内网安全加固禁用高危TCP端口、禁用高危UDP端口、禁用共享

image.png


@echo 口令

@echo [version] >account.inf

@echo signature="$CHICAGO$" >>account.inf

@echo [System Access] >>account.inf

@echo PasswordComplexity=1 >>account.inf REM 开启帐户密码复杂性要求

@echo MaximumPasswordAge=90 >>account.inf REM 修改帐户密码最长留存期为90天

@echo MinimumPasswordLength=8 >>account.inf REM 修改帐户密码最小长度为8

@echo LockoutBadCount=6 >>account.inf REM 设定帐户锁定阀值为6次

@echo PasswordHistorySize=5 >>account.inf REM 修改强制密码历史为5次

secedit /configure /db account.sdb /cfg account.inf /log account.log

del account.*

@echo 审核

@echo [version] >audit.inf

@echo signature="$CHICAGO$" >>audit.inf

@echo [Event Audit] >>audit.inf

@echo AuditSystemEvents=3 >>audit.inf REM 开启审核系统事件

@echo AuditObjectAccess=3 >>audit.inf REM 开启审核对象访问

@echo AuditPrivilegeUse=3 >>audit.inf REM 开启审核特权使用

@echo AuditPolicyChange=3 >>audit.inf REM 开启审核策略更改

@echo AuditAccountManage=3 >>audit.inf REM 开启审核帐户管理

@echo AuditProcessTracking=3 >>audit.inf REM 开启审核过程跟踪

@echo AuditDSAccess=3 >>audit.inf REM 开启审核目录服务访问

@echo AuditLogonEvents=3 >>audit.inf REM 开启审核登陆事件

@echo AuditAccountLogon=3 >>audit.inf 开启审核帐户登陆事件

@echo AuditLog >>audit.inf

secedit /configure /db audit.sdb /cfg audit.inf /log audit.log /quiet

del audit.*

@echo 禁用共享

@echo 清除admin$共享

net share admin$ /del 

@echo 清除ipc$共享

net share ipc$ /del

@echo 清除C盘共享

net share c$ /del   

@echo 清除D盘共享

net share d$ /del

@echo 清除E盘共享

net share e$ /del

@echo 清除F盘共享

net share f$ /del

@echo 清除G盘共享

net share g$ /del  

@echo Windows Registry Editor Version 5.00>>shutdownshare.reg

@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>>shutdownshare.reg

@echo "AutoShareServer"=dword:00000000>>shutdownshare.reg

@echo "AutoShareWks"=dword:00000000>>shutdownshare.reg

@regedit /s shutdownshare.reg

@del shutdownshare.reg

@REM 关闭自动播放

@echo Windows Registry Editor Version 5.00>>closeautorun.reg

@echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]>>closeautorun.reg

@echo  "NoDriveTypeAutoRun"=dword:000000ff>>closeautorun.reg

@regedit /s closeautorun.reg

@del closeautorun.reg

@echo

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v "PortNumber" /t REG_DWORD /d 13389 /f

REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "PortNumber" /t REG_DWORD /d 13389 /f

@echo

net start MpsSvc /Y > nul

echo 停止,禁止server服务。

net stop LanmanServer /Y > nul

sc config LanmanServer start= disabled > nul

net start sharedaccess > nul

echo 停止,禁止Dhcp服务

net stop Dhcp /Y> nul

sc config Dhcp start= disabled > nul

echo.

net stop Spooler /Y > nul

sc config Spooler start= disabled > nul

echo.

net stop ShellHWDetection /Y > nul

sc config ShellHWDetection start= disabled > nul

echo.

net stop RemoteRegistry /Y > nul

sc config RemoteRegistry start= disabled > nul

echo. 

netsh advfirewall firewall add rule name="禁用高危TCP端口" dir=in protocol=TCP localport=135,137,138,139,445,593,1025,2745,3127,6129,3389,8009 action=block > nul

netsh advfirewall firewall add rule name="禁用高危UDP端口" dir=in protocol=UDP localport=135,137,138,139,445,593,1025,2745,3127,6129,3389,8009 action=block > nul

netsh advfirewall firewall add rule name="检测软件需要端口" dir=in protocol=tcp localport=80,8080,8081,8088,1433,1521,13389 action=allow > nul

echo.

netsh advfirewall set currentprofile state on > nul

netsh advfirewall set publicprofile state on > nul

netsh advfirewall set allprofile state on > nul

netsh advfirewall set privateprofile state on > nul

echo. 

echo 正在开启Windows防火墙

echo 防火墙已经成功启动。

net user guest /active:no

gpupdate

gpupdate /force

echo 来宾账户关闭成功。

echo.

shutdown /r /t 0

echo.



下载1:https://www.binbo.cc/file-3110.html


下载2:




| 打赏作者,一杯咖啡



如果文章对您有帮助,请打开微信扫一扫打赏二维码以表谢意!






| 免责声明


http://www.fj530.com/post/160.html

评论