@ECHO OFF
::Windows 2003 安全设定
::2009/08/15 By Xiao
::开启必须的服务
sc config wuauserv start= auto
sc config BITS start= auto
::禁用非必须的服务
sc config Browser start= disabled
sc config Dhcp start= disabled
sc config EventSystem start= disabled
sc config TrkWks start= disabled
sc config TrkSvr start= disabled
sc config NtFrs start= disabled
sc config Messenger start= disabled
sc config NetLogon start= disabled
sc config Spooler start= disabled
sc config RemoteRegistry start= disabled
sc config RemoteAccess start= disabled
sc config Schedule start= disabled
sc config LmHosts start= disabled
::取消默认共享/禁止IPC空连接
REG ADD "HKLM\SYSTEM\CurrentControlSet\Service\lanmanserver\parameters" /v AutoShareServer /t REG_DWORD /d 0 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD /d 1 /f
::删除非必要用户对磁盘的访问权限
::命令行中使用%, 但批处理脚本中需要使用%%
::FOR %%i IN (C:\,D:\,E:\,F:\,G:\,H:\) DO IF EXIST %%i CACLS %%i /T /E /C /R "Everyone"
FOR %i IN (C:\,D:\,E:\,F:\,G:\,H:\) DO IF EXIST %i CACLS %i /T /E /C /R "Everyone"
::系统开机超时时间设定为5秒
BOOTCFG /TIMEOUT 5
::更改计算机名 (假设内网段为192.168.*.*, 设置主机名为HOST+外网IP后两段)
for /f "tokens=2 delims=:" %%i in ('ipconfig ^|findstr /C:"IP Address" ^|findstr /V "192.168."') do set host_ip=%%i
for /f "tokens=3-4 delims=." %%i in ('echo %%host_ip%%') do set host_name=HOST%%i%%j
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName" /v ComputerName /t reg_sz /d %host_name% /f
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters" /v "NV Hostname" /t reg_sz /d %host_name% /f
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters" /v Hostname /t reg_sz /d %host_name% /f