摘要:本文将带你了解WIN2008是如何自动部署安全BAT
WIN2008 自动部署安全BAT
1. @echo off 2. color 0a 3. @echo 请选择要服务操作类型: 4. @echo 1.安装IIS 5. @echo 2.更改远程端口 6. @echo 3.停止无用服务 7. @echo 4.操作防火墙规则限制无用端口 8. @echo 5.重置防火墙(慎重使用,请确保远程端口为3389) 9. @echo 6.关闭防火墙 10. @echo 7.ADD 静态路由表 11. @echo 8.退出 12. 13. set/p a=请选择服务操作类型: 14. goto start%a% 15. 16. :start1 17. title IIS7自动安装程序 – iHackSoft.com 18. echo. 19.
20. echo 正在添加IIS功能,这可能需要几分钟时间… 21. start /w pkgmgr /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS- 22. HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS- 23. ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-CustomLogging;IIS- 24. ODBCLogging;IIS-Security;IIS-BasicAuthentication;IIS-WindowsAuthentication;IIS-DigestAuthentication;IIS- 25. ClientCertificateMappingAuthentication;IIS-IISCertificateMappingAuthentication;IIS-URLAuthorization;IIS-RequestFiltering;IIS-IPSecurity;IIS- 26. Performance;IIS-WebServerManagementTools;IIS-ManagementConsole;IIS-ManagementScriptingTools;IIS-ManagementService;IIS- 27. IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;IIS-LegacyScripts;IIS-LegacySnapIn;WAS-WindowsActivationService;WAS- 28. ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI 29. echo IIS已添加成功! 30. @pause
31. cls 32. goto :start 33. :start2 34. echo 请输入要修改的远程端口号: 35. set /p var= 36. echo 开始修改 37. reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /f 38. reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t REG_DWORD /d %var% /f 39. reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /f 40. reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d %var% /f 41. echo 修改成功,下面是添加防火墙规则 42. netsh firewall add portopening TCP %var% %var% 43. @pause 44. cls 45. goto :start
46. 47. :start3 48. echo 停止Distributed linktracking client 用于局域网更新连接信息 49. net start TrkWks 50. echo 停止PrintSpooler 打印服务 51. net stop Spooler 52. echo 停止Remote Registry 远程修改注册表 53. net stop RemoteRegistry 54. echo 停止Server 计算机通过网络的文件、打印、和命名管道共享 55. net stop LanmanServer 56. echo 停止TCP/IP NetBIOS Helper 提供 TCP/IP (NetBT) 服务上的 NetBIOS 和网络上客户端的 NetBIOS 名称解析的支持 57. net stop lmhosts 58. echo 停止Computer Browser 维护网络计算机更新 默认已经禁用 59. net stop Browser 60. echo 停止Net Logon 域控制器通道管理 默认已经手动 61. net stop Netlogon 62. echo 停止Remote Procedure Call (RPC) Locator RpcNs*远程过程调用 (RPC) 默认已经手动 63. net stop RpcLocator 64. @pause 65. cls 66. goto :start 67.
68. :start4 69. echo 启用桌面防火墙 70. netsh advfirewall set allprofiles state on 71. echo 设置默认输入和输出策略 72. netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound 73. echo 关闭tcp协议的139端口 74. netsh advfirewall firewall add rule name="deny tcp 139" dir=in protocol=tcp localport=139 action=block 75. echo 关闭udp协议的139端口 76. netsh advfirewall firewall add rule name="deny udp 139" dir=in protocol=udp localport=139 action=block 77. echo 关闭tcp协议的445端口 78. netsh advfirewall firewall add rule name="deny tcp 445" dir=in protocol=tcp localport=445 action=block 79. echo 关闭udp协议的445端口 80. netsh advfirewall firewall add rule name="deny udp 445″ dir=in protocol=udp localport=445 action=block 81. echo 使用相同的方法,依次关闭TCP协议的21、22、23、137、138、5800、5900端口。 82. netsh advfirewall firewall add rule name= "deny tcp 21" dir= in protocol=tcp localport=21 action=block 83. netsh advfirewall firewall add rule name= "deny tcp 22" dir=in protocol=tcp localport=22 action=block 84. netsh advfirewall firewall add rule name= "deny tcp 23" dir=in protocol=tcp localport=23 action=block 85. netsh advfirewall firewall add rule name= "deny tcp 5800" dir=in protocol=tcp localport=5800 action=block 86. netsh advfirewall firewall add rule name= "deny tcp 5900" dir=in protocol=tcp localport=5900 action=block 87. netsh advfirewall firewall add rule name= "deny tcp 137" dir=in protocol=tcp localport=137 action=block 88. netsh advfirewall firewall add rule name= "deny tcp 138" dir=in protocol=tcp localport=138 action=block 89. @pause
90. cls 91. goto :start 92. 93. :start5 94. echo 恢复初始配置 95. netsh advfirewall reset 96. @pause 97. cls 98. goto :start 99. 100. :start6 101. echo 关闭防火墙 102. netsh advfirewall set allprofiles state off 103. @pause 104. cls 105. goto :start 106. 107. :start7 108. echo 加静态路由表 109. route -p add 192.168.0.0 mask 255.255.255.0 192.168.12.1 110. route -p add 192.168.11.0 mask 255.255.255.0 192.168.12.1 111. route -p add 192.168.100.0 mask 255.255.255.0 192.168.12.1 112. @pause 113. cls 114. goto :start
115. 116. :start8 117. goto end 118. :end
本文由职坐标整理并发布,希望对同学们有所帮助。了解更多详情请关注职坐标系统运维之Windows频道!
您输入的评论内容中包含违禁敏感词
我知道了
请输入正确的手机号码
请输入正确的验证码
您今天的短信下发次数太多了,明天再试试吧!
我们会在第一时间安排职业规划师联系您!
您也可以联系我们的职业规划师咨询:
版权所有 职坐标-一站式IT培训就业服务领导者 沪ICP备13042190号-4
上海海同信息科技有限公司 Copyright ©2015 www.zhizuobiao.com,All Rights Reserved.
沪公网安备 31011502005948号