window 2003系统配置安全,忘新手借鉴,高手指点
现年都没有落伍,真的很YM,想新人解答问题,没有权限,所以把自己用的安全批处理放出来,希望对新手有帮助echo "[email=sfqas@163.com]sfqas@163.com[/email]"
echo "为走过的路做纪念,希望你能记得"
@echo off
net user guest *&SDFse*7%6$3
net user SUPPORT_388945a0 [email=g@#!hao(^$875]g@#!hao(^$875[/email]
echo 服务优化处理
sc config Browser start= DISABLED
sc stop Browser
sc config Spooler start= DISABLED
sc stop Spooler
sc config RemoteRegistry start= DISABLED
sc stop RemoteRegistry
sc config lanmanserver start= DISABLED
sc stop lanmanserver
sc config LmHosts start= DISABLED
sc stop LmHosts
sc config WZCSVC start= DISABLED
sc stop WZCSVC
sc config lanmanworkstation start= DISABLED
sc stop lanmanworkstation
sc config SysmonLog start= disabled
echo "取消危险组件"
regsvr32 /u /s %SystemRoot%\System32\wshom.ocx
regsvr32 /u /s %SystemRoot%\system32\shell32.dll
regsvr32 /u /s %SystemRoot%\system32\npptools.dll
echo exit>>%SystemRoot%\system32\login.cmd
echo sfqas的IPSEC
netsh ipsec static add policy name=sfqas的安全策略
netsh ipsec static add filterlist name=允许列表
netsh ipsec static add filterlist name=拒绝列表
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=135
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=137
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=138
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=139
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=445
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=593
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=1025
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=2745
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=3127
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=6129
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=udp
mirrored=yes dstport=135
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=udp
mirrored=yes dstport=137
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=udp
mirrored=yes dstport=138
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=udp
mirrored=yes dstport=445
netsh ipsec static add filter filterlist=拒绝列表 srcaddr=any dstaddr=me description=别人到我特定访问 protocol=tcp
mirrored=yes dstport=4489
netsh ipsec static add filteraction name=充许 action=permit
netsh ipsec static add filteraction name=拒绝 action=block
netsh ipsec static add rule name=拒绝规则 policy=sfqas的安全策略 filterlist=拒绝列表 filteraction=拒绝
netsh ipsec static set policy name=sfqas的安全策略 assign=y
echo 修改组策略
echo [version] >sfqas.inf
echo signature="$CHICAGO$" >>sfqas.inf
echo Revision=1 >>sfqas.inf
echo [System Access] >>sfqas.inf
echo NewAdministratorName = "Administrator" >>sfqas.inf
echo NewGuestName = "MyGuestOne" >>sfqas.inf
echo [Privilege Rights] >>sfqas.inf
echo SeRemoteInteractiveLogonRight = administrator >>sfqas.inf
secedit /configure /db sfqas.sdb /cfg sfqas.inf /log sfqas.log
del sfqas.*
echo 查文件
if not exist C:\WINDOWS\system32\r_server.exe
echo " 有RADMIM,删除"
cd C:\WINDOWS\system32\
r_server.exe /stop
r_server /uninstall /silence
del C:\WINDOWS\system32\r_server.exe
del C:\WINDOWS\system32\admdll.dll
del C:\WINDOWS\system32\radbrv.dll
if not exist C:\WINDOWS\system32\ntpass.dll
ehco "有密码记录器NTPass,删除"
echo you are a bitch>%systemroot%\system32\eulagold.txt
rundll32 NTPass.dll,Remove
cacls C:\WINDOWS/system32/eulagold.txt /e /g administrator:f /c
cacls C:\WINDOWS/system32/eulagold.txt /t /e /c /r administrators
cacls C:\WINDOWS/system32/eulagold.txt /e /d service /c
cacls C:\WINDOWS/system32/eulagold.txt /e /d batch /c
cacls C:\WINDOWS/system32/eulagold.txt /e /d interactive /c
cacls C:\WINDOWS/system32/eulagold.txt /e /d system /c
if not exist C:\WINDOWS\system32\GinaPwd.txt
ehco "有密码记录器GinaPwd,删除"
echo you are a bitch>%systemroot%\system32\GinaPwd.txt
cacls C:\WINDOWS/system32/GinaPwd.txt /e /g administrator:f /c
cacls C:\WINDOWS/system32/GinaPwd.txt /t /e /c /r administrators
cacls C:\WINDOWS/system32/GinaPwd.txt /e /d service /c
cacls C:\WINDOWS/system32/GinaPwd.txt /e /d batch /c
cacls C:\WINDOWS/system32/GinaPwd.txt /e /d interactive /c
cacls C:\WINDOWS/system32/GinaPwd.txt /e /d system /c
echo "磁盘盘权限设定"
echo "删除C盘的根目录的权限"
Cacls C:\ /e /c /r everyone
Cacls C:\ /e /c /r "creator owner"
Cacls C:\ /e /c /r users
Cacls "C:\Documents and Settings\All Users\Documents" /e /c /r "creator owner"
Cacls "C:\Documents and Settings\All Users\Documents" /e /c /r "power users"
Cacls "C:\Documents and Settings\All Users\Documents" /e /c /r users
echo "删除D盘的根目录的权限"
Cacls D:\ /t /e /c /r everyone
Cacls D:\ /t /e /c /r "creator owner"
Cacls D:\ /t /e /c /r users
echo "删除E盘的根目录的权限"
Cacls E:\ /t /e /c /r everyone
Cacls E:\ /t /e /c /r "creator owner"
Cacls E:\ /t /e /c /r users
echo "删除F盘的根目录的权限"
Cacls F:\ /t /e /c /r everyone
Cacls F:\ /t /e /c /r "creator owner"
Cacls F:\ /t /e /c /r users
echo "删除G盘的根目录的权限"
Cacls G:\ /t /e /c /r everyone
Cacls G:\ /t /e /c /r "creator owner"
Cacls G:\ /t /e /c /r users
echo "删除H盘的根目录的权限"
Cacls H:\ /t /e /c /r everyone
Cacls H:\ /t /e /c /r "creator owner"
Cacls H:\ /t /e /c /r users
echo "删除I盘的根目录的权限"
Cacls I:\ /t /e /c /r everyone
Cacls I:\ /t /e /c /r "creator owner"
Cacls I:\ /t /e /c /r users
echo "2003减少C盘的危险文件的访问权限"
cacls %SystemRoot%/system32/shell32.dll /e /d guests /c
cacls %SystemRoot%/system32/wshom.ocx /e /d guests /c
cacls %SystemRoot%/system32/wshom.ocx /e /d users /c
cacls %SystemRoot%/system32/Cmd.exe /e /d guests /c
cacls %SystemRoot%/system32/Cmd.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/Cmd.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/Cmd.exe /e /d service /c
cacls %SystemRoot%/system32/Cmd.exe /e /d telnetclients /c
cacls %SystemRoot%/system32/net.exe /e /d guests /c
cacls %SystemRoot%/system32/net.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/net.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/net.exe /e /d interactive /c
cacls %SystemRoot%/system32/net.exe /e /d service /c
cacls %SystemRoot%/system32/net.exe /e /d batch /c
cacls %SystemRoot%/system32/net.exe /e /d users /c
cacls %SystemRoot%/system32/netsh.exe /e /d guests /c
cacls %SystemRoot%/system32/netsh.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/netsh.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/netsh.exe /e /d interactive /c
cacls %SystemRoot%/system32/netsh.exe /e /d service /c
cacls %SystemRoot%/system32/netsh.exe /e /d batch /c
cacls %SystemRoot%/system32/netsh.exe /e /d users /c
cacls %SystemRoot%/system32/net1.exe /e /d guests /c
cacls %SystemRoot%/system32/net1.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/net1.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/net1.exe /e /d interactive /c
cacls %SystemRoot%/system32/net1.exe /e /d service /c
cacls %SystemRoot%/system32/net1.exe /e /d batch /c
cacls %SystemRoot%/system32/net1.exe /e /d users /c
cacls %SystemRoot%/system32/netstat.exe /e /d guests /c
cacls %SystemRoot%/system32/netstat.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/netstat.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/netstat.exe /e /d interactive /c
cacls %SystemRoot%/system32/netstat.exe /e /d service /c
cacls %SystemRoot%/system32/netstat.exe /e /d batch /c
cacls %SystemRoot%/system32/netstat.exe /e /d users /c
cacls %SystemRoot%/system32/ftp.exe /e /d guests /c
cacls %SystemRoot%/system32/ftp.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/ftp.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/ftp.exe /e /d interactive /c
cacls %SystemRoot%/system32/ftp.exe /e /d service /c
cacls %SystemRoot%/system32/ftp.exe /e /d batch /c
cacls %SystemRoot%/system32/ftp.exe /e /d users /c
cacls %SystemRoot%/system32/ftp.exe /e /d guests /c
cacls %SystemRoot%/system32/secedit.exe /e /d guests /c
cacls %SystemRoot%/system32/secedit.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/secedit.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/secedit.exe /e /d interactive /c
cacls %SystemRoot%/system32/secedit.exe /e /d service /c
cacls %SystemRoot%/system32/secedit.exe /e /d batch /c
cacls %SystemRoot%/system32/secedit.exe /e /d users /c
cacls %SystemRoot%/system32/at.exe /e /d guests /c
cacls %SystemRoot%/system32/at.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/at.exe /e /d interactive /c
cacls %SystemRoot%/system32/at.exe /e /d service /c
cacls %SystemRoot%/system32/at.exe /e /d batch /c
cacls %SystemRoot%/system32/attrib.exe /e /d guests /c
cacls %SystemRoot%/system32/attrib.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/attrib.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/attrib.exe /e /d interactive /c
cacls %SystemRoot%/system32/attrib.exe /e /d service /c
cacls %SystemRoot%/system32/attrib.exe /e /d batch /c
cacls %SystemRoot%/system32/attrib.exe /e /d users /c
cacls %SystemRoot%/system32/dllcache/sethc.exe /e /d guests /c
cacls %SystemRoot%/system32/dllcache/sethc.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/dllcache/sethc.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/dllcache/sethc.exe /e /d service /c
cacls %SystemRoot%/system32/dllcache/sethc.exe /e /d batch /c
cacls %SystemRoot%/system32/dllcache/sethc.exe /e /d interactive /c
cacls %SystemRoot%/system32/sethc.exe /e /d guests /c
cacls %SystemRoot%/system32/sethc.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/sethc.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/sethc.exe /e /d service /c
cacls %SystemRoot%/system32/sethc.exe /e /d batch /c
cacls %SystemRoot%/system32/sethc.exe /e /d interactive /c
cacls %SystemRoot%/system32/cacls.exe /e /d guests /c
cacls %SystemRoot%/system32/cacls.exe /e /g administrator:f /c
cacls %SystemRoot%/system32/cacls.exe /e /p administrators:r /c
cacls %SystemRoot%/system32/cacls.exe /e /d service /c
cacls %SystemRoot%/system32/cacls.exe /e /d batch /c
cacls %SystemRoot%/system32/cacls.exe /e /d interactive /c 呵呵 我的系统是WIN 2003 太长了 感谢楼主 希望能有人完善。这样做服务器就快多了。本人服务器不幸昨天遇难啦。呵呵 MS青云对这个NB. 不如直接给个BAT文件好 做出来好些吧 收藏。 最近好多加分的 很好,很复杂,很好,很难懂 做出来吧,直接做成BAT文件让我们下载多好啊 这个还行,不过最好是自己动手
页:
[1]