windows 2003安全设置去权限批处理
来源:互联网 发布:python去除重复列 编辑:程序博客网 时间:2024/05/16 08:23
echo.rem 删除共享echo =========================================================net share c$ /deletenet share d$ /deletenet share e$ /deletenet share f$ /deletenet share admin$ /deletenet share ipc$ /deletenet stop servernet stop lanmanworkstationecho =========================================================rem 设置shell32.dll和wshom.ocx的权限echo ======================================================regsvr32 /u /s C:\WINDOWS\System32\wshom.ocxren C:\WINDOWS\System32\wshom.ocx wshom.ocx.bakregsvr32 /u /s C:\WINDOWS\system32\shell32.dllecho y|cacls c:\WINDOWS\system32\shell32.dll /g administrators:f system:fecho y|cacls c:\WINDOWS\system32\shell.dll /g administrators:f system:fecho =========================================================rem 设置硬盘的更目录权限echo =========================================================echo y|cacls c:\ /g administrators:f system:fecho y|cacls d:\ /g administrators:f system:fecho y|cacls e:\ /t /g administrators:f system:fecho.echo ..........echo.echo =========================================================rem 设置重要exe文件权限echo ==============================================================echo y|cacls C:\WINDOWS\system32\at.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\attrib.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\cacls.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\cmd.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\command.com /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\ftp.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\format.com /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\tftp.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\telnet.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\net.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\net1.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\debug.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\cacls.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\cscript.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\netsh.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\nbtstat.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\netstat.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\quser.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\regedit.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\regsvr32.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\hostname.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\wscript.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\ping.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\pathping.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\ipconfig.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\iisreset.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\logoff.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\setreg.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\setpwd.exe /g administrators:f system:fecho y|cacls C:\WINDOWS\system32\setreg.exe /g administrators:f system:fecho.echo ..........echo.echo ==============================================================rem 设置重要文件夹权限--这是IIS服务的最小权限echo ==============================================================cd/echo "删除users和everyone的部分文件夹权限"echo y|cacls "%SystemDrive%/Documents and Settings" /t /g administrators:f system:fecho y|cacls "%SystemDrive%" /r "everyone" /eecho y|cacls "%SystemRoot%" /r "everyone" /eecho y|cacls "%SystemRoot%/Registration" /r "everyone" /eecho y|cacls "%SystemDrive%/Documents and Settings" /r "everyone" /eecho y|cacls "%SystemDrive%" /r "users" /eecho y|cacls "%SystemDrive%/Program Files" /r "users" /eecho y|cacls "%SystemDrive%/Documents and Settings" /r "users" /eecho y|cacls "%SystemRoot%" /r "users" /eecho y|cacls "%SystemRoot%/addins" /r "users" /eecho y|cacls "%SystemRoot%/AppPatch" /r "users" /eecho y|cacls "%SystemRoot%/Connection Wizard" /r "users" /eecho y|cacls "%SystemRoot%/Debug" /r "users" /eecho y|cacls "%SystemRoot%/Driver Cache" /r "users" /eecho y|cacls "%SystemRoot%/Help" /r "users" /eecho y|cacls "%SystemRoot%/IIS Temporary Compressed Files" /r "users" /eecho y|cacls "%SystemRoot%/java" /r "users" /eecho y|cacls "%SystemRoot%/msagent" /r "users" /eecho y|cacls "%SystemRoot%/mui" /r "users" /eecho y|cacls "%SystemRoot%/repair" /r "users" /eecho y|cacls "%SystemRoot%/Resources" /r "users" /eecho y|cacls "%SystemRoot%/security" /r "users" /eecho y|cacls "%SystemRoot%/system" /r "users" /eecho y|cacls "%SystemRoot%/TAPI" /r "users" /eecho y|cacls "%SystemRoot%/Temp" /r "users" /eecho y|cacls "%SystemRoot%/twain_32" /r "users" /eecho y|cacls "%SystemRoot%/Web" /r "users" /eecho y|cacls "%SystemRoot%/WinSxS" /r "users" /eecho y|cacls "%SystemRoot%/system32/3com_dmi" /r "users" /eecho y|cacls "%SystemRoot%/system32/administration" /r "users" /eecho y|cacls "%SystemRoot%/system32/Cache" /r "users" /eecho y|cacls "%SystemRoot%/system32/CatRoot2" /r "users" /eecho y|cacls "%SystemRoot%/system32/Com" /r "users" /eecho y|cacls "%SystemRoot%/system32/config" /r "users" /eecho y|cacls "%SystemRoot%/system32/dhcp" /r "users" /eecho y|cacls "%SystemRoot%/system32/drivers" /r "users" /eecho y|cacls "%SystemRoot%/system32/export" /r "users" /eecho y|cacls "%SystemRoot%/system32/icsxml" /r "users" /eecho y|cacls "%SystemRoot%/system32/lls" /r "users" /eecho y|cacls "%SystemRoot%/system32/LogFiles" /r "users" /eecho y|cacls "%SystemRoot%/system32/MicrosoftPassport" /r "users" /eecho y|cacls "%SystemRoot%/system32/mui" /r "users" /eecho y|cacls "%SystemRoot%/system32/oobe" /r "users" /eecho y|cacls "%SystemRoot%/system32/ShellExt" /r "users" /eecho y|cacls "%SystemRoot%/system32/wbem" /r "users" /eecho y|cacls "%SystemRoot%/system32/inetsrv/iisadmpwd/" /r "Everyone" /eecho y|cacls "%SystemRoot%/system32/inetsrv/MetaBack/" /r "Everyone" /eecho y|cacls "%SystemRoot%/system32/inetsrv/ASP Compiled Templates/" /g Everyone:f /eecho "添加users的访问权限"echo y|cacls "%SystemRoot%" /g users:r /eecho y|cacls "%SystemDrive%/Program Files/Common Files" /g users:r /eecho y|cacls "%SystemRoot%/Downloaded Program Files" /g users:c /eecho y|cacls "%SystemRoot%/Help" /g users:c /eecho y|cacls "%SystemRoot%/IIS Temporary Compressed Files" /g users:c /eecho y|cacls "%SystemRoot%/Offline Web Pages" /g users:c /eecho y|cacls "%SystemRoot%/System32" /g users:c /eecho y|cacls "%SystemRoot%/Tasks" /g users:c /eecho y|cacls "%SystemRoot%/Temp" /g users:c /eecho y|cacls "%SystemRoot%/Web" /g users:c /eecho "添加users的访问权限[.net专用]"echo y|cacls "%SystemRoot%/Assembly" /g users:c /eecho y|cacls "%SystemRoot%/Microsoft.NET" /g users:c /eecho y|cacls "%SystemRoot%/Microsoft.NET/Framework/v2.0.50727/Temporary ASP.NET Files" /g users:c /eecho y|cacls "%SystemRoot%/Microsoft.NET/Framework/v1.1.4322/Temporary ASP.NET Files " /g users:c /eecho y|cacls c:\windows\assembly /e /t /p "network service":recho y|cacls c:\windows\Microsoft.NET /e /t /p "network service":recho y|cacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /p "network service":cecho y|cacls "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /e /t /p "network service":cecho y|cacls C:\WINDOWS\system32\mscoree.dll /e /g everyone:recho y|cacls C:\WINDOWS\system32\ws03res.dll /e /g everyone:rrem echo y|cacls 客户站点目录 /e /t /p "network service":f 如果有需要可以取用echo "添加users的访问权限[装了MACFEE的软件专用]"echo y|cacls "%SystemDrive%/Program Files/Network Associates" /g users:r /eecho "添加users的访问权限[装了WEBMAIL的专用]"echo "E:\为安装webmail的根目录盘符!,根据实际情况修改后并且去掉下面两行的rem"rem echo y|cacls E:\ /g users:r /erem echo y|cacls E:\WinWebMail /t /p users:f /eecho.echo ..........echo.echo ==============================================================rem 其他相关的一些设置echo ==============================================================echo 禁止保留文档记录REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /V NORECENTDOCSHISTORY /T REG_DWORD /D 1 /Frem 禁止重启后自动共享echo =======================================================echo.echo .................echo.echo .. delshare.reg .......echo Windows Registry Editor Version 5.00> c:\delshare.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:\delshare.regecho "AutoShareWks"=dword:00000000>> c:\delshare.regecho "AutoShareServer"=dword:00000000>> c:\delshare.regecho .. delshare.reg .....regedit /s c:\delshare.regecho .. delshare.reg ....del c:\delshare.regecho .echo ........echo .echo =========================================================rem 禁止httperr日志生成echo =========================================================echo .echo .....................httplog.......................echo .echo .........echo Windows Registry Editor Version 5.00> c:\httplog.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]>> c:\httplog.regecho "EnableErrorLogging"=dword:00000000>> c:\httplog.regecho .echo .. httplog.reg .....regedit /s c:\httplog.regecho .. httplog.reg ....del c:\httplog.regecho =========================================================rem 设置cmd等的dos程序权限echo =========================================================echo .echo .....................dos....echo .echo .........echo Windows Registry Editor Version 5.00> c:\dosforwin.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>> c:\dosforwin.regecho "EnableICMPRedirect"=dword:00000000>> c:\dosforwin.regecho "DeadGWDetectDefault"=dword:00000001>> c:\dosforwin.regecho "DontAddDefaultGatewayDefault"=dword:00000000>> c:\dosforwin.regecho "EnableSecurityFilters"=dword:00000000">> c:\dosforwin.regecho "AllowUnqualifiedQuery"=dword:00000000>> c:\dosforwin.regecho "PrioritizeRecordData"=dword:00000001>> c:\dosforwin.regecho "ReservedPorts"=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,\>> c:\dosforwin.regecho 00,00,00,00>> c:\dosforwin.regecho "SynAttackProtect"=dword:00000002>> c:\dosforwin.regecho "TcpMaxPortsExhausted "=dword:00000001>> c:\dosforwin.regecho "TcpMaxHalfOpen "=dword:00000500>> c:\dosforwin.regecho "TcpManHalfOpenRetried "=dword:00000400>> c:\dosforwin.regecho "TcpMaxConnectResponseRetransmissions "=dword:00000002>> c:\dosforwin.regecho "TcpMaxDataRetransmissions "=dword:00000002>> c:\dosforwin.regecho "EnablePMTUDiscovery"=dword:00000000>> c:\dosforwin.regecho "KeepAliveTime"=dword:00300000>> c:\dosforwin.regecho "NoNameReleaseOnDemand"=dword:00000001>> c:\dosforwin.regecho "EnableDeadGWDetect"=dword:00000000>> c:\dosforwin.regecho "PerformRouterDiscovery"=dword:00000000>> c:\dosforwin.regecho "EnableICMPRedirects"=dword:00000000>> c:\dosforwin.regecho .echo .. dosforwin.reg .....regedit /s c:\dosforwin.regecho .. dosforwin.reg ....del c:\dosforwin.regecho ==========================================================rem 禁用telnetecho ==============================================================echo .echo ..........(......................).echo .echo ..telnet,......telnet.echo ..........echo Windows Registry Editor Version 5.00> c:\telnet.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]>> c:\telnet.regecho "Start"=dword:00000004>> c:\telnet.regecho .echo .. telnet.reg .....regedit /s c:\telnet.regecho .echo .. telnet.reg ....del c:\telnet.regecho .echo ===============================================================rem 禁止远程修改注册表服务echo ===============================================================echo ..Remote Registry Service...........echo .........echo .echo Windows Registry Editor Version 5.00> c:\regedit.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]>> c:\regedit.regecho "Start"=dword:00000004>> c:\regedit.regecho .echo .. regedit.reg .....regedit /s c:\regedit.regecho .echo ......del c:\regedit.regecho ===============================================================rem 禁用Messager信息服务echo ===============================================================echo ..Messenger.......echo .........echo Windows Registry Editor Version 5.00> c:\message.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]>> c:\message.regecho "Start"=dword:00000004>> c:\message.regecho .echo .. message.reg .....regedit /s c:\message.regecho .echo .. message.regdel c:\message.regecho ===============================================================rem 禁用workstation服务echo ===============================================================echo ..lanmanworkstation.......echo .........echo Windows Registry Editor Version 5.00> c:\lanmanworkstation.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation]>> c:\lanmanworkstation.regecho "Start"=dword:00000004>> c:\lanmanworkstation.regecho .echo .. lanmanworkstation.reg .....regedit /s c:\lanmanworkstation.regecho .echo .. lanmanworkstation.regdel c:\lanmanworkstation.regecho ===============================================================rem 禁用server服务echo ===============================================================echo ..lanmanserver.......echo .........echo Windows Registry Editor Version 5.00> c:\lanmanserver.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]>> c:\lanmanserver.regecho "Start"=dword:00000004>> c:\lanmanserver.regecho .echo .. lanmanserver.reg .....regedit /s c:\lanmanserver.regecho .echo .. lanmanserver.regdel c:\lanmanserver.regecho ===============================================================rem 禁用alerter服务echo ===============================================================echo ..Alerter.......echo .........echo Windows Registry Editor Version 5.00> c:\Alerter.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]>> c:\Alerter.regecho "Start"=dword:00000004>> c:\Alerter.regecho .echo .. Alerter.reg .....regedit /s c:\Alerter.regecho .echo .. Alerter.regdel c:\Alerter.regecho ===============================================================rem 禁用Browser服务echo ===============================================================echo ..Browser.......echo .........echo Windows Registry Editor Version 5.00> c:\Browser.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]>> c:\Browser.regecho "Start"=dword:00000004>> c:\Browser.regecho .echo .. Browser.reg .....regedit /s c:\Browser.regecho .echo .. Browser.regdel c:\Browser.regecho ===============================================================rem 禁用Dfs服务【将分散的文件共享合并成一个逻辑名称空间并在局域网或广域网上管理这些逻辑卷】echo ===============================================================echo ..Dfs.......echo .........echo Windows Registry Editor Version 5.00> c:\Dfs.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs]>> c:\Dfs.regecho "Start"=dword:00000004>> c:\Dfs.regecho .echo .. Dfs.reg .....regedit /s c:\Dfs.regecho .echo .. Dfs.regdel c:\Dfs.regecho ===============================================================rem 禁用打印机服务echo ===============================================================echo ..Spooler.......echo .........echo Windows Registry Editor Version 5.00> c:\Spooler.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]>> c:\Spooler.regecho "Start"=dword:00000004>> c:\Spooler.regecho .echo .. Spooler.reg .....regedit /s c:\Spooler.regecho .echo .. Spooler.regdel c:\Spooler.regecho ===============================================================rem 禁用NetBIOS服务echo ==============================================================echo ...TCP/IP NetBIOS Helper Serviceecho .........echo Windows Registry Editor Version 5.00> c:\netbios.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]>> c:\netbios.regecho "Start"=dword:00000004>> c:\netbios.regecho .echo .. netbios.reg .....regedit /s c:\netbios.regecho .echo .. netbios.regdel c:\netbios.regecho ===============================================================rem 禁用Help and Support服务echo ===============================================================echo ..hrlpsvc.......echo .........echo Windows Registry Editor Version 5.00> c:\hrlpsvc.regecho [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hrlpsvc]>> c:\hrlpsvc.regecho "Start"=dword:00000004>> c:\hrlpsvc.regecho .echo .. hrlpsvc.reg .....regedit /s c:\hrlpsvc.regecho .echo .. hrlpsvc.regdel c:\hrlpsvc.regecho ===============================================================echo ===========================END=================================
0 0
- windows 2003安全设置去权限批处理
- windows 2003去权限批处理
- Windows 2003安全设置大全----系统权限与安全配置
- [安全设置]Windows下权限设置详解
- Windows 2003系统最完美的安全权限设置方案
- Windows 2003系统最完美的安全权限设置方案
- Windows下安全权限设置详解
- [转]Windows下安全权限设置详解
- Windows下安全权限设置详解
- [Windows安全设置]Windows下权限设置详解
- 2003权限及安全设置
- Windows Server 2003 防木马、权限设置、IIS服务器安全配置整理
- 防木马、权限设置、IIS服务器安全配置整理 For Windows Server 2003
- windows 2003最完善最完美的权限及安全设置解决方案
- Windows 2003 防木马、权限设置、IIS服务器安全配置整理
- windows 2003最完善最完美的权限及安全设置解决方案
- Windows Server 2003 防木马、权限设置、IIS服务器安全配置整理
- windows 2003最完善最完美的权限及安全设置解决方案
- Cocos2dx:菜单(CCMenu,CCMenuItem)
- 向量类的加减运算和比较
- 利用某一列的值修改之后来更新其自己
- codechef April challenge (2)(学习去优化提高效率)
- tinyXML使用
- windows 2003安全设置去权限批处理
- Java的HashMap和HashTable
- POJ-2078-Matrix
- 李白喝酒问题
- ubuntu kylin 14.04 64位下进行Android 4.4.2 R2版本的源码编译
- Java之观察者模式
- LINK : fatal error LNK1123: failure during conversion to COFF: file invalid or corrupt
- ubuntu中eclipse无法识别android手机问题
- hbase界面操作指南
