windows 2003去权限批处理
来源:互联网 发布:用户昵称 数据库下载 编辑:程序博客网 时间:2024/05/17 03:10
windows 2003去权限批处理2009-09-15 08:45echo ============================start=======================
echo.
rem 删除共享
echo =========================================================
net share c$ /delete
net share d$ /delete
net share e$ /delete
net share f$ /delete
net share admin$ /delete
net share ipc$ /delete
net stop server
net stop lanmanworkstation
echo =========================================================
rem 设置shell32.dll和wshom.ocx的权限
echo ======================================================
regsvr32 /u /s C:\WINDOWS\System32\wshom.ocx
ren C:\WINDOWS\System32\wshom.ocx wshom.ocx.bak
regsvr32 /u /s C:\WINDOWS\system32\shell32.dll
echo y|cacls c:\WINDOWS\system32\shell32.dll /g administrators:f system:f
echo y|cacls c:\WINDOWS\system32\shell.dll /g administrators:f system:f
echo =========================================================
rem 设置硬盘的更目录权限
echo =========================================================
echo y|cacls c:\
echo y|cacls d:\
echo y|cacls e:\
echo.
echo ..........
echo.
echo =========================================================
rem 设置重要exe文件权限
echo ==============================================================
echo y|cacls C:\WINDOWS\system32\at.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\attrib.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\cacls.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\cmd.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\command.com /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\ftp.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\format.com /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\tftp.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\telnet.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\net.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\net1.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\debug.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\cacls.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\cscript.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\netsh.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\nbtstat.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\netstat.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\quser.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\regedit.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\regsvr32.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\hostname.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\wscript.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\ping.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\pathping.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\ipconfig.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\iisreset.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\logoff.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\setreg.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\setpwd.exe /g administrators:f system:f
echo y|cacls C:\WINDOWS\system32\setreg.exe /g administrators:f system:f
echo.
echo ..........
echo.
echo ==============================================================
rem 设置重要文件夹权限--这是IIS服务的最小权限
echo ==============================================================
cd/
echo "删除users和everyone的部分文件夹权限"
echo y|cacls "%SystemDrive%/Documents and Settings" /t /g administrators:f system:f
echo y|cacls "%SystemDrive%" /r "everyone" /e
echo y|cacls "%SystemRoot%" /r "everyone" /e
echo y|cacls "%SystemRoot%/Registration" /r "everyone" /e
echo y|cacls "%SystemDrive%/Documents and Settings" /r "everyone" /e
echo y|cacls "%SystemDrive%" /r "users" /e
echo y|cacls "%SystemDrive%/Program Files" /r "users" /e
echo y|cacls "%SystemDrive%/Documents and Settings" /r "users" /e
echo y|cacls "%SystemRoot%" /r "users" /e
echo y|cacls "%SystemRoot%/addins" /r "users" /e
echo y|cacls "%SystemRoot%/AppPatch" /r "users" /e
echo y|cacls "%SystemRoot%/Connection Wizard" /r "users" /e
echo y|cacls "%SystemRoot%/Debug" /r "users" /e
echo y|cacls "%SystemRoot%/Driver Cache" /r "users" /e
echo y|cacls "%SystemRoot%/Help" /r "users" /e
echo y|cacls "%SystemRoot%/IIS Temporary Compressed Files" /r "users" /e
echo y|cacls "%SystemRoot%/java" /r "users" /e
echo y|cacls "%SystemRoot%/msagent" /r "users" /e
echo y|cacls "%SystemRoot%/mui" /r "users" /e
echo y|cacls "%SystemRoot%/repair" /r "users" /e
echo y|cacls "%SystemRoot%/Resources" /r "users" /e
echo y|cacls "%SystemRoot%/security" /r "users" /e
echo y|cacls "%SystemRoot%/system" /r "users" /e
echo y|cacls "%SystemRoot%/TAPI" /r "users" /e
echo y|cacls "%SystemRoot%/Temp" /r "users" /e
echo y|cacls "%SystemRoot%/twain_32" /r "users" /e
echo y|cacls "%SystemRoot%/Web" /r "users" /e
echo y|cacls "%SystemRoot%/WinSxS" /r "users" /e
echo y|cacls "%SystemRoot%/system32/3com_dmi" /r "users" /e
echo y|cacls "%SystemRoot%/system32/administration" /r "users" /e
echo y|cacls "%SystemRoot%/system32/Cache" /r "users" /e
echo y|cacls "%SystemRoot%/system32/CatRoot2" /r "users" /e
echo y|cacls "%SystemRoot%/system32/Com" /r "users" /e
echo y|cacls "%SystemRoot%/system32/config" /r "users" /e
echo y|cacls "%SystemRoot%/system32/dhcp" /r "users" /e
echo y|cacls "%SystemRoot%/system32/drivers" /r "users" /e
echo y|cacls "%SystemRoot%/system32/export" /r "users" /e
echo y|cacls "%SystemRoot%/system32/icsxml" /r "users" /e
echo y|cacls "%SystemRoot%/system32/lls" /r "users" /e
echo y|cacls "%SystemRoot%/system32/LogFiles" /r "users" /e
echo y|cacls "%SystemRoot%/system32/MicrosoftPassport" /r "users" /e
echo y|cacls "%SystemRoot%/system32/mui" /r "users" /e
echo y|cacls "%SystemRoot%/system32/oobe" /r "users" /e
echo y|cacls "%SystemRoot%/system32/ShellExt" /r "users" /e
echo y|cacls "%SystemRoot%/system32/wbem" /r "users" /e
echo y|cacls "%SystemRoot%/system32/inetsrv/iisadmpwd/" /r "Everyone" /e
echo y|cacls "%SystemRoot%/system32/inetsrv/MetaBack/" /r "Everyone" /e
echo y|cacls "%SystemRoot%/system32/inetsrv/ASP Compiled Templates/" /g Everyone:f /e
echo "添加users的访问权限"
echo y|cacls "%SystemRoot%" /g users:r /e
echo y|cacls "%SystemDrive%/Program Files/Common Files" /g users:r /e
echo y|cacls "%SystemRoot%/Downloaded Program Files" /g users:c /e
echo y|cacls "%SystemRoot%/Help" /g users:c /e
echo y|cacls "%SystemRoot%/IIS Temporary Compressed Files" /g users:c /e
echo y|cacls "%SystemRoot%/Offline Web Pages" /g users:c /e
echo y|cacls "%SystemRoot%/System32" /g users:c /e
echo y|cacls "%SystemRoot%/Tasks" /g users:c /e
echo y|cacls "%SystemRoot%/Temp" /g users:c /e
echo y|cacls "%SystemRoot%/Web" /g users:c /e
echo "添加users的访问权限[.net专用]"
echo y|cacls "%SystemRoot%/Assembly" /g users:c /e
echo y|cacls "%SystemRoot%/Microsoft.NET" /g users:c /e
echo y|cacls "%SystemRoot%/Microsoft.NET/Framework/v2.0.50727/Temporary ASP.NET Files" /g users:c /e
echo y|cacls "%SystemRoot%/Microsoft.NET/Framework/v1.1.4322/Temporary ASP.NET Files " /g users:c /e
echo y|cacls c:\windows\assembly /e /t /p "network service":r
echo y|cacls c:\windows\Microsoft.NET /e /t /p "network service":r
echo y|cacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /p "network service":c
echo y|cacls "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /e /t /p "network service":c
echo y|cacls C:\WINDOWS\system32\mscoree.dll /e /g everyone:r
echo y|cacls C:\WINDOWS\system32\ws03res.dll /e /g everyone:r
rem echo y|cacls 客户站点目录 /e /t /p "network service":f 如果有需要可以取用
echo "添加users的访问权限[装了MACFEE的软件专用]"
echo y|cacls "%SystemDrive%/Program Files/Network Associates" /g users:r /e
echo "添加users的访问权限[装了WEBMAIL的专用]"
echo "E:\为安装webmail的根目录盘符!,根据实际情况修改后并且去掉下面两行的rem"
rem echo y|cacls E:\ /g users:r /e
rem echo y|cacls E:\WinWebMail /t /p users:f /e
echo.
echo ..........
echo.
echo ==============================================================
rem 其他相关的一些设置
echo ==============================================================
echo 禁止保留文档记录
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /V NORECENTDOCSHISTORY /T REG_DWORD /D 1 /F
rem 禁止重启后自动共享
echo =======================================================
echo.
echo .................
echo.
echo .. delshare.reg .......
echo Windows Registry Editor Version 5.00> c:\delshare.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:\delshare.reg
echo "AutoShareWks"=dword:00000000>> c:\delshare.reg
echo "AutoShareServer"=dword:00000000>> c:\delshare.reg
echo .. delshare.reg .....
regedit /s c:\delshare.reg
echo .. delshare.reg ....
del c:\delshare.reg
echo .
echo ........
echo .
echo =========================================================
rem 禁止httperr日志生成
echo =========================================================
echo .
echo .....................httplog.......................
echo .
echo .........
echo Windows Registry Editor Version 5.00> c:\httplog.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]>> c:\httplog.reg
echo "EnableErrorLogging"=dword:00000000>> c:\httplog.reg
echo .
echo .. httplog.reg .....
regedit /s c:\httplog.reg
echo .. httplog.reg ....
del c:\httplog.reg
echo =========================================================
rem 设置cmd等的dos程序权限
echo =========================================================
echo .
echo .....................dos....
echo .
echo .........
echo Windows Registry Editor Version 5.00> c:\dosforwin.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>> c:\dosforwin.reg
echo "EnableICMPRedirect"=dword:00000000>> c:\dosforwin.reg
echo "DeadGWDetectDefault"=dword:00000001>> c:\dosforwin.reg
echo "DontAddDefaultGatewayDef
echo "EnableSecurityFilters"=dword:00000000">> c:\dosforwin.reg
echo "AllowUnqualifiedQuery"=dword:00000000>> c:\dosforwin.reg
echo "PrioritizeRecordData"=dword:00000001>> c:\dosforwin.reg
echo
echo 00,00,00,00>> c:\dosforwin.reg
echo "SynAttackProtect"=dword:00000002>> c:\dosforwin.reg
echo "TcpMaxPortsExhausted "=dword:00000001>> c:\dosforwin.reg
echo "TcpMaxHalfOpen "=dword:00000500>> c:\dosforwin.reg
echo "TcpManHalfOpenRetried "=dword:00000400>> c:\dosforwin.reg
echo "TcpMaxConnectResponseRet
echo "TcpMaxDataRetransmission
echo "EnablePMTUDiscovery"=dword:00000000>> c:\dosforwin.reg
echo "KeepAliveTime"=dword:00300000>> c:\dosforwin.reg
echo "NoNameReleaseOnDemand"=dword:00000001>> c:\dosforwin.reg
echo "EnableDeadGWDetect"=dword:00000000>> c:\dosforwin.reg
echo "PerformRouterDiscovery"=dword:00000000>> c:\dosforwin.reg
echo "EnableICMPRedirects"=dword:00000000>> c:\dosforwin.reg
echo .
echo .. dosforwin.reg .....
regedit /s c:\dosforwin.reg
echo .. dosforwin.reg ....
del c:\dosforwin.reg
echo ==========================================================
rem 禁用telnet
echo ==============================================================
echo .
echo ..........(......................).
echo .
echo ..telnet,......telnet.
echo ..........
echo Windows Registry Editor Version 5.00> c:\telnet.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]>> c:\telnet.reg
echo "Start"=dword:00000004>> c:\telnet.reg
echo .
echo .. telnet.reg .....
regedit /s c:\telnet.reg
echo .
echo .. telnet.reg ....
del c:\telnet.reg
echo .
echo ===============================================================
rem 禁止远程修改注册表服务
echo ===============================================================
echo ..Remote Registry Service...........
echo .........
echo .
echo Windows Registry Editor Version 5.00> c:\regedit.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]>> c:\regedit.reg
echo "Start"=dword:00000004>> c:\regedit.reg
echo .
echo .. regedit.reg .....
regedit /s c:\regedit.reg
echo .
echo ......
del c:\regedit.reg
echo ===============================================================
rem 禁用Messager信息服务
echo ===============================================================
echo ..Messenger.......
echo .........
echo Windows Registry Editor Version 5.00> c:\message.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]>> c:\message.reg
echo "Start"=dword:00000004>> c:\message.reg
echo .
echo .. message.reg .....
regedit /s c:\message.reg
echo .
echo .. message.reg
del c:\message.reg
echo ===============================================================
rem 禁用workstation服务
echo ===============================================================
echo ..lanmanworkstation.......
echo .........
echo Windows Registry Editor Version 5.00> c:\lanmanworkstation.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation]>> c:\lanmanworkstation.reg
echo "Start"=dword:00000004>> c:\lanmanworkstation.reg
echo .
echo .. lanmanworkstation.reg .....
regedit /s c:\lanmanworkstation.reg
echo .
echo .. lanmanworkstation.reg
del c:\lanmanworkstation.reg
echo ===============================================================
rem 禁用server服务
echo ===============================================================
echo ..lanmanserver.......
echo .........
echo Windows Registry Editor Version 5.00> c:\lanmanserver.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]>> c:\lanmanserver.reg
echo "Start"=dword:00000004>> c:\lanmanserver.reg
echo .
echo .. lanmanserver.reg .....
regedit /s c:\lanmanserver.reg
echo .
echo .. lanmanserver.reg
del c:\lanmanserver.reg
echo ===============================================================
rem 禁用alerter服务
echo ===============================================================
echo ..Alerter.......
echo .........
echo Windows Registry Editor Version 5.00> c:\Alerter.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]>> c:\Alerter.reg
echo "Start"=dword:00000004>> c:\Alerter.reg
echo .
echo .. Alerter.reg .....
regedit /s c:\Alerter.reg
echo .
echo .. Alerter.reg
del c:\Alerter.reg
echo ===============================================================
rem 禁用Browser服务
echo ===============================================================
echo ..Browser.......
echo .........
echo Windows Registry Editor Version 5.00> c:\Browser.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]>> c:\Browser.reg
echo "Start"=dword:00000004>> c:\Browser.reg
echo .
echo .. Browser.reg .....
regedit /s c:\Browser.reg
echo .
echo .. Browser.reg
del c:\Browser.reg
echo ===============================================================
rem 禁用Dfs服务【将分散的文件共享合并成一个逻辑名称空间并在局域网或广域网上管理这些逻辑卷】
echo ===============================================================
echo ..Dfs.......
echo .........
echo Windows Registry Editor Version 5.00> c:\Dfs.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs]>> c:\Dfs.reg
echo "Start"=dword:00000004>> c:\Dfs.reg
echo .
echo .. Dfs.reg .....
regedit /s c:\Dfs.reg
echo .
echo .. Dfs.reg
del c:\Dfs.reg
echo ===============================================================
rem 禁用打印机服务
echo ===============================================================
echo ..Spooler.......
echo .........
echo Windows Registry Editor Version 5.00> c:\Spooler.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]>> c:\Spooler.reg
echo "Start"=dword:00000004>> c:\Spooler.reg
echo .
echo .. Spooler.reg .....
regedit /s c:\Spooler.reg
echo .
echo .. Spooler.reg
del c:\Spooler.reg
echo ===============================================================
rem 禁用NetBIOS服务
echo ==============================================================
echo ...TCP/IP NetBIOS Helper Service
echo .........
echo Windows Registry Editor Version 5.00> c:\netbios.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]>> c:\netbios.reg
echo "Start"=dword:00000004>> c:\netbios.reg
echo .
echo .. netbios.reg .....
regedit /s c:\netbios.reg
echo .
echo .. netbios.reg
del c:\netbios.reg
echo ===============================================================
rem 禁用Help and Support服务
echo ===============================================================
echo ..hrlpsvc.......
echo .........
echo Windows Registry Editor Version 5.00> c:\hrlpsvc.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hrlpsvc]>> c:\hrlpsvc.reg
echo "Start"=dword:00000004>> c:\hrlpsvc.reg
echo .
echo .. hrlpsvc.reg .....
regedit /s c:\hrlpsvc.reg
echo .
echo .. hrlpsvc.reg
del c:\hrlpsvc.reg
echo ===============================================================
echo ===========================END=================================
原文地址:http://blog.sina.com.cn/s/blog_8c0ec91f0100xy7d.html
- windows 2003去权限批处理
- windows 2003安全设置去权限批处理
- WINDOWS 2003服务优化批处理
- WINDOWS 2003服务优化批处理
- windows批处理
- windows批处理
- Windows批处理
- windows批处理
- windows批处理
- WINDOWS批处理
- windows批处理
- windows 批处理
- Windows批处理
- windows批处理
- windows批处理
- windows批处理
- Windows 批处理
- windows批处理
- IOS的网络开发架构说明
- MVC学习四:通过FileResult向浏览器发送文件
- 大字段文本(CLOB)的数据库存取与页面显示
- Ant教程-详细使用方法
- Lua变量生命周期
- windows 2003去权限批处理
- map 与 hash_map 性能比较
- C#中如何判断当前线程是否为主线程
- android 打开扬声器
- 大话设计模式-访问者模式
- Freemarker 内置函数 数字、字符串、日期格式化用法介绍
- 如何使用 C# 验证邮件地址 .
- Timer控件简单应用
- 输入数字转换成中文大写(钱,财务计算金额)
