cmd.exe /c secedit /export /cfg c:\\syssec.inf /areas SECURITYPOLICY >nul
//导出安全策略到c:\\syssec.inf
//帐户策略
[System Access]
MinimumPasswordAge = 2
MaximumPasswordAge = 42
MinimumPasswordLength = 8
PasswordComplexity = 1
PasswordHistorySize = 6
LockoutBadCount = 5
ResetLockoutCount = 15
LockoutDuration = 15
//审核策略
[Event Audit]
AuditSystemEvents = 3
AuditLogonEvents = 3
AuditObjectAccess = 1
AuditPrivilegeUse = 3
AuditPolicyChange = 3
AuditAccountManage = 3
AuditProcessTracking = 0
AuditDSAccess = 0
AuditAccountLogon = 3
//本地策略安全选项
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,2 //设置为NTLMv2 拒绝NTLM和LM时
//设置默认共享
MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1
MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareWks=4,0
MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareServer=4,0
修改导出的配置后,导入新的策略:
cmd.exe /c secedit /configure /db c:\\SecFIX.sdb /cfg c:\\syssec.inf >nul
转载于:https://blog.51cto.com/venglu/1185147
扫一扫
853
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
