注册表的修改

最新推荐文章于 2023-03-05 10:24:19 发布
最新推荐文章于 2023-03-05 10:24:19 发布
阅读量3.3k 收藏 4
点赞数
文章标签: windows attributes hex c installer protocols

三十、安全设置

1.关闭135端口

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Rpc]
"DCOM Protocols"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,73,00,70,00,78,00,/
00,00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,6e,00,62,00,00,/
00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,69,00,70,00,78,00,/
00,00,00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Ole]
"EnableDCOM"="N"

[HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/MSDTC]
"Start"=dword:00000004
2.关闭445端口

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/NetBT/Parameters]
"SMBDeviceEnabled"=dword:00000000
3.禁止远程修改注册表

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurePipeServers/winreg]
"RemoteRegAccess"=dword:00000001

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/RemoteRegistry]
"Start"=dword:00000004

4.隐藏最近登录的用户名

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon]
"DontDisplayLastUserName"=dword:00000001

5.禁用自动播放和自动运行

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/NoDriveTypeAutoRun]
"NoDriveTypeAutoRun"=dword:000000ff

[-HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2]

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Cdrom]
"AutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/ShellHWDetection]
"Start"=dword:00000004

6.禁用开始菜单-运行

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoRun"=dword:00000001

7.禁用任务管理器

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/system]
"DisableTaskMgr"=dword:00000001

8.禁用注册表

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/System]
"DisableRegistryTools"=dword:00000001

9.禁用组策略

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC]
"RestrictToPermittedSnapins"=dword:00000001

10.关闭最近文件夹访问时间(仅用于NTFS系统)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/FileSystem]
"NtfsDisableLastAccessUpdate"=dword:00000001

11.禁止使用.inf文件

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT/.inf]
@="txtfile"

[HKEY_CLASSES_ROOT/.inf/PersistentHandler]
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

12.允许使用.inf文件

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT/.inf]
@="inffile"

[HKEY_CLASSES_ROOT/.inf/PersistentHandler]
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

13.禁止使用.reg文件

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT/.reg]
@="txtfile"

[HKEY_CLASSES_ROOT/.reg/PersistentHandler]
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

14.允许使用.reg文件(不能导入,必须手动或使用工具修改)

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT/.reg]
@="regfile"

[HKEY_CLASSES_ROOT/.reg/PersistentHandler]
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

15.预防DOS攻击

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters]
"SynAttackProtect"=dword:00000002
"EnablePMTUDiscovery"=dword:0
"NoNameReleaseOnDemand"=dword:1
"EnableDeadGWDetect"=dword:0
"KeepAliveTime"=dword:000493e0
"PerformRouterDiscovery"=dword:0
"EnableICMPRedirect"=dword:0

16.启用自动抵御SYN攻击

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters]
"SynAttackProtect"=dword:00000002
"TcpMaxPortsExhausted"=dword:00000005
"TcpMaxHalfOpen"=dword:000001f4
"TcpMaxHalfOpenRetried"=dword:00000190
"TcpMaxConnectResponseRetransmissions"=dword:00000002
"TcpMaxDataRetransmissions"=dword:00000002

17.禁止响应ICMP路由通告报文

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters]
"PerformRouterDiscovery"=dword:0

18.启用自动抵御ICMP攻击

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters]
"EnableICMPRedirect"=dword:00000000

19.启用自动抵御SNMP攻击

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters]
"EnableDeadGWDetect"=dword:00000000

20.启用AFD.SYS保护

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/AFD/Parameters]
"EnableDynamicBacklog"=dword:00000001
"MinimumDynamicBacklog"=dword:00000014
"MaximumDynamicBacklog"=dword:00004e20
"DynamicBacklogGrowthDelta"=dword:0000000a

21.禁止本机发布自己的NetBIOS名

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters]
"NoNameReleaseOnDemand"=dword:00000001

22.减少连接有效性验证间隔时间

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters]
"KeepAliveTime"=dword:000493e0

23.改变TTL的默认值

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters]
"DefaultTTL"=dword:000000ff

24.隐藏自己的共享文件夹

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/lanmanserver/parameters]
"Hidden"=dword:00000001

25.禁用DCOM支持

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Ole]
"EnableDCOM"="N"

26.打开组策略用户安全等级

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/Safer/CodeIdentifiers]
"Levels"=dword:04131000

27.禁用所有的USB设备

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/USBSTOR]
"Start"=dword:00000004

28.启用USB设备

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/USBSTOR]
"Start"=dword:00000002

29.删除脚本文件打开方式

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT/JSEFile/Shell/Open/Command]
[-HKEY_CLASSES_ROOT/JSEFile/Shell/Open2/Command]
[-HKEY_CLASSES_ROOT/JSFile/Shell/Open/Command]
[-HKEY_CLASSES_ROOT/JSFile/Shell/Open2/Command]
[-HKEY_CLASSES_ROOT/VBEFile/Shell/Open/Command]
[-HKEY_CLASSES_ROOT/VBEFile/Shell/Open2/Command]
[-HKEY_CLASSES_ROOT/VBSFile/Shell/Open/Command]
[-HKEY_CLASSES_ROOT/VBSFile/Shell/Open2/Command]
[-HKEY_CLASSES_ROOT/WSFFile/Shell/Open/Command]
[-HKEY_CLASSES_ROOT/WSFFile/Shell/Open2/Command]
[-HKEY_CLASSES_ROOT/WSHFile/Shell/Open/Command]
[-HKEY_CLASSES_ROOT/WSHFile/Shell/Open2/Command]

30.从文件和文件夹属性中删除"安全选项卡"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoSecurityTab"=dword:00000001

31.禁用命令提示符

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/System]
"DisableCMD"==dword:00000001

32.登陆时禁用SHIFT键

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon]
"IgnoreShiftOveride"=dword:00000001

33.禁止EFS加密功能

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/EFS]
"EfsConfiguration"=dword:00000001

34.保留复制和移动的文件原来的NTFS权限

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"ForceCopyAclwithFile"=dword:00000001

35.禁止更改机器账户密码

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters]
"DisablePasswordChange"=dword:00000001

36.关闭组策略后台刷新

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/system]
"DisableBkGndGroupPolicy"=dword:00000001

37.禁止用户锁定计算机

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/System]
"DisableLockWorkstation"=dword:00000001

38.禁止用户改变密码

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/System]
"DisableChangePassword"=dword:00000001

39.禁用计算机和用户运行列表(即禁止运行注册表中的Run和RunOnce)

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"DisableLocalMachineRun"=dword:00000001
"DisableLocalMachineRunOnce"=dword:00000001
"DisableCurrentUserRun"=dword:00000001
"DisableCurrentUserRunOnce"=dword:00000001

40.关闭XP文件保护

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon]
"SFCDisable"=dword:ffffff9d

41.禁止使用"作为其他用户安装程序"对话框来安装程序

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoRunasInstallPrompt"=dword:00000001

42.在网络安装时显示"作为其他用户安装程序"对话框

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"PromptRunasInstallNetPath"=dword:00000001

三十一、系统恢复全集

1.修复EXE文件

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT/exefile/shell/open/command]
@="/"%1/" %*"

2.恢复桌面系统图标

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/CLSID/{208D2C60-3AEA-1069-A2D7-08002B30309D}/ShellFolder]
"Attributes"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/CLSID/{20D04FE0-3AEA-1069-A2D8-08002B30309D}/ShellFolder]
"Attributes"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/CLSID/{450D8FBA-AD25-11D0-98A8-0800361B1103}/ShellFolder]
"Attributes"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/CLSID/{645FF040-5081-101B-9F08-00AA002F954E}/ShellFolder]
"Attributes"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/CLSID/{871C5380-42A0-1069-A2EA-08002B30309D}/ShellFolder]
"Attributes"=dword:00000000

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Desktop/NameSpace/{450D8FBA-AD25-11D0-98A8-0800361B1103}]
"Removal Message"="@mydocs.dll,-900"

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Desktop/NameSpace/{645FF040-5081-101B-9F08-00AA002F954E}]
@="回收站"

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/ClassicStartMenu]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=dword:00000000
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000000
"{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000000
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/NonEnum]
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=dword:000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/NonEnum]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/NonEnum]
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/NonEnum]
"{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/NonEnum]
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoNetHood"=dword:00000000
"NoInternetIcon"=dword:00000000

[HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoNetHood"=dword:00000000
"NoInternetIcon"=dword:00000000

3.恢复桌面

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoDesktop"=dword:00000000

3.恢复隐藏的分区

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoDrives"=dword:00000000

4.修复双击打不开分区

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT/Drive/shell/explore]

[-HKEY_CLASSES_ROOT/Drive/shell/open]

[-HKEY_LOCAL_MACHINE/SOFTWARE/Classes/Directory/shell/explore]

[-HKEY_LOCAL_MACHINE/SOFTWARE/Classes/Directory/shell/open]

[-HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2]

5.恢复驱动器图标

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT/Drive/DefaultIcon]

[HKEY_CLASSES_ROOT/Drive/DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,/
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,/
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,38,00,00,00

[-HKEY_CLASSES_ROOT/Folder/DefaultIcon]

[HKEY_CLASSES_ROOT/Folder/DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,/
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,/
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,00,00

[-HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/c]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/c/DefaultIcon]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/d]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/d/DefaultIcon]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/e]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/e/DefaultIcon]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/f]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/f/DefaultIcon]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/g]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/g/DefaultIcon]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/h]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/DriveIcons/h/DefaultIcon]


5.恢复隐藏的文件和文件夹(包括被彻底隐藏的文件,"Hidden"=1显示,2不显示;"CheckedValue"=0彻底隐藏,1不隐藏 )

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced]
"Hidden"=dword:00000001

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL]
"CheckedValue"=-
"CheckedValue"=dword:00000001


6.显示受保护的操作系统文件

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden]
"DefaultValue"=dword:00000000

7.允许鼠标右键

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoViewContextMenu"=hex:00,00,00,00
"NoTrayContextMenu"=dword:00000000

[HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet Explore/Restrictions]
"NoBrowserContextMenu"=dword:00000000

8.修复注册表

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Applets/Regedit]

"View"=-
"FindFlags"=-
"LastKey"=-

9.修复组策略

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT/CLSID/{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}]
@="组策略对象编辑器"

[HKEY_CLASSES_ROOT/CLSID/{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}/InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,/
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,47,00,50,00,/
  45,00,64,00,69,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Group Policy Objects/LocalUser/Software/Policies/Microsoft/MMC]

[-HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Group Policy Objects/LocalUser/Software/Policies/Microsoft/MMC/{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}]
"Restrict_Run"=dword:00000000

[HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC]

[-HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC/{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}]
"Restrict_Run"=dword:00000000

[HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC]
"RestrictToPermittedSnapins"=dword:00000000

10.允许下载

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3]
"1803"=dword:00000000


11.允许更改主页

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT/CLSID/{871C5380-42A0-1069-A2EA-08002B30309D}/shell/OpenHomePage/Command]

[HKEY_CLASSES_ROOT/CLSID/{871C5380-42A0-1069-A2EA-08002B30309D}/shell/OpenHomePage/Command]
@="/"C://Program Files//Internet Explorer//iexplore.exe/""

[HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Internet Explorer/Control Panel]
"HomePage"=dword:00000000

[HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet Explorer/Control Panel]
"HomePage"=dword:00000000

[-HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Group Policy Objects/LocalUser/Software/Policies/Microsoft/Internet Explorer/Control Panel]
"HomePage"=dword:00000001

[-HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Group Policy Objects/LocalUser/Software/Policies/Microsoft/Internet Explorer/Control Panel]
"**del.HomePage"=" "

[HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main]
"First Home Page"=-
"RunOnceComplete"=dword:00000001
"RunOnceHasShown"=dword:00000001

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/Main]
"First Home Page"=-

[HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet Explorer/Main]
"Start Page"=-

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Group Policy Objects/LocalUser/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoSaveSettings"=dword:00000000


12.将主页更改为www.hao123.com并锁定

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT/CLSID/{871C5380-42A0-1069-A2EA-08002B30309D}/shell/OpenHomePage/Command]

[HKEY_CLASSES_ROOT/CLSID/{871C5380-42A0-1069-A2EA-08002B30309D}/shell/OpenHomePage/Command]
@="/"C://Program Files//Internet Explorer//iexplore.exe/""

[HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Control Panel]
"HomePage"=dword:00000000

[HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet Explorer/Control Panel]
"HomePage"=dword:00000000

[HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Internet Explorer/Control Panel]
"HomePage"=dword:00000000

[HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main]
"Default_Page_URL"="www.hao123.com"
"First Home Page"="http://www.hao123.com/"
"Start Page"="http://www.hao123.com/"

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/Main]
"Default_Page_URL"="www.hao123.com"
"First Home Page"="http://www.hao123.com/"
"Start Page"="http://www.hao123.com/"

[HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet Explorer/Main]
"Start Page"="http://www.hao123.com/"

[HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Control Panel]
"HomePage"=dword:00000001

[HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet Explorer/Control Panel]
"HomePage"=dword:00000001

[HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Internet Explorer/Control Panel]
"HomePage"=dword:00000001

13.清除开机对话框

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Winlogon]
"legalnoticecaption"=-
"legalnoticetext"=-

14.清除盗版提示

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Winlogon/Notify/WgaLogon]

15.修复WINDOWS Installer错误

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/Installer]
"DisableMSI"=dword:00000000

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/MSIServer]
"ImagePath"=-
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,/
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,/
  00,73,00,69,00,65,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,20,00,2f,00,/
  56,00,00,00


16.修复RPC服务

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/RpcSs]
"Description"="提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。"
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,/
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,/
  00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,/
  63,00,73,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,/
  00,02,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/RpcSs/Enum]
"0"="Root//LEGACY_RPCSS//0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/RpcSs/Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,/
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,/
  72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/RpcSs/Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,/
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,/
  00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,/
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,/
  20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,/
  02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,/
  18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,/
  00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


17.取消U盘写保护

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/StorageDevicePolicies]
"WriteProtect"=dword:00000000

18.右击打开方式弹出拒绝访问的修复

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT/Unknown]
"AlwaysShowExt"=""
"QueryClassStore"=""

[HKEY_CLASSES_ROOT/Unknown/shell]
@="openas"

[HKEY_CLASSES_ROOT/Unknown/shell/openas]

[HKEY_CLASSES_ROOT/Unknown/shell/openas/command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,/
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,/
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,/
00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,/
79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,/
00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,/
73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00

19.解除故障恢复控制台限制(允许自动管理级登陆)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Setup/RecoveryConsole]
"SetCommand"=dword:00000001
"SecurityLevel"=dword:00000001

20.允许显示FLASH动画("Compatibility Flags"=0时显示,等于400时禁止)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/Software/Microsoft/Internet Explorer/ActiveX Compatibility/{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"Compatibility Flags"=dword:00000000

21.修复锁定任务栏灰色不可选

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"LockTaskbar"=-

22.修复丢失的IE7菜单栏

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Internet Explorer/Main]
"AlwaysShowMenus"=-

23.修复打开通用对话框的位置栏

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Comdlg32/Placesbar]

24.显示桌面清理向导

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoDesktopCleanupWizard"=dword:0

25.修复设备管理器错误

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT/CLSID/{74246bfc-4c96-11d0-abef-0020af6b0b7a}]
@="Device Manager"

[HKEY_CLASSES_ROOT/CLSID/{74246bfc-4c96-11d0-abef-0020af6b0b7a}/InprocServer32]
@="C://WINDOWS//System32//devmgr.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT/CLSID/{74246bfc-4c96-11d0-abef-0020af6b0b7a}/ProgId]
@="DevMgrSnapin.DevMgrSnapin.1"

[HKEY_CLASSES_ROOT/CLSID/{74246bfc-4c96-11d0-abef-0020af6b0b7a}/VersionIndependentProgId]
@="DevMgrSnapin.DevMgrSnapin.1"

[HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC/{74246bfc-4c96-11d0-abef-0020af6b0b7a}]
"Restrict_Run"=dword:00000000

26.恢复通知区域的所有图标

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer]
"NoTrayItemsDisplay"=dword:00000000

27.允许启用和禁用本地连接

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Policies/Microsoft/Windows/Network Connections]
"NC_LanConnect"=dword:1

28.显示新建连接向导

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Policies/Microsoft/Windows/Network Connections]
"NC_NewConnectionWizard"=dword:0
"NC_EnableAdminProhibits"=dword:1

29.恢复本地用户和组

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC/{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}]
"Restrict_Run"=dword:00000000

30.恢复计算机管理

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC/{58221C67-EA27-11CF-ADCF-00AA00A80033}]
"Restrict_Run"=dword:00000000

31.恢复磁盘管理

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC/{8EAD3A12-B2C1-11d0-83AA-00A0C92C9D5D}]
"Restrict_Run"=dword:00000000

32.恢复共享文件夹

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC/{58221C69-EA27-11CF-ADCF-00AA00A80033}]
"Restrict_Run"=dword:00000000

33.恢复事件查看器

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC/{394C052E-B830-11D0-9A86-00C04FD8DBF7}]
"Restrict_Run"=dword:00000000

34.显示服务的依存关系

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER/Software/Policies/Microsoft/MMC/{BD95BA60-2E26-AAD1-AD99-00AA00B8E05A}]
"Restrict_Run"=dword:0

mayuxian
关注
如何才能监控查看出注册表更改情况,本地组策略设置更改了哪些注册表对应值?
本博客,博文仅代表个人操作经验,不能完全解决你的问题,仅供参考,佛系回复。
03-02 4065
Win11 专业版HP480G7。
windows server 系统安全加固之Windows密码提取破解与策略设置
weixin_43803070的博客
05-23 1272
windows系统加固我们使用2003虚拟机来进行演示。 ** 组策略与防火墙: ** 什么是组策略? 注册表Windows系统中保存系统、应用软件配置的数据库,随着Windows功能的越来越丰富,注册表里的配置项目也越来越多。很多配置都是 可以自定义设置的,但这些配置发布在注册表的各个角落,如果是手工配置,可想是多么困难和烦杂。而组策略则将系统重要的配置功能汇集成各种配置模块,供管理人员直接使...
win10彻底关闭更新
martinkeith的博客
10-17 2327
1,按键盘的win+R打开运行, 2,输入 “services.msc” 点击确定。 3.在Win10服务设置中找到 「 Windows Update 」选项,并双击打开,如图所示。 4.然后在Windows Update属性设置中,将启动类型改为「 禁用 」,再点击下方的「 停止 」,最后再点击底部的「 应用 」保存设置,如下图所示。 5.接下来再切换到「恢复 」...
注册表学习-摘抄
chenzongcheng的专栏
04-08 2507
HKEY_CLASSES_ROOT●删除失效的文件关联:HKEY_CLASSES_ROOT下第二部分某可疑键值的Command子键下若无内容,则可删此文件关联信息。HKEY_LOCAL_MACHINE●详解Config子键:包含了有关显示字体、分辨率、显示点距、颜色深度、打印机型号、即插即用硬件、IE4.0等信息。HKEY_LOCAL_MACHINE/Config/00
深入理解工具链-Hex文件详解
lone5moon的博客
06-10 3万+
一、HEX文件格式说明 Hex文件是Intel公司提出的按地址排列的数据信息格式,数据宽度为字节,所有数据使用16进制数字表示,并且以ASCII码的形式,按行记录数据,下图为某工程代码的HEX文件局部截图: 转存失败重新上传取消 如上图所示,HEX文件每一行均以“:”开头,表明记录的开始,“:”之后,每至少2个字符表示一组16进制数据,格式形如:BBAAAATTHHHH....HHHCC。 BB -- 16进制,表示此行数据长度字节数,表示HH的数目 AAAA -- 16...
hex文件格式详解
热门推荐
a只如初见的博客
10-23 4万+
hex文件格式详细解读,以及对比了bin文件有何区别,hex文件的存在价值。
通过修改注册表修改exe等默认打开方式
07-19
本文件用于修改注册表修改默认的打开方式,在reglist.txt文件中输入你想修改的默认打开方式后缀,运行程序后,reglist.txt中的后缀的默认打开方式将会被更改为记事本。然后程序会生成一个outreglist.reg的文件,...
Windows注册表修改快速生效
09-16
Windows注册表修改快速生效 让Windows注册表修改快速生效是指在修改Windows注册表后,使修改快速生效的方法。在大多数情况下,只按照F5键刷新注册表是不足以使修改生效的,而需要重新启动计算机。然而,我们可以...
WINDOWS修改注册表日期格式
09-24
日期格式为yyyy-MM-dd HH:mm:ss,由于sqlserver日期格式要求,系统日期时间有误
注册表更改DNS的代码分享
09-15
本文介绍了一种通过修改注册表来快速更改DNS设置的方法,该方法不仅能够提高效率,还支持远程路径运行。 #### 二、原理概述 在Windows操作系统中,DNS设置存储在注册表中的特定位置。通过修改这些注册表键值,可以...
opc通讯配置、Dcom配置、wincc opc通讯配置(避坑版)
weixin_43866483的博客
03-28 2万+
java研发一款获取wincc上位机数据的数据采集软件,因为第一次接触wincc数据采集经过几天学习发现采用wincc 的opc server连接是个人人为最好的方案,但对于想我这样刚接触opc的菜鸟来说两台主机间opc连接的dcom配置让人头痛啊,好在网上有大量资料可以钻研,本文章将详细介绍新手小白如何配置dcom。
禁用Windows更新
m0_46538608的博客
06-19 900
1.设置 设置-更新和安全-Windows更新-高级选项,更新选项全部设置为关 2.服务 services.msc-服务-Windows Update,右键属性,启动类型改为禁用,停止服务,恢复改为无操作 3.注册表注册表设置中,找到并定位到 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc]。 然后在右侧找到“Start”键,右键点击修改,把start值改成16进制,值由"2"改为“4” 然后在右侧找到“FailureAction
win11 22H2 更新后连接区享打印机错误
最新发布
waterljb的专栏
03-05 3662
win11 22H2 连接共享打印机问题
win7下关于局域网的打印机 RPC 不可用的解决办法
QueenJade的收录
12-08 7748
今天打印东西的时候发现不能打印,明明都有添加打印机了。打印总是提示RPC不行。检测了一下所有关于打印的服务(service)都开了。 最后的办法是:   检查并重开以下的2个服务,在服务列表那分别选择它们,然后 属性 设置为 自动。 1.Print Spooler  这个是打印的缓冲池(Loads files to memory for later printing),操作系统的spool
最新彻底禁止win10自动更新
weixin_34402408的博客
03-03 8160
1、打开 服务或者 WIN+R 键打开“运行” 输入 services.msc2、打开服务后需要禁3个服务 Background Intelligent Transfer Service Windows Update Update Orchestrator Service win10 升级到1809版后,多了一个“Windows Update Medic Service”服...
组策略安全选项对应注册表项汇总
weixin_34336526的博客
02-28 332
组策略安全选项对应注册表项汇总 在组策略中的位置:   计算机设置->Windows设置->安全设置->本地策略->安全选项      详细列表: [MACHINE\System\CurrentControlSet\Control\Lsa]   值名:AuditBaseObjects   含义:对全局系统对象的访问进行审计   类型:R...
注册表(安全 网络)
编程爱好者
03-05 4457
标题: 自动隐藏共享 操作系统: (Windows NT/2000/XP) 说明: 当Windows中安装了网络后,会在本地磁盘驱
python禁用本地网卡_win2003 防止网卡本地连接被禁用的设置方法
weixin_36084686的博客
02-21 320
开始运行gpedit.msc ,本地计算机策略、用户配置、管理模板、网络、网络连接:启用为管理员启用windows2000网络连接设置,禁用启用/禁用LAN连接的能力。让网卡禁用按钮变灰.regWindows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Win...
nvm切换node版本无效的问题和windows上使用nvm use 切换输入错误: 没有文件扩展“.vbs”的脚本引擎
txl910514的专栏
01-30 1406
的是win10系统,在执行 nvm use xx.xx.xx 时 ,报错 “没有文件扩展“.vbs”的脚本引擎” 第一种方法: 在桌面新建一个文本文档: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.VBS] @="VBSFile" [HKEY_CLASSES_ROOT\.VBS\PersistentHandler] @="{...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值