windows 2003 自动安全设置

@echo off
echo.
echo.
echo.
echo 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
echo.
echo.
echo windows 2003 自动安全设置程序
echo.
echo "为走过的路做纪念,希望你能记得"
echo.
echo 注: 不要放在根目录执行
echo *请用名为administrator的账号运行
echo. *执行完成后只能用超级管理员登陆*
echo.
echo.
echo.
echo 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
pause
cls

echo.
echo.
echo.
echo 内容包括:
echo 更改GUTEST和SUPPORT_388945a0的密码
echo 注消危险组件
echo 取消显示上次登陆用户名
echo 防御TELNET登陆
echo 限制一些险的端口的访问,如135,137,138,139,445
echo 限制RADMIN应用
echo 防御密码记录工具NTPass及类似
echo 关闭一些不常用的服务
echo 优化系统和优化组策略安全
echo 设置超级管理员账号并限制只有这个账号能远程
echo 加强DDOS防御能力
echo 禁用cmd
echo 删除SQL2000危险的存储过程
echo 系统磁盘盘权限设定
echo WEB权限安全设置
echo 系统垃圾清理
echo.
echo.
echo.

cls
echo .
echo ---------------------------------------------------
echo 请先替操作系统打上所有更新补丁!特别是SP2这样的
echo 安全设置后打有可能会打不上,请注意
echo ---------------------------------------------------
echo .
pause
set lb=%cd%

cls
echo .
echo ---------------------------------------------------
echo 是否要更改GUTEST和SUPPORT_388945a0的密码
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要更改请按 Y,否请按 N。"
if %errorlevel% equ 2 goto firstgo
net user guest SDFse7%6$3
net user SUPPORT_388945a0 [email protected]#!hao(^$875
:firstgo

cls
echo .
echo ---------------------------------------------------
echo 是否要注消危险组件
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要注消请按 Y,否请按 N。"
if %errorlevel% equ 2 goto secgo
regsvr32 /u /s %SystemRoot%\System32\wshom.ocx
regsvr32 /u /s %SystemRoot%\system32\shell32.dll
regsvr32 /u /s %SystemRoot%\system32\npptools.dll
reg copy "HKEY_CLASSES_ROOT\Shell.Application" "HKEY_CLASSES_ROOT\Shell.Application_sfqas" /s /f
reg delete "HKEY_CLASSES_ROOT\Shell.Application" /f
reg delete "HKEY_CLASSES_ROOT\Shell.Application_sfqas\CLSID" /f
reg add HKEY_CLASSES_ROOT\Shell.Application_sfqas\CLSID /v (默认) /t REG_SZ /d
reg copy "HKEY_CLASSES_ROOT\Shell.Application.1" "HKEY_CLASSES_ROOT\Shell.Application.1_sfqas" /s /f
reg delete "HKEY_CLASSES_ROOT\Shell.Application.1" /f
reg delete "HKEY_CLASSES_ROOT\Shell.Application.1_sfqas\CLSID" /f
reg add HKEY_CLASSES_ROOT\Shell.Application.1_sfqas\CLSID /v (默认) /t REG_SZ /d
:secgo

cls
echo .
echo ---------------------------------------------------
echo 是否取消显示上次登陆用户名
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要取消请按 Y,否请按 N。"
if %errorlevel% equ 2 goto thirdgo
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DontDisplayLastUserName /t reg_dword /d 00000001 /f
:thirdgo

cls
echo .
echo ---------------------------------------------------
echo 是否防御TELNET登陆
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要防御请按 Y,否请按 N。"
if %errorlevel% equ 2 goto sixgo
echo exit>>%SystemRoot%\system32\login.cmd
:sixgo

cls
echo .
echo ---------------------------------------------------
echo 是否限制一些险的端口的访问,如135,137,138,139,
echo 445,593,1025,2745,3127,4489,6129
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要限制请按 Y,否请按 N。"
if %errorlevel% equ 2 goto sevengo
echo 名字为sfqas的安全策略
netsh ipsec static add policy name=sfqas的安全策略
netsh ipsec static add filterlist name=允许列表
netsh ipsec static add filterlist name=拒绝列表
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=135
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=137
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=138
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=139
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=445
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=593
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=1025
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=2745
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=3127
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=4489
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp mirrored=yes dstport=6129
netsh ipsec static add filteraction name=充许 action=permit
netsh ipsec static add filteraction name=拒绝 action=block
netsh ipsec static add rule name=拒绝规则 policy=sfqas的安全策略 filterlist=拒绝列表 filteraction=拒绝
netsh ipsec static set policy name=sfqas的安全策略 assign=y
:sevengo

cls
echo .
echo ---------------------------------------------------
echo 是否限制RADMIN应用
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要限制请按 Y,否请按 N。"
if %errorlevel% equ 2 goto eightgo
if exist %SystemRoot%\system32\r_server.exe echo " 如果有RADMIM,删除"
r_server.exe /stop
r_server /uninstall /silence
del %SystemRoot%\system32\r_server.exe
del %SystemRoot%\system32\admdll.dll
del %SystemRoot%\system32\radbrv.dll
:eightgo

cls
echo .
echo ---------------------------------------------------
echo 是否防御密码记录工具NTPass及类似
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要防御请按 Y,否请按 N。"
if %errorlevel% equ 2 goto ninego
if exist %SystemRoot%\system32\ntpass.dll ehco "如果有密码记录器NTPass,删除"
echo you are a bitch>%systemroot%\system32\eulagold.txt
rundll32 NTPass.dll,Remove
echo y| cacls %SystemRoot%/system32/eulagold.txt /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/eulagold.txt /t /e /c /r administrators
echo y| cacls %SystemRoot%/system32/eulagold.txt /e /d service /c
echo y| cacls %SystemRoot%/system32/eulagold.txt /e /d batch /c
echo y| cacls %SystemRoot%/system32/eulagold.txt /e /d interactive /c
echo y| cacls %SystemRoot%/system32/eulagold.txt /e /d system /c
echo y| cacls %SystemRoot%/system32/eulagold.txt /e /d users /c
attrib +R +A +S +H %SystemRoot%/system32/eulagold.txt
if exist %SystemRoot%\system32\GinaPwd.txt ehco "如果有密码记录器GinaPwd,删除"
echo you are a bitch>%systemroot%\system32\GinaPwd.txt
echo y| cacls %SystemRoot%/system32/GinaPwd.txt /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/GinaPwd.txt /t /e /c /r administrators
echo y| cacls %SystemRoot%/system32/GinaPwd.txt /e /d service /c
echo y| cacls %SystemRoot%/system32/GinaPwd.txt /e /d batch /c
echo y| cacls %SystemRoot%/system32/GinaPwd.txt /e /d interactive /c
echo y| cacls %SystemRoot%/system32/GinaPwd.txt /e /d system /c
echo y| cacls %SystemRoot%/system32/GinaPwd.txt /e /d users /c
attrib +R +A +S +H %SystemRoot%/system32/GinaPwd.txt
:ninego

cls
echo .
echo ---------------------------------------------------
echo 是否关闭一些不常用的服务
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要关闭请按 Y,否请按 N。"
if %errorlevel% equ 2 goto eightgo
sc config Alerter start= disabled
sc stop Alerter
sc config dfs start= demand
sc stop Browser
sc config messenger start= disabled
sc stop messenger
sc config tlntsvr start= disabled
sc stop tlntsvr
sc config Browser start= DISABLED
sc stop Browser
sc config Spooler start= DISABLED
sc stop Spooler
sc config RemoteRegistry start= DISABLED
sc stop RemoteRegistry
sc config lanmanserver start= DISABLED
sc stop lanmanserver
sc config LmHosts start= DISABLED
sc stop LmHosts
sc config WZCSVC start= DISABLED
sc stop WZCSVC
sc config lanmanworkstation start= DISABLED
sc stop lanmanworkstation
sc config SysmonLog start= disabled
:eightgo

cls
echo .
echo ---------------------------------------------------
echo 是否优化系统和优化组策略安全
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要优化请,*(注意优化后只能用超级管理员登陆)按 Y,否请按 N。"
if %errorlevel% equ 2 goto tengo
echo 优化系统
reg add "HKCU\Control Panel\Desktop" /v AutoEndTasks /t REG_DWORD /d 1 /f
reg add "HKCU\Control Panel\Desktop" /v HungAppTimeout /d 50 /f
reg add "HKCU\Control Panel\Desktop" /v WaitToKillAppTimeout /d 200 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v EnablePrefetcher /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug" /v Auto /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v SFCDisable /t REG_DWORD /d 4294967197 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MaxConnectionsPer1_0Server /t REG_DWORD /d 8 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MaxConnectionsPerServer /t REG_DWORD /d 8 /f
reg add HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer /v Link /t REG_BINARY /d 00000000 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoLowDiskSpaceChecks /t REG_DWORD /d 1 /f
reg add HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v ConfigFileAllocSize /t REG_DWORD /d 500 /f
reg add HKCU\Console /v LoadConIme /t REG_DWORD /d 0 /f
reg add HKLM\SYSTEM\ControlSet001\Control\CrashControl /v AutoReboot /t REG_DWORD /d 1 /f
reg add HKLM\SYSTEM\ControlSet001\Control\CrashControl /v CrashDumpEnabled /t REG_DWORD /d 0 /f
reg add HKLM\SYSTEM\ControlSet001\Control\CrashControl /v DumpFile /t REG_EXPAND_SZ /d %SystemRoot%\MEMORY.DMP /f
reg add HKLM\SYSTEM\ControlSet001\Control\CrashControl /v LogEvent /t REG_DWORD /d 0 /f
reg add HKLM\SYSTEM\ControlSet001\Control\CrashControl /v MinidumpDir /t REG_EXPAND_SZ /d %SystemRoot%\Minidump /f
reg add HKLM\SYSTEM\ControlSet001\Control\CrashControl /v Overwrite /t REG_DWORD /d 1 /f
reg add HKLM\SYSTEM\ControlSet001\Control\CrashControl /v SendAlert /t REG_DWORD /d 0 /f
reg add HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting /v DoReport /t REG_DWORD /d 0 /f
reg add HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting /v ShowUI /t REG_DWORD /d 0 /f
echo 优化组策略安全
cd /d %lb%

echo [Unicode] >sfqas.inf
echo Unicode=yes >>sfqas.inf
echo [System Access] >>sfqas.inf
echo MinimumPasswordAge = 2 >>sfqas.inf
echo MaximumPasswordAge = 42 >>sfqas.inf
echo MinimumPasswordLength = 0 >>sfqas.inf
echo PasswordComplexity = 0 >>sfqas.inf
echo PasswordHistorySize = 24 >>sfqas.inf
echo LockoutBadCount = 5 >>sfqas.inf
echo ResetLockoutCount = 3 >>sfqas.inf
echo LockoutDuration = 3 >>sfqas.inf
echo RequireLogonToChangePassword = 0 >>sfqas.inf
echo ForceLogoffWhenHourExpire = 0 >>sfqas.inf
echo NewGuestName = "MyGuestOne" >>sfqas.inf
echo ClearTextPassword = 0 >>sfqas.inf
echo LSAAnonymousNameLookup = 0 >>sfqas.inf
echo EnableAdminAccount = 1 >>sfqas.inf
echo EnableGuestAccount = 0 >>sfqas.inf
echo [Event Audit] >>sfqas.inf
echo AuditSystemEvents = 3 >>sfqas.inf
echo AuditLogonEvents = 3 >>sfqas.inf
echo AuditObjectAccess = 0 >>sfqas.inf
echo AuditPrivilegeUse = 3 >>sfqas.inf
echo AuditPolicyChange = 3 >>sfqas.inf
echo AuditAccountManage = 3 >>sfqas.inf
echo AuditProcessTracking = 0 >>sfqas.inf
echo AuditDSAccess = 0 >>sfqas.inf
echo AuditAccountLogon = 3 >>sfqas.inf
echo [Registry Values] >>sfqas.inf
echo MACHINE\Software\Microsoft\Driver Signing\Policy=3,1 >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0 >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0 >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms=1,"0" >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,"0" >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies=1,"0" >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,"10" >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,1 >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14 >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,"0" >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0 >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1 >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7, >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption=4,0 >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0 >>sfqas.inf
echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,0 >>sfqas.inf
echo MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,5 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine=7, >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine=7, >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional=7,Posix >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes=7, >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares=7, >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,0 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1 >>sfqas.inf
echo MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1 >>sfqas.inf
echo [Privilege Rights] >>sfqas.inf
echo SeNetworkLogonRight = IUSR_%COMPUTERNAME%,IWAM_%COMPUTERNAME%,ASPNET,Guests,everyone >>sfqas.inf
echo SeRemoteShutdownPrivilege = Administrators >>sfqas.inf
echo SeIncreaseBasePriorityPrivilege = Administrators >>sfqas.inf
echo SeLoadDriverPrivilege = administrator >>sfqas.inf
echo SeSecurityPrivilege = Administrators >>sfqas.inf
echo SeSystemEnvironmentPrivilege = Administrators >>sfqas.inf
echo SeSystemProfilePrivilege = Administrators >>sfqas.inf
echo SeTakeOwnershipPrivilege = Administrators >>sfqas.inf
echo SeDenyNetworkLogonRight = Administrators >>sfqas.inf
echo SeManageVolumePrivilege = Administrators >>sfqas.inf
echo SeRemoteInteractiveLogonRight = administrator >>sfqas.inf
echo [Version] >>sfqas.inf
echo signature="$CHICAGO$" >>sfqas.inf
echo Revision=1 >>sfqas.inf
secedit /configure /db sfqas.sdb /cfg sfqas.inf /log sfqas.log /overwrite /quiet
del sfqas.*

:tengo

cls
echo .
echo ---------------------------------------------------
echo 是否加强DDOS防御能力
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要加强请按 Y,否请按 N。"
if %errorlevel% equ 2 goto elego
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpTimedWaitDelay /t reg_dword /d 00000030 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SynAttackProtect /t reg_dword /d 00000002 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpen /t reg_dword /d 00000200 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpenRetried /t reg_dword /d 00000096 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxConnectResponseRetransmissions /t reg_dword /d 00000003 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxDataRetransmissions /t reg_dword /d 00000005 /f
:elego

cls
echo ---------------------------------------------------
echo 是否启用服务器的网络共享?(共享服务可提供网络文件共享实现远程备份,比如NAS备份)
echo 如果前面限制了端口请不指派sfqas的安全策略并删除该策略
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "是请按Y,否请按N。"
echo .
echo ---------------------------------------------------
if %errorlevel% equ 2 goto noshare
reg add HKLM\SOFTWARE\Microsoft\Ole /v EnableDCOM /d Y /f
reg add HKLM\SOFTWARE\Microsoft\Rpc /v "DCOM Protocols" /t REG_MULTI_SZ /d ncacn_ip_tcp\0 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters /v SMBDeviceEnabled /t REG_DWORD /d 1 /f
sc config MSDTC start= AUTO
sc config lanmanworkstation start= AUTO
sc config lanmanserver start= AUTO
sc config Browser start= AUTO
echo y| cacls %SystemRoot%\system32\activeds.dll /G administrators:F SYSTEM:F IIS_WPG:R
sc start MSDTC
sc start lanmanworkstation
sc start lanmanserver
sc start Browser
:noshare

cls
echo .
echo ---------------------------------------------------
echo 是否禁用注册表工具
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要禁用请按 Y,否请按 N。"
if %errorlevel% equ 2 goto fourthgo
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t reg_dword /d 00000001 /f
:fourthgo

cls
echo .
echo ---------------------------------------------------
echo 是否禁用cmd
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要禁用请按 Y,否请按 N。"
if %errorlevel% equ 2 goto fifthgo
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" /v DisableCMD /t reg_dword /d 00000001 /f
:fifthgo

cls
echo .
echo ---------------------------------------------------
echo 是否开启WINDOWS防火墙,并只开放3389.FTP.80,和自己的远程端口,允许PING
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "要开启请按 Y,否请按 N。"
if %errorlevel% equ 2 goto firewallgo
sc config ShareAccess start= auto
sc start ShareAccess
netsh firewall set opmode mode = ENABLE
netsh firewall set icmpsetting 8
netsh firewall set portopening tcp 3389
netsh firewall set portopening tcp 21 sfqas_ftplink
netsh firewall set portopening tcp 20 sfqas_ftpdata
netsh firewall set portopening tcp 80 sfqas_web
echo .
CHOICE /C YN /M "远程端口是不是3389,要设置请按 Y,否请按 N。"
if %errorlevel% equ 2 goto firewallgo1
set mstscnumb1=
:numnogo
cls
set /p mstscnumb1=你的远程端口号:
if not defined mstscnumb1 goto numnogo
echo 你的远程端口号是:%mstscnumb1%
netsh firewall set portopening tcp %mstscnumb1% sfqas_mstsc
:firewallgo1
:firewallgo

cls
echo .
echo ---------------------------------------------------
echo 是否删除SQL2000危险的存储过程(如无安装SQL请不要运行!)
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "删除请按 Y,否请按 N。"
if %errorlevel% equ 2 goto ynono
echo ---------------------------------------------------
echo 请在弹出窗口内点击上方的绿色三角运行里面的代码才生效!准备好请按y
echo ---------------------------------------------------
if %errorlevel% equ 2 goto nono
echo use master
echo exec sp_dropextendedproc ‘xp_cmdshell‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_enumgroups‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_loginconfig‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_regaddmultistring‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_regdeletekey‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_regdeletevalue‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_regread‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_regremovemultistring‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_regwrite‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_enumerrorlogs‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_getfiledetails‘ >>sql.sql
echo go >>sql.sql
echo exec sp_dropextendedproc ‘xp_regenumvalues‘ >>sql.sql
echo go >>sql.sql
copy /Y sql.sql "C:\Documents and Settings\All Users\「开始」菜单\程序\Microsoft SQL Server\sql.sql"
start /d "C:\Documents and Settings\All Users\「开始」菜单\程序\Microsoft SQL Server" 查询分析器 -d master -E -f "C:\Documents and Settings\All Users\「开始」菜单\程序\Microsoft SQL Server\sql.sql"
echo ---------------------------------------------------
echo 请在弹出窗口内点击上方的绿色三角运行里面的代码才生效!你点了么?请按任意键继续. . .
echo ---------------------------------------------------
pause
del sql.sql
del "%systemdrive%\Documents and Settings\All Users\「开始」菜单\程序\Microsoft SQL Server\sql.sql"

:ynono
:nono

cls
echo 系统磁盘盘权限设定
echo 删除C盘的根目录的权限
echo y| Cacls %systemdrive%\ /e /c /r everyone
echo y| Cacls %systemdrive%\ /e /c /r "creator owner"
echo y| Cacls %systemdrive%\ /e /c /r users
echo y| Cacls "%systemdrive%\Documents and Settings\All Users\Documents" /e /c /r "creator owner"
echo y| Cacls "%systemdrive%\Documents and Settings\All Users\Documents" /e /c /r "power users"
echo y| Cacls "%systemdrive%\Documents and Settings\All Users\Documents" /e /c /r users
echo y| Cacls "%systemdrive%\Documents and Settings" /e /c /r everyone
echo y| Cacls "%systemdrive%\Documents and Settings\Administrator\「开始」菜单\程序\启动" /e /c /r administrators
echo y| Cacls "%systemdrive%\Documents and Settings\Administrator\「开始」菜单\程序\启动" /e /c /r system
echo y| Cacls "%systemdrive%\Documents and Settings\All Users\「开始」菜单\程序\启动" /e /c /r system
echo y| Cacls "%systemdrive%\Documents and Settings\All Users\「开始」菜单\程序\启动" /e /c /r administrators

attrib +R +A +S +H %systemdrive%\wmpub
echo y| Cacls %systemdrive%\wmpub /e /c /r "creator owner"
echo y| Cacls %systemdrive%\wmpub /e /c /r "power users"
echo y| Cacls %systemdrive%\wmpub /e /c /r users
echo y| Cacls %systemdrive%\wmpub /e /c /r administrators
echo y| Cacls %systemdrive%\wmpub /e /c /r system
echo y| Cacls %systemdrive%\wmpub /e /c /r administrators
echo y| Cacls %systemdrive%\wmpub /e /c /r system

attrib +R +A +S +H %systemdrive%\WINDOWS\addins
echo y| Cacls %systemdrive%\WINDOWS\addins /e /c /r "creator owner"
echo y| Cacls %systemdrive%\WINDOWS\addins /e /c /r "power users"
echo y| Cacls %systemdrive%\WINDOWS\addins /e /c /r users
echo y| Cacls %systemdrive%\WINDOWS\addins /e /c /r administrators
echo y| Cacls %systemdrive%\WINDOWS\addins /e /c /r system
echo y| Cacls %systemdrive%\WINDOWS\addins /e /c /r administrators
echo y| Cacls %systemdrive%\WINDOWS\addins /e /c /r system

echo .
echo ---------------------------------------------------
echo 如果你的WEB以前用的USERS或是everyone权限,下面的操作可能会导致无权限访问,是否操作?
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "是请按 Y,否请按 N。"
if %errorlevel% equ 2 goto confirm1
echo "删除D盘的根目录的权限"
echo y| Cacls D:\ /t /e /c /r everyone
echo y| Cacls D:\ /t /e /c /r "creator owner"
echo y| Cacls D:\ /t /e /c /r users
echo "删除E盘的根目录的权限"
echo y| Cacls E:\ /t /e /c /r everyone
echo y| Cacls E:\ /t /e /c /r "creator owner"
echo y| Cacls E:\ /t /e /c /r users
echo "删除F盘的根目录的权限"
echo y| Cacls F:\ /t /e /c /r everyone
echo y| Cacls F:\ /t /e /c /r "creator owner"
echo y| Cacls F:\ /t /e /c /r users
echo "删除G盘的根目录的权限"
echo y| Cacls G:\ /t /e /c /r everyone
echo y| Cacls G:\ /t /e /c /r "creator owner"
echo y| Cacls G:\ /t /e /c /r users
echo "删除H盘的根目录的权限"
echo y| Cacls H:\ /t /e /c /r everyone
echo y| Cacls H:\ /t /e /c /r "creator owner"
echo y| Cacls H:\ /t /e /c /r users
echo "删除I盘的根目录的权限"
echo y| Cacls I:\ /t /e /c /r everyone
echo y| Cacls I:\ /t /e /c /r "creator owner"
echo y| Cacls I:\ /t /e /c /r users
:confirm1

echo "2003减少C盘的危险文件的访问权限"
attrib +R +A +S +H %SystemRoot%/system32/shell32.dll
echo y| cacls %SystemRoot%/system32/shell32.dll /e /d guests /c
attrib +R +A +S +H %SystemRoot%/system32/wshom.ocx
echo y| cacls %SystemRoot%/system32/wshom.ocx /e /d guests /c
attrib +R +A +S +H %SystemRoot%/system32/npptools.dll
echo y| cacls %SystemRoot%/system32/npptools.dll /e /d users /c

attrib +R +A +S +H %SystemRoot%/system32/Cmd.exe
echo y| cacls %SystemRoot%/system32/Cmd.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/Cmd.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/Cmd.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/Cmd.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/Cmd.exe /e /d telnetclients /c
echo y| cacls %SystemRoot%/system32/Cmd.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/net.exe
echo y| cacls %SystemRoot%/system32/net.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/net.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/net.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/net.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/net.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/net.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/net.exe /e /d users /c
echo y| cacls %SystemRoot%/system32/net.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/reg.exe
echo y| cacls %SystemRoot%/system32/reg.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/reg.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/reg.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/reg.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/reg.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/reg.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/reg.exe /e /d users /c
echo y| cacls %SystemRoot%/system32/reg.exe /e /d system:r /c

attrib +R +A +S +H %SystemRoot%/system32/netsh.exe
echo y| cacls %SystemRoot%/system32/netsh.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/netsh.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/netsh.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/netsh.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/netsh.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/netsh.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/netsh.exe /e /d users /c
echo y| cacls %SystemRoot%/system32/netsh.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/sc.exe
echo y| cacls %SystemRoot%/system32/sc.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/sc.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/sc.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/sc.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/sc.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/sc.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/sc.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/net1.exe
echo y| cacls %SystemRoot%/system32/net1.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/net1.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/net1.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/net1.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/net1.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/net1.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/net1.exe /e /d users /c
echo y| cacls %SystemRoot%/system32/net1.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/netstat.exe
echo y| cacls %SystemRoot%/system32/netstat.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/netstat.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/netstat.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/netstat.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/netstat.exe /e /d batch /c

attrib +R +A +S +H %SystemRoot%/system32/ftp.exe
echo y| cacls %SystemRoot%/system32/ftp.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/ftp.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/ftp.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/ftp.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/ftp.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/ftp.exe /e /d users /c
echo y| cacls %SystemRoot%/system32/ftp.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/dllcache/at.exe
echo y| cacls %SystemRoot%/system32/dllcache/at.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/dllcache/at.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/dllcache/at.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/dllcache/at.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/dllcache/at.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/dllcache/at.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/dllcache/at.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/at.exe
echo y| cacls %SystemRoot%/system32/at.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/at.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/at.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/at.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/at.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/at.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/at.exe /e /d system /c

attrib +R +A +S +H cacls %SystemRoot%/system32/dllcache/utilman.exe
echo y| cacls %SystemRoot%/system32/dllcache/utilman.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/dllcache/utilman.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/dllcache/utilman.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/dllcache/utilman.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/dllcache/utilman.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/dllcache/utilman.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/dllcache/utilman.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/utilman.exe
echo y| cacls %SystemRoot%/system32/utilman.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/utilman.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/utilman.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/utilman.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/utilman.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/utilman.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/utilman.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/dllcache/sethc.exe
echo y| cacls %SystemRoot%/system32/dllcache/sethc.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/dllcache/sethc.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/dllcache/sethc.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/dllcache/sethc.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/dllcache/sethc.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/dllcache/sethc.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/dllcache/sethc.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/sethc.exe
echo y| cacls %SystemRoot%/system32/sethc.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/sethc.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/sethc.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/sethc.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/sethc.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/sethc.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/sethc.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/dllcache/magnify.exe
echo y| cacls %SystemRoot%/system32/dllcache/magnify.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/dllcache/magnify.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/dllcache/magnify.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/dllcache/magnify.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/dllcache/magnify.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/dllcache/magnify.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/dllcache/magnify.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/magnify.exe
echo y| cacls %SystemRoot%/system32/magnify.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/magnify.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/magnify.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/magnify.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/magnify.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/magnify.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/magnify.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/dllcache/osk.exe
echo y| cacls %SystemRoot%/system32/dllcache/osk.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/dllcache/osk.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/dllcache/osk.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/dllcache/osk.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/dllcache/osk.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/dllcache/osk.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/dllcache/osk.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/osk.exe
echo y| cacls %SystemRoot%/system32/osk.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/osk.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/osk.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/osk.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/osk.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/osk.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/osk.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/dllcache/cacls.exe
echo y| cacls %SystemRoot%/system32/dllcache/cacls.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/dllcache/cacls.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/dllcache/cacls.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/dllcache/cacls.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/dllcache/cacls.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/dllcache/cacls.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/dllcache/cacls.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/cacls.exe
echo y| cacls %SystemRoot%/system32/cacls.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/cacls.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/cacls.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/cacls.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/cacls.exe /e /d batch /c

attrib +R +A +S +H %SystemRoot%/system32/dllcache/attrib.exe
echo y| cacls %SystemRoot%/system32/dllcache/attrib.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/dllcache/attrib.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/dllcache/attrib.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/dllcache/attrib.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/dllcache/attrib.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/dllcache/attrib.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/dllcache/attrib.exe /e /d system /c

attrib +R +A +S +H %SystemRoot%/system32/attrib.exe
echo y| cacls %SystemRoot%/system32/attrib.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/attrib.exe /e /g administrator:f /c
echo y| cacls %SystemRoot%/system32/attrib.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/attrib.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/attrib.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/attrib.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/attrib.exe /e /d users /c
echo y| cacls %SystemRoot%/system32/attrib.exe /e /d system /c

echo y| cacls %SystemRoot%/system32/secedit.exe /e /g administrator:f /c
cls
echo .
echo ---------------------------------------------------
echo 是否要修改administrator名字,是按Y,否按N?
echo ---------------------------------------------------
echo .
if %errorlevel% equ 2 goto confirml
set username1=
:usernogo
cls
echo 设置超级管理员账号并只允许此账号远程
set /p username1=请输入新的administrator名字:
if not defined username1 goto usernogo
echo 你设置的超级管理员用户名是:%username1%

echo [version] >sfqas.inf
echo signature="$CHICAGO$" >>sfqas.inf
echo Revision=1 >>sfqas.inf
echo [System Access] >>sfqas.inf
echo NewAdministratorName = "%username1%" >>sfqas.inf
secedit /configure /db sfqas.sdb /cfg sfqas.inf /log sfqas.log /overwrite /quiet
del sfqas.*
:confirml

attrib +R +A +S +H %SystemRoot%/system32/secedit.exe
echo y| cacls %SystemRoot%/system32/secedit.exe /e /d guests /c
echo y| cacls %SystemRoot%/system32/secedit.exe /e /r administrators
echo y| cacls %SystemRoot%/system32/secedit.exe /e /d interactive /c
echo y| cacls %SystemRoot%/system32/secedit.exe /e /d service /c
echo y| cacls %SystemRoot%/system32/secedit.exe /e /d batch /c
echo y| cacls %SystemRoot%/system32/secedit.exe /e /d users /c
echo y| cacls %SystemRoot%/system32/secedit.exe /e /d system /c

cls
echo .
echo ---------------------------------------------------
echo 如果你是虚拟主机系统,如hz,此步请选N?
echo ---------------------------------------------------
echo .
CHOICE /C YN /M "不是请按 Y,是请按 N。"
if %errorlevel% equ 2 goto confirm2
echo y| cacls %SystemRoot%/system32/cacls.exe /e /d system /c
echo y| cacls %SystemRoot%/system32/cacls.exe /e /d interactive /c
:confirm2

cls
@echo 索引系统垃圾列表中....
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
del /s /q %windir%\temp\*.*
del /f /q %userprofile%\cookies\*.*
del /f /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
del /f /s /q "%userprofile%\recent\*.*"
@echo 系统垃圾清理完毕!

时间: 2024-07-29 23:36:27

windows 2003 自动安全设置的相关文章

windows 2003自动登录的具体步骤

在windows系统中,使用最多的可能就是远程操作了,关于远程操作的那些事很多用户还是有些迷茫的.如果win2003系统远程重启后,要重新登录系统才能启用远程功能,这就十分的麻烦,如何才能实现重启后的自动登录呢?具体操作如下 win2003操作系统,重启自动登录,需要完成以下几个步骤: 1 禁用ctrl+delete+alt登录,方法如下:       开始运行-->secpol.msc-->本地安全策略->本地策略->安全选项->禁用CTRL+ALT+DELETE登录  

Windows Server 2003 IIS 中设置 FTP 服务器

Windows 7 .Windows 2003 Standard Edition.Windows 2003 Enterprise Edition.Windows XP .Windows 2000 Server.Windows 2000 Advanced Server 以及 Windows 2000 Professional 的默认安装都带有 IIS . 在系统的安装过程中IIS是默认不安装的,在系统安装完毕后可以通过添加删除程序加装 IIS. IIS 是微软推出的架设 WEB.FTP.SMTP

windows 2003最完善最完美的权限及安全设置解决方案【转】

一.服务器安全设置 1. IIS6.0的安装和设置 1.1 开始菜单—>控制面板—>添加或删除程序—>添加/删除Windows组件 应用程序 ———ASP.NET(可选) |——启用网络 COM+ 访问(必选) |——Internet 信息服务(IIS)———Internet 信息服务管理器(必选) |——公用文件(必选) |——万维网服务———Active Server pages(必选) |——Internet 数据连接器(可选) |——WebDAV 发布(可选) |——万维网服务(

windows 2003 设置端口映射

windows 2003 的 netsh 默认没有设置端口映射的功能,需要先安装下 ipv6 协议,怎么安装?找到本地连接 右键属性 添加新的协议即可,安装后需要重启系统,而后即可使用windows 的端口映射命令: netsh interface portproxy add v4tov4 listenport=N3 connectaddress=hostD_IP connectport=N2 netsh interface portproxy show all 设置将所有到本地1433端口的连

windows 2003 IIS 设置 FTP被动模式

IIS FTP 将21端口更改为xx123端口: 更改数据端口: cd c:/Inetpub/AdminScripts cscript.exe adsutil.vbs set /MSFTPSVC/PassivePortRange "55100-55150" 这里是开放了 55100-55150 为被动模式的数据端口. 防火墙关掉21和20,开放xx123,55100-55150端口: windows 2003 IIS 设置 FTP被动模式

Windows 2003 IIS下配置MySQL+PHP+ISAPI_Rewrite+Zend+Xcache

Windows 2003 IIS下配置MySQL+PHP+ISAPI_Rewrite+Zend+Xcache zend  mysql  php  iis  windows  extension 一.准备工作 windows 2003,自己买吧... 安装IIS 6.0:安装系统后在"控制面板"->"添加或删除程序"->"添加/删除Windows组件"->双击"应用程序服务器"->然后选中"In

让windows 2003启动后直接进入桌面

windows 2003启动后进入桌面需要解决的几个问题 1.如何去除掉 ctrl+alt+del的提示界面 2.如何设置自动登录的用户名密码 3.在异常启动时会出现关闭事件跟踪程序 也会导致不能直接进入桌面 往往直接进入桌面是卡在了这个环节 一.去掉ctrl+alt+del的提示界面 1.“开始-->运行”在弹出的窗口中输入gpedit.msc, 2.点击确定即打开了组策略编辑器. 3.在组策略编辑器的左框内依次序展开(点前面的“+”号)-->计算机配置-->Windows设置--&g

在Windows 2003下搭建FTP服务器

Windows 2003 Standard Edition.Windows 2003 Enterprise Edition.Windows XP Professional .Windows 2000 Server.Windows 2000 Advanced Server 以及 Windows 2000 Professional 的默认安装都带有 IIS .在系统的安装过程中IIS是默认不安装的,在系统安装完毕后可以通过添加删除程序加装 IIS. IIS 是微软推出的架设 WEB.FTP.SMTP

Windows 2003 IIS6.0下配置ASP+MySQL+PHP+ISAPI_Rewrite+Zend+Xcache

windows 2003,自己买吧... 安装IIS6.0:安装系统后在"控制面板"->"添加或删除程序"->"添加/删除Windows组件"->双击"应用程序服务器"->然后选中"Internet信息服务(IIS)"->确定->安装完毕... 下载PHP:http://cn2.php.net/get/php-5.2.5-Win32.zip/from/this/mirro