Windows2003环境下的一键系统安全

最新推荐文章于 2024-07-19 16:14:52 发布

weixin_34309543

最新推荐文章于 2024-07-19 16:14:52 发布

阅读量64

点赞数

文章标签：系统安全操作系统网络

原文链接：http://blog.51cto.com/3sbin/566177

版权

@echo off
echo ----------------------------------
echo ----正在备份注册表请稍后....----
echo ----------------------------------
reg export "HKEY_LOCAL_MACHINE" C:/reg_backup.reg
echo ----------------------
echo ----注册表备份完成----
echo ----------------------
ping 127.0.0.1 -n 3 >nul
echo -----------------------------------
echo ----安全配置正在改写请稍候...----
echo -----------------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------
echo ----正在禁用空连接----
echo ----------------------
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymous /t reg_dword /d 1 /f
echo --------------------------
echo ----禁用空连接设置完毕----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------
echo ----正在删除默认共享----
echo ------------------------
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v AutoShareServer /t reg_dword /d 0 /f
echo ----------------------------
echo ----删除默认共享设置完毕----
echo ----------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------------
echo ----正在修改TTL值请稍后...----
echo ------------------------------
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v DefaultTTL /t reg_dword /d 53 /f
echo -------------------
echo ----TTL修改完毕----
echo -------------------
@ping 127.0.0.1 -n 3 >nul
echo -----------------------
echo ----防止syn洪水***----
echo -----------------------
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v SynAttackProtect /t reg_dword /d 2 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnablePMTUDiscovery /t reg_dword /d 0 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v NoNameReleaseOnDemand /t reg_dword /d 1 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnableDeadGWDetect /t reg_dword /d 0 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v KeepAliveTime /t reg_dword /d 300000 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v PerformRouterDiscovery /t reg_dword /d 0 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnableICMPRedirects /t reg_dword /d 0 /f
echo -------------------------------
echo ----防止syn洪水***设置完毕----
echo -------------------------------
@ping 127.0.0.1 -n 3 >nul
echo --------------------
echo ----修改3389端口----
echo --------------------
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t reg_dword /d 44454 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro1Set\Control\Tenninal Server\WinStations\RDP\Tcp" /v PortNumber /t reg_dword /d 44454 /f
echo --------------------
echo ----修改PORT完毕----
echo --------------------
@ping 127.0.0.1 -n 3 >nul
echo -------------------------------------
echo ----正在开启系统防火墙请稍后....----
echo -------------------------------------
sc config sharedaccess start= auto & net start sharedaccess

echo ------------------------
echo ----系统防火墙已开启----
echo ------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------
echo ----正在关闭共享打印服务----
echo ----------------------------
@sc config Spooler start= disabled
echo --------------------------
echo ----已关闭共享打印服务----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------
echo ----正在关闭远程协助服务----
echo ----------------------------
@sc config RDSessMgr start= disabled
echo --------------------------
echo ----已关闭远程协助服务----
echo --------------------------
@ping 127.0.0.1 -n 3 >nul
echo ------------------------------
echo ----正在关闭远程注册表服务----
echo ------------------------------
@sc config RemoteRegistry start= disabled
echo ----------------------------
echo ----已关闭远程注册表服务----
echo ----------------------------
@ping 127.0.0.1 -n 3 >nul
echo ----------------------------------
echo ----正在安装urlscan 请稍后....----
echo ----------------------------------
start "" "urlscan.exe"
echo -----------------------
echo ----安装urlscan完成----
echo -----------------------
@ping 127.0.0.1 -n 3 >nul
echo -----------------------------
echo ----安全设置完毕欢迎使用----
echo -----------------------------
@pause

转载于:https://blog.51cto.com/3sbin/566177

weixin_34309543

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Windows2003环境下的一键系统安全

@echo offecho ----------------------------------echo ----正在备份注册表请稍后....----echo ----------------------------------reg export "HKEY_LOCAL_MACHINE" C:/reg_backup.regecho -----...
复制链接

扫一扫