以下是本人在IDC中心工作时的服务器安全设置文件,自己做成了.reg和.bat文件,希望大家能提出宝贵意见!
1.smb的关闭,关闭445端口
smb文件是关闭445端口的注册表修改
修改地址
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
dword值为SMBDeviceEnabled,数值数据为0
编写如下文本,保存为.reg即可
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"SMBDeviceEnabled"=dword:00000000
2.改名为不安全组件,这个是阿江网站提供的
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}]
@="Shell Automation Service"
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}\InProcServer32]
@="C:\\WINNT\\system32\\shell32.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}\ProgID]
@="Shell.Application_ajiang.1"
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}\TypeLib]
@="{50a7e9b0-70ef-11d1-b75a-00a0c90564fe}"
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}\Version]
@="1.1"
[HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540001}\VersionIndependentProgID]
@="Shell.Application_ajiang"
[HKEY_CLASSES_ROOT\Shell.Application_ajiang]
@="Shell Automation Service"
[HKEY_CLASSES_ROOT\Shell.Application_ajiang\CLSID]
@="{13709620-C279-11CE-A49E-444553540001}"
[HKEY_CLASSES_ROOT\Shell.Application_ajiang\CurVer]
@="Shell.Application_ajiang.1"
保存为.reg文件运行即可
3.批处理关闭多余系统服务
  sc config Alerter start= demand   
sc config TrkWks start= demand   
sc config helpsvc start= demand   
sc config PolicyAgent start= demand   
sc config dmserver start= demand   
sc config WmdmPmSn start= demand   
sc config Spooler start= demand   
sc config RemoteRegistry start= demand   
sc config NtmsSvc start= demand   
sc config seclogon start= demand   
sc config Schedule start= demand   
sc config WebClient start= demand   
sc config W32Time start= demand   
sc config WZCSVC start= demand
sc config ERSvc start= demand   
sc config Themes start= demand   
sc config FastUserSwitchingCompatibility start= disabled   
sc config Messenger start= disabled   
sc config ProtectedStorage start= disabled
sc config SSDPSRV start= disabled   
sc config TermService start= disabled   
sc config ShellHWDetection start= disabled   
sc stop W32Time   
sc stop ShellHWDetection   
sc stop TrkWks
sc stop helpsvc
sc stop dmserver
sc stop PolicyAgent   
sc stop Spooler   
sc stop RemoteRegistry   
sc stop seclogon   
sc stop Schedule   
sc stop WZCSVC
sc stop ERSvc   
sc stop Themes   
sc stop FastUserSwitchingCompatibility   
sc stop ProtectedStorage   
sc stop SSDPSRV   
sc stop WebClient   
保存为.bat文件运行即可
4.关闭默认共享
将以下用文本编辑存为.bat文件即可:
@echo 北京IDC网服务器安全设置文件,艺飞制作
@echo 准备删除所有的默认共享,准备好请按回车键
@pause
@echo off
echo.
echo ——————————————————
echo.
echo 现在删除所有的默认共享,请稍候
echo.
net share c$ /delete
net share d$ /delete
net share e$ /delete
net share f$ /delete
net share g$ /delete
net share admin$ /delete
net stop Server
net start Server
echo.
echo 所有的默认共享现在已经被删除
echo.
echo ——————————————————
echo.
echo 现在修改注册表以改变系统的设置
echo.
echo 正在创建注册表文件
echo Windows Registry Editor Version 5.00> c:/delshare.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]>> c:/delshare.reg
echo "RestrictAnonymous"="00000001">> c:/delshare.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:/delshare.reg
echo "AutoShareWks"=dword:00000000>> c:/delshare.reg
echo "AutoShareServer"=dword:00000000>> c:/delshare.reg
echo 即将使用注册表文件改变系统设置.
regedit /s c:\delshare.reg
echo 删除刚才创建的临时注册表文件
del c:\delshare.reg
echo 临时文件已经删除,删除默认
echo 共享成功完成!
echo 关闭窗口,重启你的电脑,以便使修改生效!
@pause
5.禁止建立空连接
将以下存为.reg文件运行即可
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"nolmhash"=dword:00000000
"restrictanonymous"="00000001"
6.禁止自动打开默认共享
将以下存为.reg文件运行即可
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareServer"=dword:00000000
7.卸载最不安全的组件
将以下存为.bat文件运行即可
regsvr32/u C:\WINDOWS\System32\wshom.ocx
del C:\WINDOWS\System32\wshom.ocx
regsvr32/u C:\WINDOWS\system32\shell32.dll
del C:\WINDOWS\system32\shell32.dll
regsvr32/u C:\Program Files\CommonFiles\System\ado\msado15.dll
del C:\Program Files\CommonFiles\System\ado\msado15.dll
8.修改IP和DNS
将以下存为.bat文件运行即可
netsh interface ip set address name="本地连接" source=static addr=192.168.1.32 mask=255.255.255.0
netsh interface ip set address name="本地连接" gateway=192.168.1.1 gwmetric=0
netsh interface ip set dns name="本地连接" source=static addr=203.196.0.6 register=PRIMARY
netsh interface ip add dns name="本地连接" addr=202.106.0.20