服务器安全设置批处理_DOS/BAT教程-查字典教程网

第一个比较全，推荐使用第一个

复制代码代码如下:

@ECHO OFF

CLS

TITLE SERVER SAFE SETUP PRO

COLOR 0A

echo y|cacls.exe C: /p Administrators:f system:f "network service":r

echo y|cacls.exe D: /p Administrators:f system:f servU:f "network service":r

echo y|cacls.exe E: /p Administrators:f system:f servU:f "network service":r

echo y|cacls.exe "C:Program Files" /t /p Administrators:f system:f everyone:r

echo y|cacls.exe "C:Program FilesCommon Files" /t /g Administrators:f system:f everyone:r

echo y|cacls.exe c:windows /p Administrators:f system:f

echo y|cacls.exe c:windowssystem32 /p Administrators:f system:f

echo y|cacls.exe C:WINDOWSsystem32inetsrv /p Administrators:f system:f everyone:r

echo y|cacls.exe "C:Documents and Settings" /p Administrators:f system:f

echo y|cacls.exe "C:Documents and SettingsAll Users" /t /p Administrator:f system:f everyone:r

echo y|cacls.exe c:windowstemp /p everyone:f

echo y|cacls.exe %systemroot%system32shell32.dll /p Administrators:f

echo y|cacls.exe %systemroot%system32wshom.ocx /p Administrators:f

echo y|cacls.exe c:windowssystem32*.exe /p Administrators:f system:f

echo y|cacls.exe "c:Documents and SettingsAll Users" /e /g everyone:r

echo y|cacls.exe %systemroot%system32svchost.exe /e /g "network service":r

echo y|cacls.exe %systemroot%system32msdtc.exe /e /g "network service":r

echo y|cacls.exe %windir%system32mtxex.dll /e /g everyone:r

echo y|cacls.exe c:windowssystem32cmd.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32net.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32net1.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32sc.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32at.exe /p Administrator:f

echo y|cacls.exe %windir%system32dllhost.exe /e /g everyone:r

echo y|cacls.exe c:windowssystem32netsh.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32net.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32cacls.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32cmdkey.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32ftp.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32tftp.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32reg.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32regedt32.exe /p Administrator:f

echo y|cacls.exe c:windowssystem32regini.exe /p Administrator:f

echo y|cacls.exe %windir%assembly /e /t /g "network service":r

echo y|cacls.exe %windir%Microsoft.NET /e /t /g everyone:r

echo y|cacls.exe "%windir%Microsoft.NETFrameworkv1.1.4322Temporary ASP.NET Files" /e /t /g everyone:f

echo y|cacls.exe %windir%system32mscoree.dll /e /g everyone:r

echo y|cacls.exe %windir%system32ws03res.dll /e /g everyone:r

echo y|cacls.exe %windir%system32msxml*.dll /e /g everyone:r

echo y|cacls.exe C:WINDOWSsystem32urlmon.dll /e /g everyone:r

echo y|cacls.exe C:WINDOWSsystem32mlang.dll /e /g everyone:r

echo y|cacls.exe C:WINDOWSsystem32TAPI32.dll /e /g everyone:r

echo y|cacls.exe C:WINDOWSsystem32WININET.dll /e /g everyone:r

cacls c:windowsassembly /e /t /p "network service":r

cacls c:windowsMicrosoft.NET /e /t /p "network service":r

cacls "C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Temporary ASP.NET Files" /e /t /p "network service":f

cacls C:WINDOWSsystem32mscoree.dll /e /g everyone:r

cacls C:WINDOWSsystem32ws03res.dll /e /g everyone:r

cacls c:WINDOWS /e /g "network service":r

if exist c:windows cacls c:windows /e /g "network service":r

cacls c:windowsMicrosoft.NET /e /t /p "network service":r

cacls "C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Temporary ASP.NET Files" /e /t /p "network service":f

cacls "C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files" /e /t /p "network service":f

cacls c:windowssystem32 /e /g "network service":r

cacls c:windowssystem32rasapi32.dll /e /g "network service":r

echo y|cacls.exe C:WINDOWSsystem32inetsrvadsiis.dll /p Administrators:f autosystem:f

echo y|cacls.exe C:WINDOWSsystem32inetsrviisadmpwd /p Administrators:f autosystem:f

echo y|cacls.exe C:WINDOWSsystem32inetsrvMetaBack /p Administrators:f autosystem:f

cacls C":Program FilesServ-U" /e /g "servu":f

cacls d:wwwroot /e /g servU:f

echo 以上设置服务器目录权限

net stop Browser

sc config Browser start= disabled

net stop lanmanserver

sc config lanmanserver start= disabled

net share c$ /delete

net share d$ /delete

net share e$ /delete

net share f$ /delete

net share admin$ /delete

net share ipc$ /delete

echo 以上删除默认共享，设置服务项

echo .. delshare.reg .......

echo Windows Registry Editor Version 5.00> c:delshare.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters]>> c:delshare.reg

echo "AutoShareWks"=dword:00000000>> c:delshare.reg

echo "AutoShareServer"=dword:00000000>> c:delshare.reg

echo .. delshare.reg .....

regedit /s c:delshare.reg

echo .. delshare.reg ....

del c:delshare.reg

echo .

echo ........

echo .

echo =========================================================

echo .

echo .....................dos....

echo .

echo .........

echo Windows Registry Editor Version 5.00> c:dosforwin.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]>> c:dosforwin.reg

echo "EnableICMPRedirect"=dword:00000000>> c:dosforwin.reg

echo "DeadGWDetectDefault"=dword:00000001>> c:dosforwin.reg

echo "DontAddDefaultGatewayDefault"=dword:00000000>> c:dosforwin.reg

echo "EnableSecurityFilters"=dword:00000000">> c:dosforwin.reg

echo "AllowUnqualifiedQuery"=dword:00000000>> c:dosforwin.reg

echo "PrioritizeRecordData"=dword:00000001>> c:dosforwin.reg

echo "ReservedPorts"=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,>> c:dosforwin.reg

echo 00,00,00,00>> c:dosforwin.reg

echo "SynAttackProtect"=dword:00000002>> c:dosforwin.reg

echo "EnablePMTUDiscovery"=dword:00000000>> c:dosforwin.reg

echo "NoNameReleaseOnDemand"=dword:00000001>> c:dosforwin.reg

echo "EnableDeadGWDetect"=dword:00000000>> c:dosforwin.reg

echo "KeepAliveTime"=dword:00300000>> c:dosforwin.reg

echo "PerformRouterDiscovery"=dword:00000000>> c:dosforwin.reg

echo "EnableICMPRedirects"=dword:00000000>> c:dosforwin.reg

echo .

echo ==========================================================

echo .. dosforwin.reg .....

regedit /s c:dosforwin.reg

echo .. dosforwin.reg ....

del c:dosforwin.reg

echo ==============================================================

echo .

echo ===============================================================

echo ..Remote Registry Service...........

echo .........

echo .

echo Windows Registry Editor Version 5.00> c:regedit.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemoteRegistry]>> c:regedit.reg

echo "Start"=dword:00000004>> c:regedit.reg

echo .

echo .. regedit.reg .....

regedit /s c:regedit.reg

echo .

echo ......

del c:regedit.reg

echo ===============================================================

echo ..Messenger.......

echo .........

echo Windows Registry Editor Version 5.00> c:message.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMessenger]>> c:message.reg

echo "Start"=dword:00000004>> c:message.reg

echo .

echo .. message.reg .....

regedit /s c:message.reg

echo .

echo .. message.reg

del c:message.reg

echo ===============================================================

echo ..lanmanserver.......

echo .........

echo Windows Registry Editor Version 5.00> c:lanmanserver.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserver]>> c:lanmanserver.reg

echo "Start"=dword:00000004>> c:lanmanserver.reg

echo .

echo .. lanmanserver.reg .....

regedit /s c:lanmanserver.reg

echo .

echo .. lanmanserver.reg

del c:lanmanserver.reg

echo ==============================================================

echo ...TCP/IP NetBIOS Helper Service

echo .........

echo Windows Registry Editor Version 5.00> c:netbios.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLmHosts]>> c:netbios.reg

echo "Start"=dword:00000004>> c:netbios.reg

echo .

echo .. netbios.reg .....

regedit /s c:netbios.reg

echo .

echo .. netbios.reg

del c:netbios.reg

regedit /s forddos.reg

第二个

复制代码代码如下:

echo.

echo ------------------------------------------------------

echo.

echo ...........

echo.

net share c$ /delete

net share d$ /delete

net share e$ /delete

net share f$ /delete

net share admin$ /delete

net share ipc$ /delete

net stop Server

net start Server

echo.

echo ..........

echo.

echo ------------------------------------------------------

echo.

echo .................

echo.

echo .. delshare.reg .......

echo Windows Registry Editor Version 5.00> c:delshare.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters]>> c:delshare.reg

echo "AutoShareWks"=dword:00000000>> c:delshare.reg

echo "AutoShareServer"=dword:00000000>> c:delshare.reg

echo .. delshare.reg .....

regedit /s c:delshare.reg

echo .. delshare.reg ....

del c:delshare.reg

echo .

echo ........

echo .

echo =========================================================

echo .

echo .....................dos....

echo .

echo .........

echo Windows Registry Editor Version 5.00> c:dosforwin.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]>> c:dosforwin.reg

echo "EnableICMPRedirect"=dword:00000000>> c:dosforwin.reg

echo "DeadGWDetectDefault"=dword:00000001>> c:dosforwin.reg

echo "DontAddDefaultGatewayDefault"=dword:00000000>> c:dosforwin.reg

echo "EnableSecurityFilters"=dword:00000000">> c:dosforwin.reg

echo "AllowUnqualifiedQuery"=dword:00000000>> c:dosforwin.reg

echo "PrioritizeRecordData"=dword:00000001>> c:dosforwin.reg

echo "ReservedPorts"=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,>> c:dosforwin.reg

echo 00,00,00,00>> c:dosforwin.reg

echo "SynAttackProtect"=dword:00000002>> c:dosforwin.reg

echo "EnablePMTUDiscovery"=dword:00000000>> c:dosforwin.reg

echo "NoNameReleaseOnDemand"=dword:00000001>> c:dosforwin.reg

echo "EnableDeadGWDetect"=dword:00000000>> c:dosforwin.reg

echo "KeepAliveTime"=dword:00300000>> c:dosforwin.reg

echo "PerformRouterDiscovery"=dword:00000000>> c:dosforwin.reg

echo "EnableICMPRedirects"=dword:00000000>> c:dosforwin.reg

echo .......

echo ==========================================================

echo .. dosforwin.reg .....

regedit /s c:dosforwin.reg

echo .. dosforwin.reg ....

del c:dosforwin.reg

echo ==============================================================

echo .

echo ..........(......................).

echo .

echo ..telnet,......telnet.

echo ..........

echo Windows Registry Editor Version 5.00> c:telnet.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTlntSvr]>> c:telnet.reg

echo "Start"=dword:00000004>> c:telnet.reg

echo .

echo .. telnet.reg .....

regedit /s c:telnet.reg

echo .

echo .. telnet.reg ....

del c:telnet.reg

echo .

echo ===============================================================

echo ..Remote Registry Service...........

echo .........

echo .

echo Windows Registry Editor Version 5.00> c:regedit.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemoteRegistry]>> c:regedit.reg

echo "Start"=dword:00000004>> c:regedit.reg

echo .

echo .. regedit.reg .....

regedit /s c:regedit.reg

echo .

echo ......

del c:regedit.reg

echo ===============================================================

echo ..Messenger.......

echo .........

echo Windows Registry Editor Version 5.00> c:message.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMessenger]>> c:message.reg

echo "Start"=dword:00000004>> c:message.reg

echo .

echo .. message.reg .....

regedit /s c:message.reg

echo .

echo .. message.reg

del c:message.reg

===============================================================

echo ..Telephony......

echo ....

echo Windows Registry Editor Version 5.00> c:Telephony.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTapiSrv]>> c:Telephony.reg

echo "Start"=dword:00000004>> c:Telephony.reg

echo .

echo .. Telephony.reg

regedit /s c:Telephony.reg

del c:Telephony.reg

echo ==============================================================

echo ...TCP/IP NetBIOS Helper Service

echo .........

echo Windows Registry Editor Version 5.00> c:netbios.reg

echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLmHosts]>> c:netbios.reg

echo "Start"=dword:00000004>> c:netbios.reg

echo .

echo .. netbios.reg .....

regedit /s c:netbios.reg

echo .

echo .. netbios.reg

del c:netbios.reg

echo ===============================================================

echo powered by 冬虫草

echo sleepboy82@hotmail.com

echo Jooline Services Set

goto :END

上面的文件下载地址