@echo 口令
@echo [version] >account.inf
@echo signature="$CHICAGO$" >>account.inf
@echo [System Access] >>account.inf
@echo PasswordComplexity=1 >>account.inf REM 开启帐户密码复杂性要求
@echo MaximumPasswordAge=90 >>account.inf REM 修改帐户密码最长留存期为90天
@echo MinimumPasswordLength=8 >>account.inf REM 修改帐户密码最小长度为8
@echo LockoutBadCount=6 >>account.inf REM 设定帐户锁定阀值为6次
@echo PasswordHistorySize=5 >>account.inf REM 修改强制密码历史为5次
secedit /configure /db account.sdb /cfg account.inf /log account.log
del account.*
@echo 审核
@echo [version] >audit.inf
@echo signature="$CHICAGO$" >>audit.inf
@echo [Event Audit] >>audit.inf
@echo AuditSystemEvents=3 >>audit.inf REM 开启审核系统事件
@echo AuditObjectAccess=3 >>audit.inf REM 开启审核对象访问
@echo AuditPrivilegeUse=3 >>audit.inf REM 开启审核特权使用
@echo AuditPolicyChange=3 >>audit.inf REM 开启审核策略更改
@echo AuditAccountManage=3 >>audit.inf REM 开启审核帐户管理
@echo AuditProcessTracking=3 >>audit.inf REM 开启审核过程跟踪
@echo AuditDSAccess=3 >>audit.inf REM 开启审核目录服务访问
@echo AuditLogonEvents=3 >>audit.inf REM 开启审核登陆事件
@echo AuditAccountLogon=3 >>audit.inf 开启审核帐户登陆事件
@echo AuditLog >>audit.inf
secedit /configure /db audit.sdb /cfg audit.inf /log audit.log /quiet
del audit.*
@echo 禁用共享
@echo 清除admin$共享
net share admin$ /del
@echo 清除ipc$共享
net share ipc$ /del
@echo 清除C盘共享
net share c$ /del
@echo 清除D盘共享
net share d$ /del
@echo 清除E盘共享
net share e$ /del
@echo 清除F盘共享
net share f$ /del
@echo 清除G盘共享
net share g$ /del
@echo Windows Registry Editor Version 5.00>>shutdownshare.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>>shutdownshare.reg
@echo "AutoShareServer"=dword:00000000>>shutdownshare.reg
@echo "AutoShareWks"=dword:00000000>>shutdownshare.reg
@regedit /s shutdownshare.reg
@del shutdownshare.reg
@REM 关闭自动播放
@echo Windows Registry Editor Version 5.00>>closeautorun.reg
@echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]>>closeautorun.reg
@echo "NoDriveTypeAutoRun"=dword:000000ff>>closeautorun.reg
@regedit /s closeautorun.reg
@del closeautorun.reg
@echo
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v "PortNumber" /t REG_DWORD /d 13389 /f
REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "PortNumber" /t REG_DWORD /d 13389 /f
@echo
net start MpsSvc /Y > nul
echo 停止,禁止server服务。
net stop LanmanServer /Y > nul
sc config LanmanServer start= disabled > nul
net start sharedaccess > nul
echo 停止,禁止Dhcp服务
net stop Dhcp /Y> nul
sc config Dhcp start= disabled > nul
echo.
net stop Spooler /Y > nul
sc config Spooler start= disabled > nul
echo.
net stop ShellHWDetection /Y > nul
sc config ShellHWDetection start= disabled > nul
echo.
net stop RemoteRegistry /Y > nul
sc config RemoteRegistry start= disabled > nul
echo.
netsh advfirewall firewall add rule name="禁用高危TCP端口" dir=in protocol=TCP localport=135,137,138,139,445,593,1025,2745,3127,6129,3389,8009 action=block > nul
netsh advfirewall firewall add rule name="禁用高危UDP端口" dir=in protocol=UDP localport=135,137,138,139,445,593,1025,2745,3127,6129,3389,8009 action=block > nul
netsh advfirewall firewall add rule name="检测软件需要端口" dir=in protocol=tcp localport=80,8080,8081,8088,1433,1521,13389 action=allow > nul
echo.
netsh advfirewall set currentprofile state on > nul
netsh advfirewall set publicprofile state on > nul
netsh advfirewall set allprofile state on > nul
netsh advfirewall set privateprofile state on > nul
echo.
echo 正在开启Windows防火墙
echo 防火墙已经成功启动。
net user guest /active:no
gpupdate
gpupdate /force
echo 来宾账户关闭成功。
echo.
shutdown /r /t 0
echo.
留言