WIN2008 自动部署安全BAT-window安全运维_

跨零代码为大家提供高品质的运维解决方案,请大家多多来访,跨零不胜感激,在此谢过。

@echo off   color 0a   @echo  请选择要服务操作类型:   @echo       1.安装IIS   @echo       2.更改远程端口   @echo       3.停止无用服务   @echo       4.操作防火墙规则限制无用端口   @echo       5.重置防火墙(慎重使用,请确保远程端口为3389)   @echo       6.关闭防火墙   @echo       7.ADD 静态路由表   @echo       8.退出      set/p a=请选择服务操作类型:   goto start%a%            :start1   title IIS7自动安装程序 – iHackSoft.com   echo.      echo 正在添加IIS功能,这可能需要几分钟时间…   start /w pkgmgr /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-   HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-   ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-CustomLogging;IIS-   ODBCLogging;IIS-Security;IIS-BasicAuthentication;IIS-WindowsAuthentication;IIS-DigestAuthentication;IIS-   ClientCertificateMappingAuthentication;IIS-IISCertificateMappingAuthentication;IIS-URLAuthorization;IIS-RequestFiltering;IIS-IPSecurity;IIS-   Performance;IIS-WebServerManagementTools;IIS-ManagementConsole;IIS-ManagementScriptingTools;IIS-ManagementService;IIS-   IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;IIS-LegacyScripts;IIS-LegacySnapIn;WAS-WindowsActivationService;WAS-   ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI   echo IIS已添加成功!   @pause   cls   goto :start   :start2   echo 请输入要修改的远程端口号:   set /p var=   echo 开始修改   reg delete "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/Wds/rdpwd/Tds/tcp" /v PortNumber /f   reg add "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/Wds/rdpwd/Tds/tcp" /v PortNumber /t REG_DWORD /d %var% /f   reg delete "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp" /v PortNumber /f   reg add "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp" /v PortNumber /t REG_DWORD /d %var% /f   echo 修改成功,下面是添加防火墙规则   netsh firewall add portopening TCP %var% %var%   @pause   cls   goto :start      :start3   echo 停止Distributed linktracking client   用于局域网更新连接信息   net start TrkWks   echo 停止PrintSpooler  打印服务   net stop Spooler   echo 停止Remote Registry  远程修改注册表   net stop RemoteRegistry   echo 停止Server 计算机通过网络的文件、打印、和命名管道共享   net stop LanmanServer   echo 停止TCP/IP NetBIOS Helper  提供 TCP/IP (NetBT) 服务上的 NetBIOS 和网络上客户端的 NetBIOS 名称解析的支持   net stop lmhosts   echo 停止Computer Browser 维护网络计算机更新 默认已经禁用   net stop Browser   echo 停止Net Logon   域控制器通道管理 默认已经手动   net stop Netlogon   echo 停止Remote Procedure Call (RPC) Locator   RpcNs*远程过程调用 (RPC) 默认已经手动   net stop RpcLocator   @pause   cls   goto :start      :start4   echo 启用桌面防火墙   netsh advfirewall set allprofiles state on   echo 设置默认输入和输出策略   netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound   echo 关闭tcp协议的139端口   netsh advfirewall firewall add rule name="deny tcp 139" dir=in protocol=tcp localport=139 action=block   echo 关闭udp协议的139端口   netsh advfirewall firewall add rule name="deny udp 139" dir=in protocol=udp localport=139 action=block   echo 关闭tcp协议的445端口   netsh advfirewall firewall add rule name="deny tcp 445" dir=in protocol=tcp localport=445 action=block   echo 关闭udp协议的445端口   netsh advfirewall firewall add rule name="deny udp 445″ dir=in protocol=udp localport=445 action=block   echo 使用相同的方法,依次关闭TCP协议的21、22、23、137、138、5800、5900端口。   netsh advfirewall firewall add rule name= "deny tcp 21" dir= in protocol=tcp localport=21 action=block    netsh advfirewall firewall add rule name= "deny tcp 22" dir=in protocol=tcp localport=22 action=block   netsh advfirewall firewall add rule name= "deny tcp 23" dir=in protocol=tcp localport=23 action=block   netsh advfirewall firewall add rule name= "deny tcp 5800" dir=in protocol=tcp localport=5800 action=block   netsh advfirewall firewall add rule name= "deny tcp 5900" dir=in protocol=tcp localport=5900 action=block   netsh advfirewall firewall add rule name= "deny tcp 137" dir=in protocol=tcp localport=137 action=block   netsh advfirewall firewall add rule name= "deny tcp 138" dir=in protocol=tcp localport=138 action=block   @pause   cls   goto :start      :start5   echo 恢复初始配置   netsh advfirewall reset   @pause   cls   goto :start      :start6   echo 关闭防火墙   netsh advfirewall set allprofiles state off   @pause   cls   goto :start      :start7   echo 加静态路由表   route -p add 192.168.0.0 mask 255.255.255.0 192.168.12.1   route -p add 192.168.11.0 mask 255.255.255.0 192.168.12.1   route -p add 192.168.100.0 mask 255.255.255.0 192.168.12.1   @pause   cls   goto :start      :start8   goto end   :end

 


//下面这个css和插件后台设置的主题有关系,如果需要换样式,则需要修改以下CSS名称

从零到一,创造未来!跨零代码综合IT问题解决服务站,欢迎你的到来。运维教程 只为你绽放。

本文固定链接: http://kua0.com/2019/02/13/win2008-自动部署安全bat-window安全运维_/

为您推荐

发表评论

电子邮件地址不会被公开。 必填项已用*标注