自动配置windows server 2003 的安全

精选转载

刀匠 2011-03-06 11:01:57 博主文章分类：Windows

文章标签 职场安全 windows 2003 休闲 文章分类 Windows Server 服务器

最近公司发展蛮快,网络不断扩容,经常要安装服务器,使得我好多时间花在了配置服务器上.对于重复劳动,我一向不太喜欢的,所以就想到了写个脚本,让服务器自己去配置.以下脚本在2003上已经试验过,没有问题,希望大家能用得上;
文件auto-conf.bat的内容:
@echo off
echo "请确认您要对系统进行安全配置(只能用于windows server 2003!)"
choice /c YN /m "确认请按 y开始配置，否请按 n退出"
if errorlevel 2 goto no
if errorlevel 1 goto yes
:yes
secedit /configure /db typhoon.sdb /cfg typhoon.inf /overwrite /areas securitypolicy /log typhoon.log /quiet
cacls c: /r Everyone /e
regedit /s /c typhoon.reg
sc stop appmgmt
sc config appmgmt start= disabled
sc stop clipsrv
sc config clipsrv start= disabled
sc stop dh-cp
sc config dh-cp start= disabled
sc stop dfs
sc config dfs start= disabled
sc stop trkwks
sc config trkwks start= disabled
sc stop trksvr
sc config trksvr start= disabled
sc stop dnscache
sc config dnscache start= disabled
sc stop ersvc
sc config ersvc start= disabled
sc stop ntfrs
sc config ntfrs start= disabled
sc stop helpsvc
sc config helpsvc start= disabled
sc stop hidserv
sc config hidserv start= disabled
sc stop imapiservice
sc config imapiservice start= disabled
sc stop cisvc
sc config cisvc start= disabled
sc stop ismserv
sc config ismserv start= disabled
sc stop kdc
sc config kdc start= disabled
sc stop licenseservice
sc config licenseservice start= disabled
sc stop mnmsrvc
sc config mnmsrvc start= disabled
sc stop netdde
sc config netdde start= disabled
sc stop netddedsdm
sc config netddedsdm start= disabled
sc stop spooler
sc config spooler start= disabled
sc stop remoteregistry
sc config remoteregistry start= disabled
sc stop remoteaccess
sc config remoteaccess start= disabled
sc stop lmhosts
sc config lmhosts start= disabled
sc stop termservice
sc config termservice start= disabled
sc stop tssdis
sc config tssdis start= disabled
sc stop themes
sc config themes start= disabled
sc stop webclient
sc config webclient start= disabled
sc stop audiosrv
sc config audiosrv start= disabled
sc stop sharedaccess
sc config sharedaccess start= disabled
sc stop stisvc
sc config stisvc start= disabled
sc stop winhttpautoproxysvc
sc config winhttpautoproxysvc start= disabled
sc stop wzcsvc
sc config wzcsvc start= disabled
net localgroup guests nobody /del
net user nobody !@10AsD*we%e
echo "目前还没配置的项目:1.本地连接属性"
echo " 2.根据需要清除桌面,开始菜单,管理工具中不用的图标"
echo " 3.添加/删除程序中的组件"
echo " 4.我的电脑的属性"
echo " 5.根据需要删除不用的用户,设置管理员复杂密码"
goto end
:no
echo "no"
goto end
:end
pause
exit
文件typhoon.sdb由mmc的安全配置和分析生成,typhoon.inf是自己配置的安全模板,typhoon.reg是需要修改的注册表项.