批处理设置windows服务器的代码ThecSafe1.9.4第1/3页
@Echo Off
TITLE 常来网服务器高级安全设置器
:start
CLS
COLOR 1f
Rem 使用COLOR命令对控制台输出颜色进行更改
MODE con: COLS=32 LINES=21
Rem MODE语句为设定窗体的宽和高
Set tm1=%time:~0,2%
Set tm2=%time:~3,2%
Set tm3=%time:~6,2%
Echo %date% %tm1%点%tm2%分%tm3%秒
Echo ================================
Echo 请选择要进行的操作,然后按回车
Echo ───────────────
Echo.
Echo A. 一键搞定/全自动设置服务器
Echo 0. 清理系统垃圾文件
Echo 1. 给系统危险文件设置权限
Echo 2. 给系统危险文件夹设置权限
Echo 3. 系统服务优化
Echo 4. 注册表危险组件删除
Echo 5. 防DDOS洪水攻击处理
Echo 6. 导入常来网专用安全策略
Echo 7. 重启IIS使设置生效
Echo 8. 刷新当前时间
Echo 9. 锁定计算机
Echo L. 注销当前用户
Echo Q. 退出安全设置器
Echo.
:cho
Set Choice=
Set /P Choice=选择:
Rem 设定变量"Choice"为用户输入的字符
If Not "%Choice%"=="" Set Choice=%Choice:~0,1%
Rem 如果输入大于1位,取第1位,比如输入132,则返回值为1
Echo.
If /I "%Choice%"=="A" Goto Auto
If /I "%Choice%"=="0" Goto Clear
If /I "%Choice%"=="1" Goto SetFile
If /I "%Choice%"=="2" Goto SetFolder
If /I "%Choice%"=="3" Goto Service
If /I "%Choice%"=="4" Goto Reg
If /I "%Choice%"=="5" Goto Ddos
If /I "%Choice%"=="6" Goto Ipsec
If /I "%Choice%"=="7" Goto restartiis
If /I "%Choice%"=="8" Goto start
If /I "%Choice%"=="9" Goto lock
If /I "%Choice%"=="L" Goto logoff
If /I "%Choice%"=="Q" Goto End
Rem 为避免出现返回值为空或含空格而导致程序异常,需在变量外另加双引号
Rem 注意,If语句需要双等于号
Rem 如果输入的字符不是以上数字,将返回重新输入
Echo 选择无效,请重新输入
Echo.
Goto cho
:Clear
CLS
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Echo 正在清理系统垃圾文件,请稍等......
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
del /f /s /q %windir%\temp\*.*
del /f /s /q %userprofile%\cookies\*.*
del /f /s /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
del /f /s /q "%userprofile%\recent\*.*"
Echo 清理系统垃圾完成! 请按任意键返回并选1继续...
PAUSE >nul
Goto start
:SetFile
CLS
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 删除系统危险文件的访问权限,只留管理组成员
cscript.exe xcacls.vbs "%SystemDrive%/boot.ini" /G Administrators:F
cscript.exe xcacls.vbs "%SystemDrive%/boot.ini" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemDrive%/AUTOEXEC.BAT" /G Administrators:F
cscript.exe xcacls.vbs "%SystemDrive%/AUTOEXEC.BAT" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/Internet Explorer/iexplore.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/Internet Explorer/iexplore.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/net.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/net.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/net1.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/net1.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/cmd.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/cmd.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/ftp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ftp.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/scrrun.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/scrrun.dll" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/shell.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shell.dll" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/netstat.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/netstat.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/regedit.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/regedit.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/secedit.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/secedit.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/gpresult.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/gpresult.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/gpupdate.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/gpupdate.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/at.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/at.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/attrib.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/attrib.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/format.com" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/format.com" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/logoff.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/logoff.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/shutdown.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shutdown.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/telnet.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/telnet.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/wscript.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/wscript.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/doskey.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/doskey.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/help.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/help.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/ipconfig.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ipconfig.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/nbtstat.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/nbtstat.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/print.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/print.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/xcopy.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/xcopy.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/edit.com" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/edit.com" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/regedt32.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/regedt32.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/reg.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/reg.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/register.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/register.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/replace.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/replace.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/nwscript.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/nwscript.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/share.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/share.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/ping.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ping.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/ipsec6.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ipsec6.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/netsh.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/netsh.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/debug.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/debug.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/route.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/route.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/tracert.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/tracert.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/powercfg.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/powercfg.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/nslookup.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/nslookup.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/arp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/arp.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/rsh.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/rsh.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/netdde.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/netdde.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/mshta.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/mshta.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/mountvol.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/mountvol.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/tftp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/tftp.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/setx.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/setx.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/find.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/find.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/finger.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/finger.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/where.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/where.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/regsvr32.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/regsvr32.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/cacls.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/cacls.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/sc.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/sc.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/shadow.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shadow.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/runas.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/runas.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshom.ocx" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshom.ocx" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshext.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshext.dll" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/shell32.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shell32.dll" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/zipfldr.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/zipfldr.dll" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/PCHealth/HelpCtr/Binaries/msconfig.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/PCHealth/HelpCtr/Binaries/msconfig.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/notepad.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/notepad.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/regedit.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/regedit.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/winhelp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/winhelp.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/winhlp32.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/winhlp32.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/notepad.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/notepad.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/edlin.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/edlin.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/posix.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/posix.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/atsvc.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/atsvc.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/qbasic.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/qbasic.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/runonce.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/runonce.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/syskey.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/syskey.exe" /D Guests:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/cscript.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/cscript.exe" /D Guests:F /E
Echo 给系统危险文件设置权限设定完毕! 请按任意键返回并选2继续...
PAUSE >nul
Goto start
:SetFolder
CLS
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 删除C盘所有的Everone权限
cd/
cscript.exe xcacls.vbs "%SystemDrive%" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemRoot%" /r "Everyone" /e
@REM "cscript.exe xcacls.vbs "%SystemRoot%/Registration" /r "Everyone" /e " 这个不能去Everyone权限
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Inetpub/aspnet_client" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /r "Everyone" /e
Rem 删除C盘所有的CREATOR OWNER权限
cd/
cscript.exe xcacls.vbs "%SystemRoot%" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/repair" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/WindowsUpdate" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data" /r "CREATOR OWNER" /e
Rem 删除C盘所有的Power Users权限
cd/
cscript.exe xcacls.vbs "%SystemRoot%" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/repair" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/WindowsUpdate" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /r "Power Users" /e
Rem 删除C盘所有的TERMINAL SERVER USER权限
cd/
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "TERMINAL SERVER USER" /e
Rem 添加Guests组拒绝权限[IUSR_XXX或某个虚拟主机用户组禁止列目录,可有效防止FSO类木马]
cd/
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/repair" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/inetsrv" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/inetsrv/MetaBack" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/inetsrv/ASP Compiled Templates" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/IIS Temporary Compressed Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/Microsoft.NET/Framework/v1.1.4322/Temporary ASP.NET Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/Microsoft.NET/Framework/v2.0.50727/Temporary ASP.NET Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/DSS/achineKeys" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/RSA/MachineKeys" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /D Guests:1;1 /E
Rem 删除C盘的所有的users的访问权限
cd/
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/addins" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/AppPatch" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Connection Wizard" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Debug" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Driver Cache" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Help" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/IIS Temporary Compressed Files" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/java" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/msagent" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/mui" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/repair" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Resources" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/security" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/TAPI" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/twain_32" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Web" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/3com_dmi" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/administration" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/Cache" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/CatRoot2" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/Com" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/dhcp" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/drivers" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/export" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/icsxml" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/lls" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/LogFiles" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/MicrosoftPassport" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/mui" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/oobe" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/ShellExt" /r "users" /e
@Rem cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "users" /e 这里影响.NET程序的正常运行,所以去掉!
Rem 添加IIS_WPG的访问权限
cscript.exe xcacls.vbs "%SystemDrive%" /g IIS_WPG:;b468 /e
cscript.exe xcacls.vbs "%SystemRoot%" /g IIS_WPG:b1468;b1468 /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /g IIS_WPG:r /e
cscript.exe xcacls.vbs "%SystemRoot%/Downloaded Program Files" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/Help" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/IIS Temporary Compressed Files" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/Offline Web Pages" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/System32" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/Tasks" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/Web" /g IIS_WPG:c /e
Rem 添加iis_wpg的访问权限[装了MACFEE的软件专用]
Rem cscript.exe xcacls.vbs "%SystemDrive%/Program Files/Network Associates" /g IIS_WPG:r /e
Rem 添加users的访问权限
cscript.exe xcacls.vbs "%SystemRoot%/temp" /g Everyone:m /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/Common Files" /g Users:r /e
cscript.exe xcacls.vbs "%SystemRoot%/Microsoft.NET/Framework" /g users:b1468;b1468 /e
Rem 禁止[列出文件夹 / 读取数据]此权限出现
Rem -------------------------------------------
Rem 添加Users的访问权限[装了PHP的服务器专用]
cscript.exe xcacls.vbs "C:\php5" /g users:b468;b468 /e
cscript.exe xcacls.vbs "%SystemRoot%/system32" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/System32" /g users:b468;b468 /e
Rem -------------------------------------------
Rem 删除D盘的所有的users的访问权限
cscript.exe xcacls.vbs "D:\" /r "users" /e
cscript.exe xcacls.vbs "D:\" /r "everyone" /e
cscript.exe xcacls.vbs "D:\" /r "CREATOR OWNER" /e
Rem 删除E盘的所有的users的访问权限
cscript.exe xcacls.vbs "E:\" /r "users" /e
cscript.exe xcacls.vbs "E:\" /r "everyone" /e
cscript.exe xcacls.vbs "E:\" /r "CREATOR OWNER" /e
Rem 删除F盘的所有的users的访问权限
cscript.exe xcacls.vbs "F:\" /r "users" /e
cscript.exe xcacls.vbs "F:\" /r "everyone" /e
cscript.exe xcacls.vbs "F:\" /r "CREATOR OWNER" /e
Rem 删除C盘Windows下的所有的危险文件夹
attrib %SystemRoot%/Web/printers -s -r -h
del %SystemRoot%\Web\printers\*.* /s /q /f
rd %SystemRoot%\Web\printers /s /q
attrib %SystemRoot%\Help\iisHelp -s -r -h
del %SystemRoot%\Help\iisHelp\*.* /s /q /f
rd %SystemRoot%\Help\iisHelp /s /q
attrib %SystemRoot%\system32\inetsrv\iisadmpwd -s -r -h
del %SystemRoot%\system32\inetsrv\iisadmpwd\*.* /s /q /f
rd %SystemRoot%\system32\inetsrv\iisadmpwd /s /q
Echo 给系统危险文件夹设置权限设定完毕! 请按任意键返回并选3继续...
PAUSE >nul
Goto start
:Service
CLS
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
@REM Application Experience Lookup Service
@REM 在应用程序启动时为应用程序处理应用程序兼容性查找请求。
@REM 建议: 禁用
sc config AeLookupSvc start= DISABLED
sc stop AeLookupSvc
@REM Background Intelligent Transfer Service
@REM 在后台传输客户端和服务器之间的数据。如果禁用了 BITS,一些功能,如 Windows Update,就无法正常运行。
@REM 建议: 禁用
sc config BITS start= DISABLED
sc stop BITS
@REM DHCP Client
@REM 为此计算机注册并更新 IP 地址。如果此服务停止,计算机将不能接收动态 IP 地址和 DNS 更新。如果此服务被禁用,所有明确依赖它的服务都将不能启动。
@REM 建议: 禁用
sc config Dhcp start= DISABLED
sc stop Dhcp
@REM Network Location Awareness (NLA)
@REM 收集并保存网络配置和位置信息,并在信息改动时通知应用程序。
@REM 建议: 禁用
sc config Nla start= DISABLED
sc stop Nla
@REM Secondary Logon
@REM 启用替换凭据下的启用进程。如果此服务被终止,此类型登录访问将不可用。如果此服务被禁用,任何依赖它的服务将无法启动。
@REM 建议: 禁用
sc config seclogon start= DISABLED
sc stop seclogon
@REM TCP/IP NetBIOS Helper
@REM 提供 TCP/IP (NetBT) 服务上的 NetBIOS 和网络上客户端的 NetBIOS 名称解析的支持,从而使用户能够共享文件、打印和登录到网络。如果此服务被停用,这些功能可能不可用。如果此服务被禁用,任何依赖它的服务将无法启动。
@REM 建议: 禁用
sc config LmHosts start= DISABLED
sc stop LmHosts
@REM Wireless Configuration
@REM 启用 IEEE 802.11 适配器的自动配置。如果此服务停止,自动配置将不可用。如果此服务被禁用,所有明确依赖它的服务都将不能启动。
@REM 建议: 禁用
sc config WZCSVC start= DISABLED
sc stop WZCSVC
@REM Distributed Transaction Coordinator
@REM 协调跨多个数据库、消息队列、文件系统等资源管理器的事务。如果停止此服务,则不会发生这些事务。如果禁用此服务,显式依赖此服务的其他服务将无法启动。
@REM 建议: 禁用
sc config MSDTC start= DISABLED
sc stop MSDTC
@REM Smart Card (智慧卡)
@REM 微软:管理这个计算机所读取智能卡的存取。如果这个服务被停止,这个计算机将无法读取智能卡。如果这个服务被停用,任何明确依存于它的服务将无法启动。
@REM 补充: 如果你不使用 Smart Card ,那就可以关了
@REM 依存: Plug and Play
@REM 建议: 禁用
sc config SCardSvr start= DISABLED
sc stop SCardSvr
@REM Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)[For XP]
@REM 微软:为您的家用网络或小型办公室网络提供网络地址转译、寻址及名称解析服务和/或防止干扰的服务。
@REM 补充: 如果你不使用因特网联机共享(ICS)或是 XP 内含的因特网联机防火墙(ICF)你可以关掉
@REM 依存: Application Layer Gateway Service、Network Connections、Network Location Awareness(NLA)、remote Access Connection Manager
@REM 建议: 禁用
sc config SharedAccess start= DEMAND
sc stop SharedAccess
@REM Windows Image Acquisition (WIA) (Windows影像取得程序)
@REM 微软: 为扫描仪和数字相机提供影像撷取服务。
@REM 补充:如果扫描仪和数字相机内部具有支持WIA功能的话,那就可以直接看到图档,不需要其它的驱动程序,所以没有扫描仪和数字相机的使用者大可关了
@REM 依存:remote Procedure Call (RPC)
@REM 建议: 禁用
sc config stisvc start= DISABLED
sc stop stisvc
@REM MS Software Shadow Copy Provider[For XP]
@REM 微软:管理磁盘区阴影复制服务所取得的以软件为主的磁盘区阴影复制。如果停止这个服务,就无法管理以软件为主的磁盘区阴影复制。
@REM 补充: 如上所说的,用来备份的东西,如 MS Backup 程序就需要这个服务
@REM 依存:remote Procedure Call (RPC)
@REM 建议: 禁用
sc config swprv start= DISABLED
sc stop swprv
当前1/3页 123下一页阅读全文
相关推荐
-
批处理设置windows服务器的代码ThecSafe1.9.4第1/3页
@Echo Off TITLE 常来网服务器高级安全设置器 :start CLS COLOR 1f Rem 使用COLOR命令对控制台输出颜色进行更改 MODE con: COLS=32 LINES=21 Rem MODE语句为设定窗体的宽和高 Set tm1=%time:~0,2% Set tm2=%time:~3,2% Set tm3=%time:~6,2% Echo %date% %tm1%点%tm2%分%tm3%秒 Echo =============================
-
用批处理设置IP安全策略的代码
以下内容只有回复后才可以浏览 ipseccmd -w REG -p "XIAOWANG" -r "Block ICMP" -f *+0:ICMP -n BLOCK -x 开网上邻居.bat 复制代码 代码如下: ipseccmd -w REG -p "XIAOWANG" -r "Block TCP/80" -f *+0:80:TCP -n PASS -x ipseccmd -w REG -p "XIAOWANG&qu
-
Python实现设置windows桌面壁纸代码分享
每天换一个壁纸,每天好心情. # -*- coding: UTF-8 -*- from __future__ import unicode_literals import Image import datetime import win32gui,win32con,win32api import re from HttpWrapper import SendRequest StoreFolder = "c:\\dayImage" def setWallpaperFromBMP(imag
-
Windows服务器关闭当先安全设置不允许下载该文件的解决方法
大家在使用服务器的时候,刚登陆上桌面无法下载软件,是因为ie默认选项的问题,可以通过如下几种方法设置一下即可. 文字版: 为了安全,Windows服务器默认禁用了从网上下载文件的安全选项.此错误即是出现在这里,所以打开这个选项即可: 控制面板 -- Internet选项 --安全 -- 找到"自定义级别" -- 找到"下载"项,其中有"文件下载"勾选框,勾选"启用"即可. 环境:Windows Server 2003 Ente
-
Windows 服务器操作系统安全设置加固方法
1. 账户管理和认证授权 1.1 账户 默认账户安全禁用Guest账户.禁用或删除其他无用账户(建议先禁用账户三个月,待确认没有问题后删除.) 操作步骤 打开 控制面板 > 管理工具 > 计算机管理,在 系统工具 > 本地用户和组 > 用户 中,双击 Guest 帐户,在属性中选中 帐户已禁用,单击 确定. 按照用户分配帐户 按照用户分配帐户.根据业务要求,设定不同的用户和用户组.例如,管理员用户,数据库用户,审计用户,来宾用户等. 操作步骤 打开 控制面板 > 管理工具 &
-
c# 在windows中操作IIS设置FTP服务器的示例
什么是FTP FTP(File Transfer Protocol)是TCP/IP网络上两台计算机传送文件的协议,使得主机间可以共享文件.可以将 Internet 信息服务 (IIS) 配置为作为 FTP 服务器来运行. 这样,其他计算机便可以连接到服务器并将文件复制到服务器或者从服务器复制文件. 例如,如果您在自己的计算机上承载网站,并且希望允许远程用户连接到您的计算机并将他们的文件复制到服务器,则可以将 IIS 配置为充当 FTP 服务器. 主要实现方式 下面主要讲解一下,在Window的I
-
mysql自动定时备份数据库的最佳方法(windows服务器)
网上有很多关于window下Mysql自动备份的方法,可是真的能用的也没有几个,有些说的还非常的复杂,难以操作. 我们都知道mssql本身就自带了计划任务可以用来自动备份,可是mysql咱们要怎么样自动有备份呢? 教大家一个最简单的方法. 这个方法是用bat批处理来完成的. 假想环境:MySQL 安装位置:D:\Program Files\MySQL\MySQL Server 5.0\data 如图: 数据库名称为:952game数据库备份目的地:d:\db_bak\ (你想把数据库备份到哪个盘
-
Windows服务器安全配置
服务器安全配置(只针对WIN系统) 一. 原则关掉所有不使用的服务,不安装所有与服务器无关的软件,打好所有补丁 修改3389 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\Wds\Repwd\Tds\Tcp, 看到那个PortNumber没有?0xd3d,这个是16进制,就是3389啦,我改XXXX这个值是RDP(远程桌面协议)的默认值,也就是说用来配置以后新建的RDP服务的,要改已经建立的RDP服务,我们
-
Windows服务器应对高并发和DDOS攻击的配置方法
windows系统本身就有很多机制可以用来提高性能和安全,其中有不少可以用来应对高并发请求和DDOS攻击的情况. 通过以下配置可以改善windows服务器性能: 一.应对高并发请求: 1.TCP连接延迟等待时间 TcpTimedWaitDelay: 这是设定TCP/IP 可释放已关闭连接并重用其资源前,必须经过的时间.关闭和释放之间的此时间间隔通称 TIME_WAIT状态或两倍最大段生命周期(2MSL)状态.在此时间内,重新打开到客户机和服务器的连接的成本少于建立新连接.减少此条目的值允许 TC
-
微信公众号开发之设置自定义菜单实例代码【java版】
本实例是为了实现在管理后台实现微信菜单的添加删除管理. 1.首先我们需要新建一个数据库表用于存放menu菜单项 可包含的字段有id.父类id.name.排序.是否显示.类型(view.click).链接.adddate 注意后台存menu菜单数据时,parentId=-1为一级菜单,或parendId为一级菜单的id作为该一级菜单下的二级菜单 2.在设置菜单时需要向微信接口传menuJson字符串,所以要先拼接字符串,后台定义一个creatMenu() public bool creatMenu