How to implement server security settings using batch processing 03/28 Update SLTechnology News&Howtos

How to implement server security settings using batch processing

2025-03-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/03 Report--

This article mainly introduces how to use batch processing to achieve server security settings, the article is very detailed, has a certain reference value, interested friends must read it!

The code is as follows:

@ ECHO OFF

CLS

TITLE SERVER SAFE SETUP PRO

COLOR 0A

Echo y | cacls.exe C:\ / p Administrators:f system:f "network service": r

Echo y | cacls.exe D:\ / p Administrators:f system:f servU:f "network service": r

Echo y | cacls.exe E:\ / p Administrators:f system:f servU:f "network service": r

Echo y | cacls.exe "C:\ Program Files" / t / p Administrators:f system:f everyone:r

Echo y | cacls.exe "C:\ Program Files\ Common Files" / t / g Administrators:f system:f everyone:r

Echo y | cacls.exe c:\ windows / p Administrators:f system:f

Echo y | cacls.exe c:\ windows\ system32 / p Administrators:f system:f

Echo y | cacls.exe C:\ WINDOWS\ system32\ inetsrv / p Administrators:f system:f everyone:r

Echo y | cacls.exe "C:\ Documents and Settings" / p Administrators:f system:f

Echo y | cacls.exe "C:\ Documents and Settings\ All Users" / t / p Administrator:f system:f everyone:r

Echo y | cacls.exe c:\ windows\ temp / p everyone:f

Echo y | cacls.exe% systemroot%\ system32\ shell32.dll / p Administrators:f

Echo y | cacls.exe% systemroot%\ system32\ wshom.ocx / p Administrators:f

Echo y | cacls.exe c:\ windows\ system32\ * .exe / p Administrators:f system:f

Echo y | cacls.exe "c:\ Documents and Settings\ All Users" / e / g everyone:r

Echo y | cacls.exe% systemroot%\ system32\ svchost.exe / e / g "network service": r

Echo y | cacls.exe% systemroot%\ system32\ msdtc.exe / e / g "network service": r

Echo y | cacls.exe% windir%\ system32\ mtxex.dll / e / g everyone:r

Echo y | cacls.exe c:\ windows\ system32\ cmd.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ net.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ net1.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ sc.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ at.exe / p Administrator:f

Echo y | cacls.exe% windir%\ system32\ dllhost.exe / e / g everyone:r

Echo y | cacls.exe c:\ windows\ system32\ netsh.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ net.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ cacls.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ cmdkey.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ ftp.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ tftp.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ reg.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ regedt32.exe / p Administrator:f

Echo y | cacls.exe c:\ windows\ system32\ regini.exe / p Administrator:f

Echo y | cacls.exe% windir%\ assembly / e / t / g "network service": r

Echo y | cacls.exe% windir%\ Microsoft.NET / e / t / g everyone:r

Echo y | cacls.exe "% windir%\ Microsoft.NET\ Framework\ v1.1.4322\ Temporary ASP.NET Files" / e / t / g everyone:f

Echo y | cacls.exe% windir%\ system32\ mscoree.dll / e / g everyone:r

Echo y | cacls.exe% windir%\ system32\ ws03res.dll / e / g everyone:r

Echo y | cacls.exe% windir%\ system32\ msxml*.dll / e / g everyone:r

Echo y | cacls.exe C:\ WINDOWS\ system32\ urlmon.dll / e / g everyone:r

Echo y | cacls.exe C:\ WINDOWS\ system32\ mlang.dll / e / g everyone:r

Echo y | cacls.exe C:\ WINDOWS\ system32\ TAPI32.dll / e / g everyone:r

Echo y | cacls.exe C:\ WINDOWS\ system32\ WININET.dll / e / g everyone:r

Cacls c:\ windows\ assembly / e / t / p "network service": r

Cacls c:\ windows\ Microsoft.NET / e / t / p "network service": r

Cacls "C:\ WINDOWS\ Microsoft.NET\ Framework\ v1.1.4322\ Temporary ASP.NET Files" / e / t / p "network service": F

Cacls C:\ WINDOWS\ system32\ mscoree.dll / e / g everyone:r

Cacls C:\ WINDOWS\ system32\ ws03res.dll / e / g everyone:r

Cacls c:\ WINDOWS / e / g "network service": r

If exist c:\ windows cacls c:\ windows / e / g "network service": r

Cacls c:\ windows\ Microsoft.NET / e / t / p "network service": r

Cacls "C:\ WINDOWS\ Microsoft.NET\ Framework\ v1.1.4322\ Temporary ASP.NET Files" / e / t / p "network service": F

Cacls "C:\ WINDOWS\ Microsoft.NET\ Framework\ v2.0.50727\ Temporary ASP.NET Files" / e / t / p "network service": F

Cacls c:\ windows\ system32 / e / g "network service": r

Cacls c:\ windows\ system32\ rasapi32.dll / e / g "network service": r

Echo y | cacls.exe C:\ WINDOWS\ system32\ inetsrv\ adsiis.dll / p Administrators:f autosystem:f

Echo y | cacls.exe C:\ WINDOWS\ system32\ inetsrv\ iisadmpwd / p Administrators:f autosystem:f

Echo y | cacls.exe C:\ WINDOWS\ system32\ inetsrv\ MetaBack / p Administrators:f autosystem:f

Cacls C ":\ Program Files\ Serv-U" / e / g "servu": F

Cacls d:\ wwwroot / e / g servU:f

Set server directory permissions above echo

Net stop Browser

Sc config Browser start= disabled

Net stop lanmanserver

Sc config lanmanserver start= disabled

Net share c $/ delete

Net share d$ / delete

Net share e$ / delete

Net share f$ / delete

Net share admin$ / delete

Net share ipc$ / delete

Delete the default share and set the service item above echo

Echo.. Delshare.reg.

Echo Windows Registry Editor Version 5.00 > c:\ delshare.reg

Echo [HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ lanmanserver\ parameters] > c:\ delshare.reg

Echo "AutoShareWks" = dword:00000000 > > c:\ delshare.reg

Echo "AutoShareServer" = dword:00000000 > > c:\ delshare.reg

Echo.. Delshare.reg.

Regedit / s c:\ delshare.reg

Echo.. Delshare.reg....

Del c:\ delshare.reg

Echo.

Echo =

Echo.

Echo .dos....

Echo.

Echo Windows Registry Editor Version 5.00 > c:\ dosforwin.reg

Echo [HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ Tcpip\ Parameters] > c:\ dosforwin.reg

Echo "EnableICMPRedirect" = dword:00000000 > > c:\ dosforwin.reg

Echo "DeadGWDetectDefault" = dword:00000001 > > c:\ dosforwin.reg

Echo "DontAddDefaultGatewayDefault" = dword:00000000 > > c:\ dosforwin.reg

Echo "EnableSecurityFilters" = dword:00000000 "> > c:\ dosforwin.reg

Echo "AllowUnqualifiedQuery" = dword:00000000 > > c:\ dosforwin.reg

Echo "PrioritizeRecordData" = dword:00000001 > > c:\ dosforwin.reg

Echo "ReservedPorts" = hex (7): 31pyrrine 00pyrmus 34pyrmus 33pyrmus 00pyrmus 33dpyrorrine 2dpjorie 31pyritorius 34pyritorius 33pyritorius 00pyritorius 34pyritorius 33pyritorius 33pyritorius 00pyrus 34pyror00,\ > c:\ dosforwin.reg

Echo 00000000000000000000 > c:\ dosforwin.reg

Echo "SynAttackProtect" = dword:00000002 > > c:\ dosforwin.reg

Echo "EnablePMTUDiscovery" = dword:00000000 > > c:\ dosforwin.reg

Echo "NoNameReleaseOnDemand" = dword:00000001 > > c:\ dosforwin.reg

Echo "EnableDeadGWDetect" = dword:00000000 > > c:\ dosforwin.reg

Echo "KeepAliveTime" = dword:00300000 > > c:\ dosforwin.reg

Echo "PerformRouterDiscovery" = dword:00000000 > > c:\ dosforwin.reg

Echo "EnableICMPRedirects" = dword:00000000 > > c:\ dosforwin.reg

Echo.

Echo =

Echo.. Dosforwin.reg.

Regedit / s c:\ dosforwin.reg

Echo.. Dosforwin.reg....

Del c:\ dosforwin.reg

Echo =

Echo.

Echo =

Echo.. Remote Registry Service.

Echo.

Echo Windows Registry Editor Version 5.00 > c:\ regedit.reg

Echo [HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ RemoteRegistry] > c:\ regedit.reg

Echo "Start" = dword:00000004 > > c:\ regedit.reg

Echo.

Echo.. Regedit.reg.

Regedit / s c:\ regedit.reg

Echo.

Del c:\ regedit.reg

Echo =

Echo.. Messenger.

Echo.

Echo Windows Registry Editor Version 5.00 > c:\ message.reg

Echo [HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ Messenger] > c:\ message.reg

Echo "Start" = dword:00000004 > > c:\ message.reg

Echo.

Echo.. Message.reg.

Regedit / s c:\ message.reg

Echo.

Echo.. Message.reg

Del c:\ message.reg

Echo =

Echo.. lanmanserver.

Echo.

Echo Windows Registry Editor Version 5.00 > c:\ lanmanserver.reg

Echo [HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ lanmanserver] > c:\ lanmanserver.reg

Echo "Start" = dword:00000004 > > c:\ lanmanserver.reg

Echo.

Echo.. Lanmanserver.reg.

Regedit / s c:\ lanmanserver.reg

Echo.

Echo.. Lanmanserver.reg

Del c:\ lanmanserver.reg

Echo =

Echo... TCP/IP NetBIOS Helper Service

Echo.

Echo Windows Registry Editor Version 5.00 > c:\ netbios.reg

Echo [HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ LmHosts] > c:\ netbios.reg

Echo "Start" = dword:00000004 > > c:\ netbios.reg

Echo.

Echo.. Netbios.reg.

Regedit / s c:\ netbios.reg

Echo.

Echo.. Netbios.reg

Del c:\ netbios.reg

Regedit / s forddos.reg

The second one.

The code is as follows:

Echo.

Echo

Echo.

Net share c $/ delete

Net share d$ / delete

Net share e$ / delete

Net share f$ / delete

Net share admin$ / delete

Net share ipc$ / delete

Net stop Server

Net start Server