:start
@echo off
color 0a
@echo 请选择要服务操作类型:
@echo 1.安装IIS
@echo 2.更改远程端口
@echo 3.停止无用服务
@echo 4.操作防火墙规则限制无用端口
@echo 5.重置防火墙(慎重使用,请确保远程端口为3389)
@echo 6.关闭防火墙
@echo 7.ADD 静态路由表
@echo 8.退出
set/p a=请选择服务操作类型:
goto start%a%
:start1
title IIS7自动安装程序 – iHackSoft.com
echo.
echo 正在添加IIS功能,这可能需要几分钟时间…
start /w pkgmgr /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-
HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-
ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-CustomLogging;IIS-
ODBCLogging;IIS-Security;IIS-BasicAuthentication;IIS-WindowsAuthentication;IIS-DigestAuthentication;IIS-
ClientCertificateMappingAuthentication;IIS-IISCertificateMappingAuthentication;IIS-URLAuthorization;IIS-RequestFiltering;IIS-IPSecurity;IIS-
Performance;IIS-WebServerManagementTools;IIS-ManagementConsole;IIS-ManagementScriptingTools;IIS-ManagementService;IIS-
IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;IIS-LegacyScripts;IIS-LegacySnapIn;WAS-WindowsActivationService;WAS-
ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI
echo IIS已添加成功!
@pause
cls
goto :start
:start2
echo 请输入要修改的远程端口号:
set /p var=
echo 开始修改
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t REG_DWORD /d %var% /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d %var% /f
echo 修改成功,下面是添加防火墙规则
netsh firewall add portopening TCP %var% %var%
@pause
cls
goto :start
:start3
echo 停止Distributed linktracking client 用于局域网更新连接信息
net start TrkWks
echo 停止PrintSpooler 打印服务
net stop Spooler
echo 停止Remote Registry 远程修改注册表
net stop RemoteRegistry
echo 停止Server 计算机通过网络的文件、打印、和命名管道共享
net stop LanmanServer
echo 停止TCP/IP NetBIOS Helper 提供 TCP/IP (NetBT) 服务上的 NetBIOS 和网络上客户端的 NetBIOS 名称解析的支持
net stop lmhosts
echo 停止Computer Browser 维护网络计算机更新 默认已经禁用
net stop Browser
echo 停止Net Logon 域控制器通道管理 默认已经手动
net stop Netlogon
echo 停止Remote Procedure Call (RPC) Locator RpcNs*远程过程调用 (RPC) 默认已经手动
net stop RpcLocator
@pause
cls
goto :start
:start4
echo 启用桌面防火墙
netsh advfirewall set allprofiles state on
echo 设置默认输入和输出策略
netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound
echo 关闭tcp协议的139端口
netsh advfirewall firewall add rule name="deny tcp 139" dir=in protocol=tcp localport=139 action=block
echo 关闭udp协议的139端口
netsh advfirewall firewall add rule name="deny udp 139" dir=in protocol=udp localport=139 action=block
echo 关闭tcp协议的445端口
netsh advfirewall firewall add rule name="deny tcp 445" dir=in protocol=tcp localport=445 action=block
echo 关闭udp协议的445端口
netsh advfirewall firewall add rule name="deny udp 445″ dir=in protocol=udp localport=445 action=block
echo 使用相同的方法,依次关闭TCP协议的21、22、23、137、138、5800、5900端口。
netsh advfirewall firewall add rule name= "deny tcp 21" dir= in protocol=tcp localport=21 action=block
netsh advfirewall firewall add rule name= "deny tcp 22" dir=in protocol=tcp localport=22 action=block
netsh advfirewall firewall add rule name= "deny tcp 23" dir=in protocol=tcp localport=23 action=block
netsh advfirewall firewall add rule name= "deny tcp 5800" dir=in protocol=tcp localport=5800 action=block
netsh advfirewall firewall add rule name= "deny tcp 5900" dir=in protocol=tcp localport=5900 action=block
netsh advfirewall firewall add rule name= "deny tcp 137" dir=in protocol=tcp localport=137 action=block
netsh advfirewall firewall add rule name= "deny tcp 138" dir=in protocol=tcp localport=138 action=block
@pause
cls
goto :start
:start5
echo 恢复初始配置
netsh advfirewall reset
@pause
cls
goto :start
:start6
echo 关闭防火墙
netsh advfirewall set allprofiles state off
@pause
cls
goto :start
:start7
echo 加静态路由表
route -p add 192.168.0.0 mask 255.255.255.0 192.168.12.1
route -p add 192.168.11.0 mask 255.255.255.0 192.168.12.1
route -p add 192.168.100.0 mask 255.255.255.0 192.168.12.1
@pause
cls
goto :start
:start8
goto end
:end
WIN2008 自动部署安全BAT
最新推荐文章于 2024-08-03 22:47:35 发布