当前位置：移动技术网 > IT编程>网络>Dos/Bat > 服务器安全设置批处理

服务器安全设置批处理

2017年12月12日 | 移动技术网IT编程 | 我要评论

第一个比较全，推荐使用第一个

@echo off 
cls 
title server safe setup pro 
color 0a 
echo y|cacls.exe c:\ /p administrators:f system:f "network service":r 
echo y|cacls.exe d:\ /p administrators:f system:f servu:f "network service":r 
echo y|cacls.exe e:\ /p administrators:f system:f servu:f "network service":r 
echo y|cacls.exe "c:\program files" /t /p administrators:f system:f everyone:r 
echo y|cacls.exe "c:\program files\common files" /t /g administrators:f system:f everyone:r 
echo y|cacls.exe c:\windows /p administrators:f system:f 
echo y|cacls.exe c:\windows\system32 /p administrators:f system:f 
echo y|cacls.exe c:\windows\system32\inetsrv /p administrators:f system:f everyone:r 
echo y|cacls.exe "c:\documents and settings" /p administrators:f system:f 
echo y|cacls.exe "c:\documents and settings\all users" /t /p administrator:f system:f everyone:r 
echo y|cacls.exe c:\windows\temp /p everyone:f 
echo y|cacls.exe %systemroot%\system32\shell32.dll /p administrators:f 
echo y|cacls.exe %systemroot%\system32\wshom.ocx /p administrators:f 
echo y|cacls.exe c:\windows\system32\*.exe /p administrators:f system:f 
echo y|cacls.exe "c:\documents and settings\all users" /e /g everyone:r 
echo y|cacls.exe %systemroot%\system32\svchost.exe /e /g "network service":r 
echo y|cacls.exe %systemroot%\system32\msdtc.exe /e /g "network service":r 
echo y|cacls.exe %windir%\system32\mtxex.dll /e /g everyone:r 
echo y|cacls.exe c:\windows\system32\cmd.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\net.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\net1.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\sc.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\at.exe /p administrator:f 
echo y|cacls.exe %windir%\system32\dllhost.exe /e /g everyone:r 
echo y|cacls.exe c:\windows\system32\netsh.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\net.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\cacls.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\cmdkey.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\ftp.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\tftp.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\reg.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\regedt32.exe /p administrator:f 
echo y|cacls.exe c:\windows\system32\regini.exe /p administrator:f 
echo y|cacls.exe %windir%\assembly /e /t /g "network service":r 
echo y|cacls.exe %windir%\microsoft.net /e /t /g everyone:r 
echo y|cacls.exe "%windir%\microsoft.net\framework\v1.1.4322\temporary asp.net files" /e /t /g everyone:f 
echo y|cacls.exe %windir%\system32\mscoree.dll /e /g everyone:r 
echo y|cacls.exe %windir%\system32\ws03res.dll /e /g everyone:r 
echo y|cacls.exe %windir%\system32\msxml*.dll /e /g everyone:r 
echo y|cacls.exe c:\windows\system32\urlmon.dll /e /g everyone:r 
echo y|cacls.exe c:\windows\system32\mlang.dll /e /g everyone:r 
echo y|cacls.exe c:\windows\system32\tapi32.dll /e /g everyone:r 
echo y|cacls.exe c:\windows\system32\wininet.dll /e /g everyone:r 
cacls c:\windows\assembly /e /t /p "network service":r 
cacls c:\windows\microsoft.net /e /t /p "network service":r 
cacls "c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files" /e /t /p "network service":f 
cacls c:\windows\system32\mscoree.dll /e /g everyone:r 
cacls c:\windows\system32\ws03res.dll /e /g everyone:r 
cacls c:\windows /e /g "network service":r 
if exist c:\windows cacls c:\windows /e /g "network service":r 
cacls c:\windows\microsoft.net /e /t /p "network service":r 
cacls "c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files" /e /t /p "network service":f 
cacls "c:\windows\microsoft.net\framework\v2.0.50727\temporary asp.net files" /e /t /p "network service":f 
cacls c:\windows\system32 /e /g "network service":r 
cacls c:\windows\system32\rasapi32.dll /e /g "network service":r 
echo y|cacls.exe c:\windows\system32\inetsrv\adsiis.dll /p administrators:f autosystem:f 
echo y|cacls.exe c:\windows\system32\inetsrv\iisadmpwd /p administrators:f autosystem:f 
echo y|cacls.exe c:\windows\system32\inetsrv\metaback /p administrators:f autosystem:f 
cacls c":\program files\serv-u" /e /g "servu":f 
cacls d:\wwwroot /e /g servu:f 
echo 以上设置服务器目录权限 

net stop browser 
sc config browser start= disabled 
net stop lanmanserver 
sc config lanmanserver start= disabled 
net share c$ /delete 
net share d$ /delete 
net share e$ /delete 
net share f$ /delete 
net share admin$ /delete 
net share ipc$ /delete 
echo 以上删除默认共享，设置服务项 
echo .. delshare.reg ....... 
echo windows registry editor version 5.00> c:\delshare.reg 
echo [hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters]>> c:\delshare.reg 
echo "autosharewks"=dword:00000000>> c:\delshare.reg 
echo "autoshareserver"=dword:00000000>> c:\delshare.reg 
echo .. delshare.reg ..... 
regedit /s c:\delshare.reg 
echo .. delshare.reg .... 
del c:\delshare.reg 
echo . 
echo ........ 
echo . 
echo ========================================================= 
echo . 
echo .....................dos.... 
echo . 
echo ......... 
echo windows registry editor version 5.00> c:\dosforwin.reg 
echo [hkey_local_machine\system\currentcontrolset\services\tcpip\parameters]>> c:\dosforwin.reg 
echo "enableicmpredirect"=dword:00000000>> c:\dosforwin.reg 
echo "deadgwdetectdefault"=dword:00000001>> c:\dosforwin.reg 
echo "dontadddefaultgatewaydefault"=dword:00000000>> c:\dosforwin.reg 
echo "enablesecurityfilters"=dword:00000000">> c:\dosforwin.reg 
echo "allowunqualifiedquery"=dword:00000000>> c:\dosforwin.reg 
echo "prioritizerecorddata"=dword:00000001>> c:\dosforwin.reg 
echo "reservedports"=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,\>> c:\dosforwin.reg 
echo 00,00,00,00>> c:\dosforwin.reg 
echo "synattackprotect"=dword:00000002>> c:\dosforwin.reg 
echo "enablepmtudiscovery"=dword:00000000>> c:\dosforwin.reg 
echo "nonamereleaseondemand"=dword:00000001>> c:\dosforwin.reg 
echo "enabledeadgwdetect"=dword:00000000>> c:\dosforwin.reg 
echo "keepalivetime"=dword:00300000>> c:\dosforwin.reg 
echo "performrouterdiscovery"=dword:00000000>> c:\dosforwin.reg 
echo "enableicmpredirects"=dword:00000000>> c:\dosforwin.reg 
echo . 
echo ========================================================== 
echo .. dosforwin.reg ..... 
regedit /s c:\dosforwin.reg 
echo .. dosforwin.reg .... 
del c:\dosforwin.reg 
echo ============================================================== 
echo . 
echo =============================================================== 
echo ..remote registry service........... 
echo ......... 
echo . 
echo windows registry editor version 5.00> c:\regedit.reg 
echo [hkey_local_machine\system\currentcontrolset\services\remoteregistry]>> c:\regedit.reg 
echo "start"=dword:00000004>> c:\regedit.reg 
echo . 
echo .. regedit.reg ..... 
regedit /s c:\regedit.reg 
echo . 
echo ...... 
del c:\regedit.reg 
echo =============================================================== 
echo ..messenger....... 
echo ......... 
echo windows registry editor version 5.00> c:\message.reg 
echo [hkey_local_machine\system\currentcontrolset\services\messenger]>> c:\message.reg 
echo "start"=dword:00000004>> c:\message.reg 
echo . 
echo .. message.reg ..... 
regedit /s c:\message.reg 
echo . 
echo .. message.reg 
del c:\message.reg 
echo =============================================================== 

echo =============================================================== 
echo ..lanmanserver....... 
echo ......... 
echo windows registry editor version 5.00> c:\lanmanserver.reg 
echo [hkey_local_machine\system\currentcontrolset\services\lanmanserver]>> c:\lanmanserver.reg 
echo "start"=dword:00000004>> c:\lanmanserver.reg 
echo . 
echo .. lanmanserver.reg ..... 
regedit /s c:\lanmanserver.reg 
echo . 
echo .. lanmanserver.reg 
del c:\lanmanserver.reg 

echo ============================================================== 
echo ...tcp/ip netbios helper service 
echo ......... 
echo windows registry editor version 5.00> c:\netbios.reg 
echo [hkey_local_machine\system\currentcontrolset\services\lmhosts]>> c:\netbios.reg 
echo "start"=dword:00000004>> c:\netbios.reg 
echo . 
echo .. netbios.reg ..... 
regedit /s c:\netbios.reg 
echo . 
echo .. netbios.reg 
del c:\netbios.reg 
regedit /s forddos.reg 

第二个

复制代码代码如下:

echo. 
echo ------------------------------------------------------ 
echo. 
echo ........... 
echo. 
net share c$ /delete 
net share d$ /delete 
net share e$ /delete 
net share f$ /delete 
net share admin$ /delete 
net share ipc$ /delete 
net stop server 
net start server 
echo. 
echo .......... 
echo. 
echo ------------------------------------------------------ 
echo. 
echo ................. 
echo. 
echo .. delshare.reg ....... 
echo windows registry editor version 5.00> c:\delshare.reg 
echo [hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters]>> c:\delshare.reg 
echo "autosharewks"=dword:00000000>> c:\delshare.reg 
echo "autoshareserver"=dword:00000000>> c:\delshare.reg 
echo .. delshare.reg ..... 
regedit /s c:\delshare.reg 
echo .. delshare.reg .... 
del c:\delshare.reg 
echo . 
echo ........ 
echo . 
echo ========================================================= 
echo . 
echo .....................dos.... 
echo . 
echo ......... 
echo windows registry editor version 5.00> c:\dosforwin.reg 
echo [hkey_local_machine\system\currentcontrolset\services\tcpip\parameters]>> c:\dosforwin.reg 
echo "enableicmpredirect"=dword:00000000>> c:\dosforwin.reg 
echo "deadgwdetectdefault"=dword:00000001>> c:\dosforwin.reg 
echo "dontadddefaultgatewaydefault"=dword:00000000>> c:\dosforwin.reg 
echo "enablesecurityfilters"=dword:00000000">> c:\dosforwin.reg 
echo "allowunqualifiedquery"=dword:00000000>> c:\dosforwin.reg 
echo "prioritizerecorddata"=dword:00000001>> c:\dosforwin.reg 
echo "reservedports"=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,\>> c:\dosforwin.reg 
echo 00,00,00,00>> c:\dosforwin.reg 
echo "synattackprotect"=dword:00000002>> c:\dosforwin.reg 
echo "enablepmtudiscovery"=dword:00000000>> c:\dosforwin.reg 
echo "nonamereleaseondemand"=dword:00000001>> c:\dosforwin.reg 
echo "enabledeadgwdetect"=dword:00000000>> c:\dosforwin.reg 
echo "keepalivetime"=dword:00300000>> c:\dosforwin.reg 
echo "performrouterdiscovery"=dword:00000000>> c:\dosforwin.reg 
echo "enableicmpredirects"=dword:00000000>> c:\dosforwin.reg 
echo ....... 
echo ========================================================== 
echo .. dosforwin.reg ..... 
regedit /s c:\dosforwin.reg 
echo .. dosforwin.reg .... 
del c:\dosforwin.reg 
echo ============================================================== 
echo . 
echo ..........(......................). 
echo . 
echo ..telnet,......telnet. 
echo .......... 
echo windows registry editor version 5.00> c:\telnet.reg 
echo [hkey_local_machine\system\currentcontrolset\services\tlntsvr]>> c:\telnet.reg 
echo "start"=dword:00000004>> c:\telnet.reg 
echo . 
echo .. telnet.reg ..... 
regedit /s c:\telnet.reg 
echo . 
echo .. telnet.reg .... 
del c:\telnet.reg 
echo . 
echo =============================================================== 
echo ..remote registry service........... 
echo ......... 
echo . 
echo windows registry editor version 5.00> c:\regedit.reg 
echo [hkey_local_machine\system\currentcontrolset\services\remoteregistry]>> c:\regedit.reg 
echo "start"=dword:00000004>> c:\regedit.reg 
echo . 
echo .. regedit.reg ..... 
regedit /s c:\regedit.reg 
echo . 
echo ...... 
del c:\regedit.reg 
echo =============================================================== 
echo ..messenger....... 
echo ......... 
echo windows registry editor version 5.00> c:\message.reg 
echo [hkey_local_machine\system\currentcontrolset\services\messenger]>> c:\message.reg 
echo "start"=dword:00000004>> c:\message.reg 
echo . 
echo .. message.reg ..... 
regedit /s c:\message.reg 
echo . 
echo .. message.reg 
del c:\message.reg 
=============================================================== 
echo ..telephony...... 
echo .... 
echo windows registry editor version 5.00> c:\telephony.reg 
echo [hkey_local_machine\system\currentcontrolset\services\tapisrv]>> c:\telephony.reg 
echo "start"=dword:00000004>> c:\telephony.reg 
echo . 
echo .. telephony.reg 
regedit /s c:\telephony.reg 
del c:\telephony.reg 
echo ============================================================== 
echo ...tcp/ip netbios helper service 
echo ......... 
echo windows registry editor version 5.00> c:\netbios.reg 
echo [hkey_local_machine\system\currentcontrolset\services\lmhosts]>> c:\netbios.reg 
echo "start"=dword:00000004>> c:\netbios.reg 
echo . 
echo .. netbios.reg ..... 
regedit /s c:\netbios.reg 
echo . 
echo .. netbios.reg 
del c:\netbios.reg 
echo =============================================================== 
echo =============================================================== 
echo powered by 冬虫草 
echo sleepboy82@hotmail.com 
echo jooline services set 
goto :end 

上面的文件

您可能感兴趣的文章:

如对本文有疑问，点击进行留言回复！！

批处理ren重命名的方式

批处理之ren命令-可批量修改文件名1.批处理批量修改文件后缀名（假设我需要把一个文件夹中的很多txt文件改为sql文件）： 1）在需要被处理的文件的文件夹里先... [阅读全文]
cmd组合和管道命令的使用方法(命令组合)

1.&usage：第一条命令 & 第二条命令 [& 第三条命令...]用这种方法可以同时执行多条命令，而不管命令是否执行成功sample... [阅读全文]
Windows cmd命令行输入输出重定向问题

最近学校的网比较搓，dns天天挂，出口带宽天天堵，nat后的总出口带宽也才4mb/s(来源：360测速)，唉，不亲身体会鬼才知道一堆人共享这个带宽是什么感觉。废... [阅读全文]
cmd下过滤文件名称的两种方法

管道方法d:\users\wangke351\desktop\移交脚本\sr_469931_05>dir /b /w | find “lifedata”f... [阅读全文]
DOS命令行下使用HaoZip进行文件压缩的方法

dos命令，计算机术语，是指dos操作系统的命令，是一种面向磁盘的操作命令，主要包括目录操作类命令、磁盘操作类命令、文件操作类命令和其它命令。大家常用的操作系统... [阅读全文]
经常用的DOS命令大全(经典收藏)

dos命令，计算机术语，是指dos操作系统的命令，是一种面向磁盘的操作命令，主要包括目录操作类命令、磁盘操作类命令、文件操作类命令和其它命令。大家常用的操作系统... [阅读全文]
dos之net创建管理员用户的实现

1、dos命令中net命令常用创建用户下面这段代码是用来创建一个管理员用户代码： net users admin 4869 ... [阅读全文]
批处理闪退、运行中断等问题的处理方法

因为我只会一些批处理代码，所以我的“局域网共享一键修复”等软件就都做成了批处理程序（后缀名为.bat）供大家使用。有些网友反馈：右键运行批处理，... [阅读全文]
bat 批量提取指定目录下的文件名

下面是批量获取指定目录下的文件名的核心代码 @echo off echo text input set input= set... [阅读全文]
批处理(bat)获取指定目录下的所有文件列表

判断输入路径是不是文件夹，如果是，则获取文件夹下的所有文件名(包括子文件夹下的) 如果要文件名带上路径，则需要在dir这一句的%%~nxi上作... [阅读全文]

网友评论


验证码：

服务器 安全设置 批处理

2017年12月12日 | 移动技术网IT编程 | 我要评论

您可能感兴趣的文章:

相关文章:

网友评论

服务器安全设置批处理