复制代码 代码如下:
@echo off
echo ———————————-
echo —-正在备份注册表 请稍后….—-
echo ———————————-
reg export “HKEY_LOCAL_MACHINE” C:/reg_backup.reg
echo ———————-
echo —-注册表备份完成—-
echo ———————-
ping 127.0.0.1 -n 3 >nul
echo ———————————–
echo —-安全配置正在改写 请稍候…—-
echo ———————————–
@ping 127.0.0.1 -n 3 >nul
echo ———————-
echo —-正在禁用空连接—-
echo ———————-
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymous /t reg_dword /d 1 /f
echo ————————–
echo —-禁用空连接设置完毕—-
echo ————————–
@ping 127.0.0.1 -n 3 >nul
echo ————————
echo —-正在删除默认共享—-
echo ————————
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v AutoShareServer /t reg_dword /d 0 /f
echo —————————-
echo —-删除默认共享设置完毕—-
echo —————————-
@ping 127.0.0.1 -n 3 >nul
echo ——————————
echo —-正在修改TTL值请稍后…—-
echo ——————————
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v DefaultTTL /t reg_dword /d 53 /f
echo ——————-
echo —-TTL修改完毕—-
echo ——————-
@ping 127.0.0.1 -n 3 >nul
echo ———————–
echo —-防止syn洪水攻击—-
echo ———————–
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v SynAttackProtect /t reg_dword /d 2 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnablePMTUDiscovery /t reg_dword /d 0 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v NoNameReleaseOnDemand /t reg_dword /d 1 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnableDeadGWDetect /t reg_dword /d 0 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v KeepAliveTime /t reg_dword /d 300000 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v PerformRouterDiscovery /t reg_dword /d 0 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnableICMPRedirects /t reg_dword /d 0 /f
echo ——————————-
echo —-防止syn洪水攻击设置完毕—-
echo ——————————-
@ping 127.0.0.1 -n 3 >nul
echo ——————————
echo ——————————
echo —- 系统服务修改 —-
echo ——————————
echo ——————————
@ping 127.0.0.1 -n 3 >nul
echo ——————–
echo —-修改3389端口—-
echo ——————–
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds dpwd\Tds\tcp” /v PortNumber /t reg_dword /d 44454 /f
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro1Set\Control\Tenninal Server\WinStations\RDP\Tcp” /v PortNumber /t reg_dword /d 44454 /f
echo ——————–
echo —-修改PORT完毕—-
echo ——————–
@ping 127.0.0.1 -n 3 >nul
echo ————————————-
echo —-正在开启系统防火墙 请稍后….—-
echo ————————————-
sc config sharedaccess start= auto & net start sharedaccess
echo ————————
echo —-系统防火墙已开启—-
echo ————————
@ping 127.0.0.1 -n 3 >nul
echo —————————-
echo —-正在关闭共享打印服务—-
echo —————————-
@sc config Spooler start= disabled
sc config LanmanServer start= disabled
sc config LmHosts start= disabled
echo ————————–
echo —-已关闭共享打印服务—-
echo ————————–
@ping 127.0.0.1 -n 3 >nul
echo —————————-
echo —-正在关闭远程协助服务—-
echo —————————-
@sc config RDSessMgr start= disabled
echo ————————–
echo —-已关闭远程协助服务—-
echo ————————–
@ping 127.0.0.1 -n 3 >nul
echo ——————————
echo —-正在关闭远程注册表服务—-
echo ——————————
@sc config RemoteRegistry start= disabled
echo —————————-
echo —-已关闭远程注册表服务—-
echo —————————-
@ping 127.0.0.1 -n 3 >nul
echo —————————-
echo —-关闭自动硬件播放通知—-
echo —————————-
sc config ShellHWDetection start= disabled
echo ———————–
echo —-自动播放通知关闭—
echo ———————–
@ping 127.0.0.1 -n 3 >nul
echo —————————————-
echo —-正在关闭替换凭据下的启动进程服务—-
echo —————————————-
sc config seclogon start= disabled
echo ————————–
echo —-已关闭启动进程服务—-
echo ————————–
@ping 127.0.0.1 -n 3 >nul
echo ————————————
echo —-IEEE 802.11 适配器的自动配置—-
echo ————————————
sc config WZCSVC start= disabled
echo ——————
echo —-已关闭IEEE—-
echo ——————
@ping 127.0.0.1 -n 3 >nul
echo ————————–
echo —-客户端跟踪服务关闭—-
echo ————————–
sc config TrkSvr start= disabled
sc config MSDTC start= disabled
echo —————————-
echo —-已关闭客户端跟踪服务—-
echo —————————-
@ping 127.0.0.1 -n 3 >nul
echo ——————–
echo —-帮助中心关闭—-
echo ——————–
sc config helpsvc start= disabled
echo ————————–
echo —-已关闭帮助中心服务—-
echo ————————–
@ping 127.0.0.1 -n 3 >nul
echo ——————————–
echo ——————————–
echo —- 系统权限加固 —-
echo ——————————–
echo ——————————–
echo ——————————————————-
echo —-C盘(系统盘) (administrators,system完全控制权限)—-
echo ——————————————————-
cacls C:\ /t /c /g administrators:F system:F
echo ——————————————-
echo —-Common Files (everyone用户只读权限)—-
echo ——————————————-
Cacls “C:\Program Files\Common Files” /t /e /c /g everyone:R
echo ————————————————————-
echo —-IIS Temporary Compressed Files (everyone用户更改权限)—-
echo ————————————————————-
Cacls “C:\WINDOWS\IIS Temporary Compressed Files” /t /e /c /g everyone:C
echo ——————————————–
echo —-Microsoft.Net (everyone用户只读权限)—-
echo ——————————————–
Cacls C:\WINDOWS\Microsoft.Net /t /e /c /g everyone:R
echo ——————————————————
echo —-Temporary ASP.NET Files (everyone用户更改权限)—-
echo ——————————————————
Cacls “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files” /t /e /c /g everyone:C
echo ——————————————————
echo —-Temporary ASP.NET Files (everyone用户更改权限)—-
echo ——————————————————
Cacls “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files” /t /e /c /g everyone:C
echo ——————————————-
echo —-Registration (everyone用户读取权限)—-
echo ——————————————-
Cacls C:\WINDOWS\Registration /t /e /c /g everyone:R
echo ———————————–
echo —-Temp (everyone用户更改权限)—-
echo ———————————–
Cacls C:\WINDOWS\Temp /t /e /c /g everyone:C
echo ——————-
@echo off
echo ———————————-
echo —-正在备份注册表 请稍后….—-
echo ———————————-
reg export “HKEY_LOCAL_MACHINE” C:/reg_backup.reg
echo ———————-
echo —-注册表备份完成—-
echo ———————-
ping 127.0.0.1 -n 3 >nul
echo ———————————–
echo —-安全配置正在改写 请稍候…—-
echo ———————————–
@ping 127.0.0.1 -n 3 >nul
echo ———————-
echo —-正在禁用空连接—-
echo ———————-
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymous /t reg_dword /d 1 /f
echo ————————–
echo —-禁用空连接设置完毕—-
echo ————————–
@ping 127.0.0.1 -n 3 >nul
echo ————————
echo —-正在删除默认共享—-
echo ————————
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v AutoShareServer /t reg_dword /d 0 /f
echo —————————-
echo —-删除默认共享设置完毕—-
echo —————————-
@ping 127.0.0.1 -n 3 >nul
echo ——————————
echo —-正在修改TTL值请稍后…—-
echo ——————————
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v DefaultTTL /t reg_dword /d 53 /f
echo ——————-
echo —-TTL修改完毕—-
echo ——————-
@ping 127.0.0.1 -n 3 >nul
echo ———————–
echo —-防止syn洪水攻击—-
echo ———————–
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v SynAttackProtect /t reg_dword /d 2 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnablePMTUDiscovery /t reg_dword /d 0 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v NoNameReleaseOnDemand /t reg_dword /d 1 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnableDeadGWDetect /t reg_dword /d 0 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v KeepAliveTime /t reg_dword /d 300000 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v PerformRouterDiscovery /t reg_dword /d 0 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnableICMPRedirects /t reg_dword /d 0 /f
echo ——————————-
echo —-防止syn洪水攻击设置完毕—-
echo ——————————-
@ping 127.0.0.1 -n 3 >nul
echo ——————————
echo ——————————
echo —- 系统服务修改 —-
echo ——————————
echo ——————————
@ping 127.0.0.1 -n 3 >nul
echo ——————–
echo —-修改3389端口—-
echo ——————–
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds dpwd\Tds\tcp” /v PortNumber /t reg_dword /d 44454 /f
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro1Set\Control\Tenninal Server\WinStations\RDP\Tcp” /v PortNumber /t reg_dword /d 44454 /f
echo ——————–
echo —-修改PORT完毕—-
echo ——————–
@ping 127.0.0.1 -n 3 >nul
echo ————————————-
echo —-正在开启系统防火墙 请稍后….—-
echo ————————————-
sc config sharedaccess start= auto & net start sharedaccess
echo ————————
echo —-系统防火墙已开启—-
echo ————————
@ping 127.0.0.1 -n 3 >nul
echo —————————-
echo —-正在关闭共享打印服务—-
echo —————————-
@sc config Spooler start= disabled
sc config LanmanServer start= disabled
sc config LmHosts start= disabled
echo ————————–
echo —-已关闭共享打印服务—-
echo ————————–
@ping 127.0.0.1 -n 3 >nul
echo —————————-
echo —-正在关闭远程协助服务—-
echo —————————-
@sc config RDSessMgr start= disabled
echo ————————–
echo —-已关闭远程协助服务—-
echo ————————–
@ping 127.0.0.1 -n 3 >nul
echo ——————————
echo —-正在关闭远程注册表服务—-
echo ——————————
@sc config RemoteRegistry start= disabled
echo —————————-
echo —-已关闭远程注册表服务—-
echo —————————-
@ping 127.0.0.1 -n 3 >nul
echo —————————-
echo —-关闭自动硬件播放通知—-
echo —————————-
sc config ShellHWDetection start= disabled
echo ———————–
echo —-自动播放通知关闭—
echo ———————–
@ping 127.0.0.1 -n 3 >nul
echo —————————————-
echo —-正在关闭替换凭据下的启动进程服务—-
echo —————————————-
sc config seclogon start= disabled
echo ————————–
echo —-已关闭启动进程服务—-
echo ————————–
@ping 127.0.0.1 -n 3 >nul
echo ————————————
echo —-IEEE 802.11 适配器的自动配置—-
echo ————————————
sc config WZCSVC start= disabled
echo ——————
echo —-已关闭IEEE—-
echo ——————
@ping 127.0.0.1 -n 3 >nul
echo ————————–
echo —-客户端跟踪服务关闭—-
echo ————————–
sc config TrkSvr start= disabled
sc config MSDTC start= disabled
echo —————————-
echo —-已关闭客户端跟踪服务—-
echo —————————-
@ping 127.0.0.1 -n 3 >nul
echo ——————–
echo —-帮助中心关闭—-
echo ——————–
sc config helpsvc start= disabled
echo ————————–
echo —-已关闭帮助中心服务—-
echo ————————–
@ping 127.0.0.1 -n 3 >nul
echo ——————————–
echo ——————————–
echo —- 系统权限加固 —-
echo ——————————–
echo ——————————–
echo ——————————————————-
echo —-C盘(系统盘) (administrators,system完全控制权限)—-
echo ——————————————————-
cacls C:\ /t /c /g administrators:F system:F
echo ——————————————-
echo —-Common Files (everyone用户只读权限)—-
echo ——————————————-
Cacls “C:\Program Files\Common Files” /t /e /c /g everyone:R
echo ————————————————————-
echo —-IIS Temporary Compressed Files (everyone用户更改权限)—-
echo ————————————————————-
Cacls “C:\WINDOWS\IIS Temporary Compressed Files” /t /e /c /g everyone:C
echo ——————————————–
echo —-Microsoft.Net (everyone用户只读权限)—-
echo ——————————————–
Cacls C:\WINDOWS\Microsoft.Net /t /e /c /g everyone:R
echo ——————————————————
echo —-Temporary ASP.NET Files (everyone用户更改权限)—-
echo ——————————————————
Cacls “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files” /t /e /c /g everyone:C
echo ——————————————————
echo —-Temporary ASP.NET Files (everyone用户更改权限)—-
echo ——————————————————
Cacls “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files” /t /e /c /g everyone:C
echo ——————————————-
echo —-Registration (everyone用户读取权限)—-
echo ——————————————-
Cacls C:\WINDOWS\Registration /t /e /c /g everyone:R
echo ———————————–
echo —-Temp (everyone用户更改权限)—-
echo ———————————–
Cacls C:\WINDOWS\Temp /t /e /c /g everyone:C
echo ——————-
echo —-assembly (everyone用户读取权限)—-
echo —————————————
Cacls C:\WINDOWS\assembly /t /e /c /g everyone:R
echo ————————————-
echo —-WinSxS (everyone用户读取权限)—-
echo ————————————-
Cacls C:\WINDOWS\WinSxS /t /e /c /g everyone:R
echo ————————————
echo —-Fonts (everyone用户读取权限)—-
echo ————————————
Cacls C:\WINDOWS\Fonts /t /e /c /g everyone:R
echo —————————————
echo —-System32 (everyone用户读取权限)—-
echo —————————————
Cacls C:\WINDOWS\System32 /t /e /c /g everyone:R
echo ——————————————
echo —-msdtc (networkservice用户更改权限)—-
echo ——————————————
Cacls C:\windows\system32\msdtc /t /e /c /g networkservice:C
echo —————————————————–
echo —-ASP Compiled Templates (everyone用户更改权限)—-
echo —————————————————–
Cacls “C:\WINDOWS\system32\inetsrv\ASP Compiled Templates” /t /e /c /g everyone:C
echo ————————————
echo —-*.exe (去除everyone用户权限)—-
echo ————————————
Cacls C:\WINDOWS\System32\*.exe /e /c /r everyone
echo ————————————
echo —-cmd.exe (去除system用户权限)—-
echo ————————————
Cacls C:\WINDOWS\System32\cmd.exe /e /c /r system
echo ————————————
echo —-net.exe (去除system用户权限)—-
echo ————————————
Cacls C:\WINDOWS\System32 et.exe /e /c /r system
echo ————————————-
echo —-net1.exe (去除system用户权限)—-
echo ————————————-
Cacls C:\WINDOWS\System32 et1.exe /e /c /r system
echo —————————————-
echo —-msdtc.exe (everyone用户读取权限)—-
echo —————————————-
Cacls C:\WINDOWS\System32\msdtc.exe /e /c /g everyone:R
echo ——————————————
echo —-dllhost.exe (everyone用户读取权限)—-
echo ——————————————
Cacls C:\WINDOWS\System32\dllhost.exe /e /c /g everyone:R
echo ——————————————
echo —-svchost.exe (everyone用户读取权限)—-
echo ——————————————
Cacls C:\WINDOWS\System32\svchost.exe /e /c /g everyone:R
echo ——————–
echo ——————–
echo —-系统加固完毕—-
echo ——————–
echo ——————–
@ping 127.0.0.1 -n 3 >nul
echo —————————–
echo —-安全设置完毕 欢迎使用—-
echo —————————–
echo ——————
echo —-重启服务器—-
echo ——————
@ping 127.0.0.1
shutdown -r
@pause
将上面的代码保存为1.cmd或1.bat,双击运行下即可。
文章来源网络,作者:运维,如若转载,请注明出处:https://shuyeidc.com/wp/155619.html<