Windows Server2003防木马权限设置IIS服务器安全配置整理(2)
发布时间:2019-05-12

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto next3

if errorlevel 1 goto next21

 

:next21

xcacls.exe %SystemRoot%\system32\net.exe /t /g Administrators:F /y /C

xcacls.exe %SystemRoot%\system32\net1.exe /t /g Administrators:F /y /C

xcacls.exe %SystemRoot%\system32\cmd.exe /t /g Administrators:F /y /C

xcacls.exe %SystemRoot%\system32\tftp.exe /t /g Administrators:F /y /C

xcacls.exe %SystemRoot%\system32\netstat.exe /t /g Administrators:F /y /C

xcacls.exe %SystemRoot%\system32\regedit.exe /t /g Administrators:F /y /C

xcacls.exe %SystemRoot%\system32\at.exe /t /g Administrators:F /y /C

xcacls.exe %SystemRoot%\system32\attrib.exe /t /g Administrators:F /y /C

xcacls.exe %SystemRoot%\system32\cacls.exe /t /g Administrators:F /y /C

xcacls.exe %SystemRoot%\system32\fortmat.com /t /g Administrators:F /y /C

xcacls.exe %SystemRoot%\system32\secedit.exe /t /g Administrators:F /y /C

 

echo "虚拟主机C盘权限设定"

 

echo "删除C盘的everyone的权限"

cd/

cacls "%SystemDrive%" /r "everyone" /e

cacls "%SystemRoot%" /r "everyone" /e

cacls "%SystemRoot%/Registration" /r "everyone" /e

cacls "%SystemDrive%/Documents and Settings" /r "everyone" /e

 

 

echo "删除C盘的所有的users的访问权限"

 

cacls "%SystemDrive%" /r "users" /e

cacls "%SystemDrive%/Program Files" /r "users" /e

cacls "%SystemDrive%/Documents and Settings" /r "users" /e

 

cacls "%SystemRoot%" /r "users" /e

cacls "%SystemRoot%/addins" /r "users" /e

cacls "%SystemRoot%/AppPatch" /r "users" /e

cacls "%SystemRoot%/Connection Wizard" /r "users" /e

cacls "%SystemRoot%/Debug" /r "users" /e

cacls "%SystemRoot%/Driver Cache" /r "users" /e

cacls "%SystemRoot%/Help" /r "users" /e

cacls "%SystemRoot%/IIS Temporary Compressed Files" /r "users" /e

cacls "%SystemRoot%/java" /r "users" /e

cacls "%SystemRoot%/msagent" /r "users" /e

cacls "%SystemRoot%/mui" /r "users" /e

cacls "%SystemRoot%/repair" /r "users" /e

cacls "%SystemRoot%/Resources" /r "users" /e

cacls "%SystemRoot%/security" /r "users" /e

cacls "%SystemRoot%/system" /r "users" /e

cacls "%SystemRoot%/TAPI" /r "users" /e

cacls "%SystemRoot%/Temp" /r "users" /e

cacls "%SystemRoot%/twain_32" /r "users" /e

cacls "%SystemRoot%/Web" /r "users" /e

 

cacls "%SystemRoot%/system32/3com_dmi" /r "users" /e

cacls "%SystemRoot%/system32/administration" /r "users" /e

cacls "%SystemRoot%/system32/Cache" /r "users" /e

cacls "%SystemRoot%/system32/CatRoot2" /r "users" /e

cacls "%SystemRoot%/system32/Com" /r "users" /e

cacls "%SystemRoot%/system32/config" /r "users" /e

cacls "%SystemRoot%/system32/dhcp" /r "users" /e

cacls "%SystemRoot%/system32/drivers" /r "users" /e

cacls "%SystemRoot%/system32/export" /r "users" /e

cacls "%SystemRoot%/system32/icsxml" /r "users" /e

cacls "%SystemRoot%/system32/lls" /r "users" /e

cacls "%SystemRoot%/system32/LogFiles" /r "users" /e

cacls "%SystemRoot%/system32/MicrosoftPassport" /r "users" /e

cacls "%SystemRoot%/system32/mui" /r "users" /e

cacls "%SystemRoot%/system32/oobe" /r "users" /e

cacls "%SystemRoot%/system32/ShellExt" /r "users" /e

cacls "%SystemRoot%/system32/wbem" /r "users" /e

 

echo "添加iis_wpg的访问权限"

cacls "%SystemRoot%" /g iis_wpg:r /e

cacls "%SystemDrive%/Program Files/Common Files" /g iis_wpg:r /e

 

cacls "%SystemRoot%/Downloaded Program Files" /g iis_wpg:c /e

cacls "%SystemRoot%/Help" /g iis_wpg:c /e

cacls "%SystemRoot%/IIS Temporary Compressed Files" /g iis_wpg:c /e

cacls "%SystemRoot%/Offline Web Pages" /g iis_wpg:c /e

cacls "%SystemRoot%/System32" /g iis_wpg:c /e

cacls "%SystemRoot%/WinSxS" /g iis_wpg:c /e

cacls "%SystemRoot%/WinSxS" /r "users" /e

cacls "%SystemRoot%/Tasks" /g iis_wpg:c /e

cacls "%SystemRoot%/Temp" /g iis_wpg:c /e

cacls "%SystemRoot%/Web" /g iis_wpg:c /e

 

echo "添加iis_wpg的访问权限[.net专用]"

cacls "%SystemRoot%/Assembly" /g iis_wpg:c /e

cacls "%SystemRoot%/Microsoft.NET" /g iis_wpg:c /e

 

echo "添加iis_wpg的访问权限[装了MACFEE的软件专用]"

cacls "%SystemDrive%/Program Files/Network Associates" /g iis_wpg:r /e

 

echo "添加users的访问权限"

cacls "%SystemRoot%/temp" /g users:c /e

goto next3

 

:next3

ECHO.

ECHO.

ECHO. ------------------------------------------------------------------------

ECHo 禁止不必要的服务,如果要退出请按Ctrl+C

ECHO YES=next set NO=this set ignore (this time 30 Second default for y)

ECHO. ------------------------------------------------------------------------

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto next4

if errorlevel 1 goto next31

 

:next31

echo Windows Registry Editor Version 5.00 >temp\Services.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser] >>temp\Services.reg

 

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scheduler] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg

 

regedit /s temp\Services.reg

 

ECHO.

goto next4

 

:next4

ECHO.

ECHO. -------------------------------------------------------------------------

ECHo 防止人侵和攻击. 如果要退出请按Ctrl+C

ECHO YES=next set NO=this set ignore (this time 30 Second default for y)

ECHO. -------------------------------------------------------------------------

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto next5

if errorlevel 1 goto next41

 

:next41

echo Windows Registry Editor Version 5.00 >temp\skyddos.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] >>temp\skyddos.reg

echo "EnableDeadGWDetect"=dword:00000000 >>temp\skyddos.reg

echo "EnableICMPRedirects"=dword:00000000 >>temp\skyddos.reg

echo "PerformRouterDiscovery"=dword:00000000 >>temp\skyddos.reg

echo "NoNameReleaseOnDemand"=dword:00000001 >>temp\skyddos.reg

echo "KeepAliveTime"=dword:000493e0 >>temp\skyddos.reg

echo "EnablePMTUDiscovery"=dword:00000000 >>temp\skyddos.reg

echo "SynAttackProtect"=dword:00000002 >>temp\skyddos.reg

echo "TcpMaxHalfOpen"=dword:00000064 >>temp\skyddos.reg

echo "TcpMaxHalfOpenRetried"=dword:00000050 >>temp\skyddos.reg

echo "TcpMaxConnectResponseRetransmissions"=dword:00000001 >>temp\skyddos.reg

echo "TcpMaxDataRetransmissions"=dword:00000003 >>temp\skyddos.reg

echo "TCPMaxPortsExhausted"=dword:00000005 >>temp\skyddos.reg

echo "DisableIPSourceRouting"=dword:0000002 >>temp\skyddos.reg

echo "TcpTimedWaitDelay"=dword:0000001e >>temp\skyddos.reg

echo "EnableSecurityFilters"=dword:00000001 >>temp\skyddos.reg

echo "TcpNumConnections"=dword:000007d0 >>temp\skyddos.reg

echo "TcpMaxSendFree"=dword:000007d0 >>temp\skyddos.reg

echo "IGMPLevel"=dword:00000000 >>temp\skyddos.reg

echo "DefaultTTL"=dword:00000016 >>temp\skyddos.reg

 

echo 删除IPC$(Internet Process Connection)是共享“命名管道”的资源

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] >>temp\skyddos.reg

echo "restrictanonymous"=dword:00000001 >>temp\skyddos.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\interfaces] >>temp\skyddos.reg

echo "PerformRouterDiscovery"=dword:00000000 >>temp\skyddos.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] >>temp\skyddos.reg

echo "BacklogIncrement"=dword:00000003 >>temp\skyddos.reg

echo "MaxConnBackLog"=dword:000003e8 >>temp\skyddos.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Afd\Parameters] >>temp\skyddos.reg

echo "EnableDynamicBacklog"=dword:00000001 >>temp\skyddos.reg

echo "MinimumDynamicBacklog"=dword:00000014 >>temp\skyddos.reg

echo "MaximumDynamicBacklog"=dword:00002e20 >>temp\skyddos.reg

echo "DynamicBacklogGrowthDelta"=dword:0000000a >>temp\skyddos.reg

 

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] >>temp\skyddos.reg

echo "autoshareserver"=dword:00000000 >>temp\skyddos.reg

 

regedit /s temp\skyddos.reg

ECHO.

ECHO.

goto next5

 

:next5

ECHO.

ECHO. ------------------------------------------------------------------------

ECHo 防止ASP木马运行 卸除WScript.Shell, Shell.application, WScript.Network

ECHO YES=next set NO=this set ignore (this time 30 Second default for y)

ECHO. -----------------------------------------------------------------------

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto next6

if errorlevel 1 goto next51

 

:next51

echo Windows Registry Editor Version 5.00 >temp\del.reg

 

echo [-HKEY_CLASSES_ROOT\Shell.Application] >>temp\del.reg

 

echo [-HKEY_CLASSES_ROOT\Shell.Application.1] >>temp\del.reg

 

echo [-HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540000}] >>temp\del.reg

 

echo [-HKEY_CLASSES_ROOT\ADODB.Command\CLSID] >>temp\del.reg

 

echo [-HKEY_CLASSES_ROOT\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}] >>temp\del.reg

 

regedit /s temp\del.reg

 

regsvr32 /u %SystemRoot%\system32\wshom.ocx

del /f/q %SystemRoot%\System32\wshom.ocx

regsvr32 /u %SystemRoot%\system32\shell32.dll

del /f/q %SystemRoot%\System32\shell32.dll

 

rmdir /q/s temp

ECHO.

goto next6

 

:next6

ECHO.

ECHO.

ECHO. ---------------------------------------------------------------------

ECHo 设置已经完成重启后才能生效.

ECHO YES=reboot server NO=exit (this time 60 Second default for y)

ECHO. ----------------------------------------------------------------------

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto end

if errorlevel 1 goto reboot

 

:reboot

shutdown /r /t 0

 

:end

if EXIST temp (rmdir /s/q temp|exit) else exit

公司名称:六安市金狮网络技术有限公司
公司地址:安徽省六安市金安区皖西大道红叶大厦802A
联系电话:0564-3214800 手机:13956148092 邮箱:120907442@qq.com QQ:120907442 / 1099497647
手机访问

© 2009-2024 六安市金狮网络技术有限公司 【质量比金 威信如狮 全程服务 放心托付】 备案:皖ICP备07501673号-11 企业营业执照号:913415000624810144