:\dosforwin.reg 
echo 00,00,00,00>> c:\dosforwin.reg 
echo "SynAttackProtect"=dword:00000002>> c:\dosforwin.reg 
echo "EnablePMTUDiscovery"=dword:00000000>> c:\dosforwin.reg 
echo "NoNameReleaseOnDemand"=dword:00000001>> c:\dosforwin.reg 
echo "EnableDeadGWDetect"=dword:00000000>> c:\dosforwin.reg 
echo "KeepAliveTime"=dword:00300000>> c:\dosforwin.reg 
echo "PerformRouterDiscovery"=dword:00000000>> c:\dosforwin.reg 
echo "EnableICMPRedirects"=dword:00000000>> c:\dosforwin.reg 
echo ....... 
echo ========================================================== 
echo .. dosforwin.reg ..... 
regedit /s c:\dosforwin.reg 
echo .. dosforwin.reg .... 
del c:\dosforwin.reg 
echo ============================================================== 
echo . 
echo ..........(......................). 
echo . 
echo ..telnet,......telnet. 
echo .......... 
echo Windows Registry Editor Version 5.00> c:\telnet.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]>> c:\telnet.reg 
echo "Start"=dword:00000004>> c:\telnet.reg 
echo . 
echo .. telnet.reg ..... 
regedit /s c:\telnet.reg 
echo . 
echo .. telnet.reg .... 
del c:\telnet.reg 
echo . 
echo =============================================================== 
echo ..Remote Registry Service........... 
echo ......... 
echo . 
echo Windows Registry Editor Version 5.00> c:\regedit.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]>> c:\regedit.reg 
echo "Start"=dword:00000004>> c:\regedit.reg 
echo . 
echo .. regedit.reg ..... 
regedit /s c:\regedit.reg 
echo . 
echo ...... 
del c:\regedit.reg 
echo =============================================================== 
echo ..Messenger....... 
echo ......... 
echo Windows Registry Editor Version 5.00> c:\message.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]>> c:\message.reg 
echo "Start"=dword:00000004>> c:\message.reg 
echo . 
echo .. message.reg ..... 
regedit /s c:\message.reg 
echo . 
echo .. message.reg 
del c:\message.reg 
=============================================================== 
echo ..Telephony...... 
echo .... 
echo Windows Registry Editor Version 5.00> c:\Telephony.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv]>> c:\Telephony.reg 
echo "Start"=dword:00000004>> c:\Telephony.reg 
echo . 
echo .. Telephony.reg 
regedit /s c:\Telephony.reg 
del c:\Telephony.reg 
echo ============================================================== 
echo ...TCP/IP NetBIOS Helper Service 
echo ......... 
echo Windows Registry Editor Version 5.00> c:\netbios.reg 
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]>> c:\netbios.reg 
echo "Start"=dword:00000004>> c:\netbios.reg 
echo . 
echo .. netbios.reg ..... 
regedit /s c:\netbios.reg 
echo . 
echo .. netbios.reg 
del c:\netbios.reg 
echo =============================================================== 
echo =============================================================== 
echo powered by 冬虫草 
echo sleepboy82@hotmail.com 
echo Jooline Services Set 
goto :END
喜欢0 评分0
淘宝天猫隐藏优惠券地址
回复
游客

Powered by atcpu.com ©2008-2021

灯火互联网 蜀ICP备13028548号

手机认证个人空间个人相册音乐电台音乐畅听网站终身会员手机吉凶在线YY百宝箱
返回顶部