以下是本人在IDC中心工作时的服务器安全设置文件,自己做成了.reg和.bat文件,希望大家能提出宝贵意见!
1.smb的关闭,关闭445端口
smb文件是关闭445端口的注册表修改
修改地址
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
dword值为SMBDeviceEnabled,数值数据为0
编写如下文本,保存为.reg即可
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"SMBDeviceEnabled"=dword:00000000
2.改名为不安全组件,这个是阿江网站提供的
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}]
@="Shell Automation Service"
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}\InProcServer32]
@="C:\\WINNT\\system32\\shell32.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}\ProgID]
@="Shell.Application_ajiang.1"
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}\TypeLib]
@="{50a7e9b0-70ef-11d1-b75a-00a0c90564fe}"
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}\Version]
@="1.1"
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}\VersionIndependentProgID]
@="Shell.Application_ajiang"
[HKEY_CLASSES_ROOT\Shell.Application_ajiang]
@="Shell Automation Service"
[HKEY_CLASSES_ROOT\Shell.Application_ajiang\CLSID]
@="{13709620-C279-11CE-A49E-444553540001}"
[HKEY_CLASSES_ROOT\Shell.Application_ajiang\CurVer]
@="Shell.Application_ajiang.1"
保存为.reg文件运行即可
3.批处理关闭多余系统服务
sc config Alerter start= demand
sc config TrkWks start= demand
sc config helpsvc start= demand
sc config PolicyAgent start= demand
sc config dmserver start= demand
sc config WmdmPmSn start= demand
sc config Spooler start= demand
sc config RemoteRegistry start= demand
sc config NtmsSvc start= demand
sc config seclogon start= demand
sc config Schedule start= demand
sc config WebClient start= demand
sc config W32Time start= demand
sc config WZCSVC start= demand
sc config ERSvc start= demand
sc config Themes start= demand
sc config FastUserSwitchingCompatibility start= disabled
sc config Messenger start= disabled
sc config ProtectedStorage start= disabled
sc config SSDPSRV start= disabled
sc config TermService start= disabled
sc config ShellHWDetection start= disabled
sc stop W32Time
sc stop ShellHWDetection
sc stop TrkWks
sc stop helpsvc
sc stop dmserver
sc stop PolicyAgent
sc stop Spooler
sc stop RemoteRegistry
sc stop seclogon
sc stop Schedule
sc stop WZCSVC
sc stop ERSvc
sc stop Themes
sc stop FastUserSwitchingCompatibility
sc stop ProtectedStorage
sc stop SSDPSRV
sc stop WebClient
保存为.bat文件运行即可
4.关闭默认共享
将以下用文本编辑存为.bat文件即可:
@echo 北京IDC网服务器安全设置文件,艺飞制作
@echo 准备删除所有的默认共享,准备好请按回车键
@pause
@echo off
echo.
echo ------------------------------------------------------
echo.
echo 现在删除所有的默认共享,请稍候
echo.
net share c$ /delete
net share d$ /delete
net share e$ /delete
net share f$ /delete
net share g$ /delete
net share admin$ /delete
net stop Server
net start Server
echo.
echo 所有的默认共享现在已经被删除
echo.
echo ------------------------------------------------------
echo.
echo 现在修改注册表以改变系统的设置
echo.
echo 正在创建注册表文件
echo Windows Registry Editor Version 5.00> c:/delshare.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]>> c:/delshare.reg
echo "RestrictAnonymous"="00000001">> c:/delshare.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:/delshare.reg
echo "AutoShareWks"=dword:00000000>> c:/delshare.reg
echo "AutoShareServer"=dword:00000000>> c:/delshare.reg
echo 即将使用注册表文件改变系统设置.
regedit /s c:\delshare.reg
echo 删除刚才创建的临时注册表文件
del c:\delshare.reg
echo 临时文件已经删除,删除默认
echo 共享成功完成!
echo 关闭窗口,重启你的电脑,以便使修改生效!
@pause
5.禁止建立空连接
将以下存为.reg文件运行即可
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"nolmhash"=dword:00000000
"restrictanonymous"="00000001"
6.禁止自动打开默认共享
将以下存为.reg文件运行即可
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareServer"=dword:00000000
7.卸载最不安全的组件
将以下存为.bat文件运行即可
regsvr32/u C:\WINDOWS\System32\wshom.ocx
del C:\WINDOWS\System32\wshom.ocx
regsvr32/u C:\WINDOWS\system32\shell32.dll
del C:\WINDOWS\system32\shell32.dll
regsvr32/u C:\Program Files\CommonFiles\System\ado\msado15.dll
del C:\Program Files\CommonFiles\System\ado\msado15.dll
8.修改IP和DNS
将以下存为.bat文件运行即可
netsh interface ip set address name="本地连接" source=static addr=192.168.1.32 mask=255.255.255.0
netsh interface ip set address name="本地连接" gateway=192.168.1.1 gwmetric=0
netsh interface ip set dns name="本地连接" source=static addr=203.196.0.6 register=PRIMARY
netsh interface ip add dns name="本地连接" addr=202.106.0.20