ASP.NET(aspxspy)防提权设置

防止读取注册表、运行命令、查看服务、查看进程:

打开:C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\web.config
找到<trust level=”Full” originUrl=”" /> 改为 <trust level=”High” originUrl=”" />
然后打开C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\web_hightrust.config
<SecurityClass Name=”RegistryPermission” Description=”System.Security.Permissions.RegistryPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″/>
把这句删掉,这样可以防止读取注册表、执行被命令、查看服务、查看进程、禁止IISSPY,经过测试,在目录里新建个Web.Config也是无法绕过这个设置的。该方法可能会有一定的影响

 

禁止查看IIS站点:

 

C:\WINDOWS\system32\activeds.tlb 找到此文件,取消users权限

 

 

禁止查看进程:

修改注册表
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/PerfProc/Performance 下面的键值Disable Performance Counters 设置为0。 重新启动即可

 http://www.xuehai.net

 

windows2003设置C盘权限

建批处理文档,运行一下代码:

echo Y|cacls c:\ /c /g administrators:f system:f
echo Y|cacls d:\ /c /g administrators:f system:f
echo Y|cacls e:\ /c /g administrators:f system:f
echo Y|cacls c:\RECYCLER /c /g administrators:f system:f
echo Y|cacls d:\RECYCLER /c /g administrators:f system:f
echo Y|cacls e:\RECYCLER /c /g administrators:f system:f
echo Y|cacls C:\wmpub /c /t /g administrators:f system:f
echo Y|cacls C:\Docume~! /c /g administrators:f system:f
echo Y|cacls C:\Docume~!\AllUse~1 /c /g administrators:f system:f
echo Y|cacls C:\Progra~1 /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\cacls.exe /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\net.exe /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\net1.exe /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\system32\cmd.exe /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\tftp.exe /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\netstat.exe /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\regedt32.exe /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\at.exe /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\shell32.dll /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\format.com /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\wshom.ocx /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\system32\shell32.dll /c /g administrators:f system:f
echo Y|cacls %SystemRoot%\System32\activeds.tlb /c /g administrators:f system:f

你可能感兴趣的:(asp.net)