@REM Performance Logs and Alerts (performance log files and warnings)
@REM Microsoft: Collect performance data on local or remote computers based on pre-configured schedule parameters, and then write this data to a log or trigger an alarm. If this service is terminated, no performance information will be collected. If this service is disabled, any service that depends on it will not start.
@REM Addition: No valuable service
@REM Suggestions: Disable
sc config SysmonLog start= DISABLED
sc stop SysmonLog
@REM Telephony (phone voice)
@REM Microsoft: Provides telephone voice API (TAPI) support for the program that controls the telephone voice device and IP for the main voice online on the local computer and on the server that is performing this service via the local area network.
@REM Supplement: General dial-up modems or some DSL/Cables may be used
@REM Dependencies: Plug and Play, remote Procedure Call (RPC), remote Access Connection Manager, remote Access Auto Connection Manager
@REM Suggestions: Manual
sc config TapiSrv start= DISABLED
sc stop SysmonLog
@REM Distributed Link Tracking Client (Distributed Link Tracking Client)
@REM Microsoft: Maintain the connection between NTFS files in computers or in different computers in network domains.
@REM Supplement: Maintain the archive links between different computers in the network in the maintenance area
@REM Dependency: remote Procedure Call (RPC)
@REM Suggestions: Disable
sc config TrkWks start= DISABLED
sc stop TrkWks
@REM Portable Media Serial Number
@REM Microsoft: Retrieves the serial number of any portable music player connected to your computer
@REM Addition: Re-acquire any music dialing serial number through the online computer? No value service
@REM Suggestions: Disable
sc config WmdmPmSN start= DISABLED
sc stop WmdmPmSN
@REM WMI Performance Adapter
@REM Microsoft: Provides performance link library information from WMIHiPerf providers.
@REM Supplement: As mentioned above
@REM Dependency: remote Procedure Call (RPC)
@REM Suggestions: Disable
sc config WmiApSrv start= DISABLED
sc stop WmiApSrv
@REM Automatic Updates
@REM Microsoft: Enable important Windows update download and installation. If this service is disabled, you can manually update the operating system from the Windows Update website.
@REM Supplement: Allow Windows to automatically check and download update patches in the background automatically online
@REM Suggestions: Disable
sc config wuauserv start= DISABLED
sc stop wuauserv
@REM Fast User Switching Compatibility[For XP]
@REM provides management for applications that need assistance with multiple users. Rely on RPC.
sc config FastUserSwitchingCompatibility start= DEMAND
sc stop FastUserSwitchingCompatibility
@REM System Restore Service[For XP]
@REM Execute system restore function. To stop the service, close System Restore from the System Restore tab in the properties of My Computer.
sc config srservice start= DISABLED
sc stop srservice
@REM SSDP Discovery Service[For XP]
@REM Start discovery of UPnP devices on your home network.
sc config SSDPSRV start= DISABLED
sc stop SSDPSRV
@REM telnet
@REM allows remote users to log in to this computer and run programs, and supports a variety of TCP/IP Telnet customers, including UNIX and Windows-based computers. If this service is stopped, the remote user cannot access the program and any service that directly relies on it will start fail.
sc config TlntSvr start= DISABLED
sc stop TlntSvr
@REM Universal Plug and Play Device Host[For XP]
@REM provides support for hosting universal plug-and-play devices.
sc config upnphost start= DEMAND
sc stop upnphost
@REM Security Center[For XP]
@REM Monitor system security settings and configuration.
sc config wscsvc start= DISABLED
sc stop wscsvc
@REM System Event Notification
@REM Supervise system events and notify COM+ Event system "subscriber". If this service is disabled, the COM+ event system "subscriber" will not receive system event notifications. If this service is disabled, any service that depends on it will not be enabled.
@REM Suggestions: Disable
sc config SENS start= DISABLED
sc stop SENS
@REM COM+ Event System
@REM Supports System Event Notification Service (SENS), which provides automatic event distribution function for subscribed component object model (COM) components. If this service is stopped, SENS will be closed and login and logout notifications cannot be provided. If this service is disabled, no other services that explicitly rely on this service will start.
@REM Suggestions: Disable
sc config EventSystem start= DISABLED
sc stop EventSystem
@REM Windows Audio
@REM manages audio devices based on Windows-based programs. If this service is terminated, the audio device and its sound effects will not work properly. If this service is disabled, any service that depends on it will not start.
@REM Addition: What sound card is used on the server? It has been removed!
@REM Suggestions: Disable
sc config AudioSrv start= DISABLED
sc stop AudioSrv
@REM Computer Browser
@REM Maintains the update list of computers on the network and provides the list to the computer for specified browsing. If the service is stopped, the list will not be updated or maintained. If the service is disabled, any services that directly depend on this service will not be started.
@REM Suggestions: Disable
sc config Browser start= DISABLED
sc stop Browser
@REM Task Scheduler
@REM enables users to configure and schedule automatic tasks on this computer. If this service is terminated, these tasks will not run during scheduled time. If this service is disabled, any service that depends on it will not start.
@REM Suggestions: Disable
sc config Schedule start= DISABLED
sc stop Schedule
@REM Routing and Remote Access
@REM provides routing services to enterprises in LAN and WAN environments.
@REM Suggestions: Disable
sc config RemoteAccess start= DISABLED
sc stop RemoteAccess
@REM Removable Storage
@REM Manage and catalog removable media and operate automated removable media devices. If this service is stopped, programs that rely on removable storage such as backup and remote storage will slow down. If this service is disabled, all services that rely on this service will not be started.
@REM Suggestions: Disable
sc config NtmsSvc start= DISABLED
sc stop NtmsSvc
@REM Remote Registry
@REM enables remote users to modify the registry settings on this computer. If this service is terminated, only users on this computer can modify the registry. If this service is disabled, any service that depends on it will not start.
@REM Suggestions: Disable
sc config RemoteRegistry start= DISABLED
sc stop RemoteRegistry
@REM Print Spooler
@REM Manage all local and network printing queues and control all printing work. If this service is disabled, printing on the local computer will not be available. If this service is disabled, any service that depends on it will not be enabled.
@REM Suggestions: Disable
sc config Spooler start= DISABLED
sc stop Spooler
@REM Error Reporting Service
@REM Collect, store and report exceptional application crashes to Microsoft. If this service is deactivated, the error report only occurs when kernel errors and certain types of user mode errors. If this service is disabled, any service that depends on it will not be enabled.
@REM Suggestions: Disable
sc config ERSvc start= DISABLED
sc stop ERSvc
@REM Workstation
@REM Create and maintain client network connections to remote services. If the service is stopped, these connections will not be available. If the service is disabled, any services that directly depend on this service will not be started. Hackers can use this service to see all computer users.
@REM Suggestions: Disable
sc config lanmanworkstation start= DISABLED
sc stop lanmanworkstation
@REM Help and Support
@REM Enable the Help and Support Center to run on this computer. If the service is stopped, the Help and Support Center will not be available. If the service is disabled, any services that directly depend on this service will not be started.
@REM Suggestions: Disable
sc config helpsvc start= DISABLED
sc stop helpsvc
The Echo system service optimization setting is completed! Please press any key to return and select 4 to continue...
pause >nul
Goto start
:Reg
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem registry related settings
reg delete HKEY_CLASSES_ROOT\ /f
reg delete HKEY_CLASSES_ROOT\.1 /f
reg delete HKEY_CLASSES_ROOT\ /f
reg delete HKEY_CLASSES_ROOT\.1 /f
reg delete HKEY_CLASSES_ROOT\ /f
reg delete HKEY_CLASSES_ROOT\.1 /f
regsvr32 /s /u
regsvr32 /s /u
regsvr32 /s /u
The Echo Registry Dangerous Component Deletion Settings are completed! Please press any key to return and select 5 to continue...
PAUSE >nul
Goto start
:Ddos
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem DDOS flood attack prevention
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_BINARY /d "01 00 00 00" /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsHistory /t REG_BINARY /d "01 00 00 00" /f
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DontDisplayLastUserName /t REG_SZ /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareServer /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareWks /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirect /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v KeepAliveTime /t REG_DWORD /d "0x000927c0" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SynAttackProtect /t REG_DWORD /d "00000002" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpen /t REG_DWORD /d "0x000001f4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpenRetried /t REG_DWORD /d "00000190" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxConnectResponseRetransmissions /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxDataRetransmissions /t REG_DWORD /d "00000003" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TCPMaxPortsExhausted /t REG_DWORD /d "00000005" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v DisableIPSourceRouting /t REG_DWORD /d "00000002" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpTimedWaitDelay /t REG_DWORD /d "0x0000001e" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpNumConnections /t REG_DWORD /d "0x00004e20" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnablePMTUDiscovery /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v NoNameReleaseOnDemand /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableDeadGWDetect /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v PerformRouterDiscovery /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirects /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v BacklogIncrement /t REG_DWORD /d "00000005" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v MaxConnBackLog /t REG_DWORD /d "0x000007d0" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v EnableDynamicBacklog /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MinimumDynamicBacklog /t REG_DWORD /d "00000014" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MaximumDynamicBacklog /t REG_DWORD /d "00007530" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v DynamicBacklogGrowthDelta /t REG_DWORD /d "0x0000000a" /f
Rem Close port 445
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v SMBDeviceEnabled /t REG_DWORD /d "00000000" /f
Rem Close port 135
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole" /v EnableDCOM /t REG_SZ /d "N" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc" /v "DCOM Protocols" /t REG_MULTI_SZ /d "" /f
Rem prohibits the generation and deletion of dump file
The Rem dump file is a useful document to find problems when the system crashes and blue screen. However, it can also provide hackers with some sensitive information such as passwords for some applications.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 00000000 /f
attrib %SystemRoot%\ -s -r -h
del %SystemRoot%\ /s /q /f
Echo: The prevention of DDOS flood attack has been processed! Please press any key to return and select 6 to continue...
PAUSE >nul
Goto start
:Ipsec
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem Import Changlai.com's dedicated IP security policy
netsh ipsec static importpolicy
netsh ipsec static set policy name="Changlai.com’s dedicated security policy" assign=y
Rem Import Changlai.com's dedicated group strategy
secedit /configure /db /cfg /quiet
del
Echo has completed the import of Changlai.com's dedicated security policy! Please press any key to return and select 7 to continue...
PAUSE >nul
Goto start
:restartiis
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem Restart IIS to make the settings take effect
The Echo IIS service has been restarted! Please press any key to return and select other operations to continue...
PAUSE >nul
Goto start
:Auto
CLS
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Echo is cleaning up the system junk files, please wait...
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
del /f /s /q %windir%\temp\*.*
del /f /s /q %userprofile%\cookies\*.*
del /f /s /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
del /f /s /q "%userprofile%\recent\*.*"
Echo has completed cleaning up the system garbage! Now it will automatically move to the next step to continue execution...
CLS
Echo is deleting access rights to dangerous files in the system, leaving only the management group members! Please wait...
"%SystemDrive%/" /G Administrators:F
"%SystemDrive%/" /D Guests:F /E
"%SystemDrive%/" /G Administrators:F
"%SystemDrive%/" /D Guests:F /E
"%SystemDrive%/Program Files/Internet Explorer/" /G Administrators:F
"%SystemDrive%/Program Files/Internet Explorer/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/PCHealth/HelpCtr/Binaries/" /G Administrators:F
"%SystemRoot%/PCHealth/HelpCtr/Binaries/" /D Guests:F /E
"%SystemRoot%/" /G Administrators:F
"%SystemRoot%/" /D Guests:F /E
"%SystemRoot%/" /G Administrators:F
"%SystemRoot%/" /D Guests:F /E
"%SystemRoot%/" /G Administrators:F
"%SystemRoot%/" /D Guests:F /E
"%SystemRoot%/" /G Administrators:F
"%SystemRoot%/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
"%SystemRoot%/system32/" /G Administrators:F
"%SystemRoot%/system32/" /D Guests:F /E
Echo has set permissions for the system dangerous files to set! Now it will automatically move to the next step to continue execution...
CLS
Echo is setting permissions for the system's dangerous folders, please wait...
Rem Delete all Everone permissions on disk C
cd/
"%SystemDrive%" /r "Everyone" /e
"%SystemRoot%" /r "Everyone" /e
@REM " "%SystemRoot%/Registration" /r "Everyone" /e " This cannot be used for Everyone permissions
"%SystemDrive%/Documents and Settings" /r "Everyone" /e
"%SystemDrive%/Documents and Settings/All Users" /r "Everyone" /e
"%SystemDrive%/Documents and Settings/All Users/Documents" /r "Everyone" /e
"%SystemDrive%/Inetpub/aspnet_client" /r "Everyone" /e
"%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /r "Everyone" /e
"%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /r "Everyone" /e
Rem Delete all CREATOR OWNER permissions on disk C
cd/
"%SystemRoot%" /r "CREATOR OWNER" /e
"%SystemDrive%" /r "CREATOR OWNER" /e
"%SystemRoot%/repair" /r "CREATOR OWNER" /e
"%SystemRoot%/system32" /r "CREATOR OWNER" /e
"%SystemRoot%/system32/wbem" /r "CREATOR OWNER" /e
"%SystemRoot%/system32/config" /r "CREATOR OWNER" /e
"%SystemDrive%/Program Files" /r "CREATOR OWNER" /e
"%SystemDrive%/Program Files/WindowsUpdate" /r "CREATOR OWNER" /e
"%SystemDrive%/Documents and Settings/All Users/Documents" /r "CREATOR OWNER" /e
"%SystemDrive%/Documents and Settings/All Users/Application Data" /r "CREATOR OWNER" /e
Rem Delete all Power Users permissions on disk C
cd/
"%SystemRoot%" /r "Power Users" /e
"%SystemRoot%/repair" /r "Power Users" /e
"%SystemRoot%/system32" /r "Power Users" /e
"%SystemRoot%/system32/wbem" /r "Power Users" /e
"%SystemRoot%/system32/config" /r "Power Users" /e
"%SystemDrive%/Program Files" /r "Power Users" /e
"%SystemDrive%/Documents and Settings" /r "Power Users" /e
"%SystemDrive%/Program Files/WindowsUpdate" /r "Power Users" /e
"%SystemDrive%/Documents and Settings/All Users" /r "Power Users" /e
"%SystemDrive%/Documents and Settings/All Users/Documents" /r "Power Users" /e
"%SystemDrive%/Documents and Settings/All Users/Application Data" /r "Power Users" /e
"%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /r "Power Users" /e
"%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /r "Power Users" /e
Rem Delete all TERMINAL SERVER USER permissions on disk C
cd/
"%SystemDrive%/Program Files" /r "TERMINAL SERVER USER" /e
Rem Add the Guests group to deny permissions [IUSR_XXX or a virtual host user group prohibits column directories, which can effectively prevent FSO-like *s]
cd/
"%SystemDrive%/Program Files" /D Guests:1;1 /E
"%SystemRoot%/repair" /D Guests:1;1 /E
"%SystemRoot%/system32" /D Guests:1;1 /E
"%SystemRoot%/system32/config" /D Guests:1;1 /E
"%SystemRoot%/system32/inetsrv" /D Guests:1;1 /E
"%SystemRoot%/system32/inetsrv/MetaBack" /D Guests:1;1 /E
"%SystemRoot%/system32/inetsrv/ASP Compiled Templates" /D Guests:1;1 /E
"%SystemRoot%/IIS Temporary Compressed Files" /D Guests:1;1 /E
"%SystemDrive%/Documents and Settings/All Users/Application Data" /D Guests:1;1 /E
"%SystemRoot%//Framework/v1.1.4322/Temporary Files" /D Guests:1;1 /E
"%SystemRoot%//Framework/v2.0.50727/Temporary Files" /D Guests:1;1 /E
"%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /D Guests:1;1 /E
"%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/DSS/achineKeys" /D Guests:1;1 /E
"%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/RSA/MachineKeys" /D Guests:1;1 /E
"%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /D Guests:1;1 /E
Rem Delete all users access permissions on C drive
cd/
"%SystemDrive%/Documents and Settings/All Users" /r "users" /e
"%SystemDrive%/Documents and Settings/All Users/Documents" /r "users" /e
"%SystemDrive%/Documents and Settings/All Users/Application Data" /r "users" /e
"%SystemDrive%" /r "users" /e
"%SystemDrive%/Program Files" /r "users" /e
"%SystemDrive%/Documents and Settings" /r "users" /e
"%SystemRoot%" /r "users" /e
"%SystemRoot%/addins" /r "users" /e
"%SystemRoot%/AppPatch" /r "users" /e
"%SystemRoot%/Connection Wizard" /r "users" /e
"%SystemRoot%/Debug" /r "users" /e
"%SystemRoot%/Driver Cache" /r "users" /e
"%SystemRoot%/Help" /r "users" /e
"%SystemRoot%/IIS Temporary Compressed Files" /r "users" /e
"%SystemRoot%/java" /r "users" /e
"%SystemRoot%/msagent" /r "users" /e
"%SystemRoot%/mui" /r "users" /e
"%SystemRoot%/repair" /r "users" /e
"%SystemRoot%/Resources" /r "users" /e
"%SystemRoot%/security" /r "users" /e
"%SystemRoot%/system" /r "users" /e
"%SystemRoot%/TAPI" /r "users" /e
"%SystemRoot%/twain_32" /r "users" /e
"%SystemRoot%/Web" /r "users" /e
"%SystemRoot%/system32/3com_dmi" /r "users" /e
"%SystemRoot%/system32/administration" /r "users" /e
"%SystemRoot%/system32/Cache" /r "users" /e
"%SystemRoot%/system32/CatRoot2" /r "users" /e
"%SystemRoot%/system32/Com" /r "users" /e
"%SystemRoot%/system32/config" /r "users" /e
"%SystemRoot%/system32/dhcp" /r "users" /e
"%SystemRoot%/system32/drivers" /r "users" /e
"%SystemRoot%/system32/export" /r "users" /e
"%SystemRoot%/system32/icsxml" /r "users" /e
"%SystemRoot%/system32/lls" /r "users" /e
"%SystemRoot%/system32/LogFiles" /r "users" /e
"%SystemRoot%/system32/MicrosoftPassport" /r "users" /e
"%SystemRoot%/system32/mui" /r "users" /e
"%SystemRoot%/system32/oobe" /r "users" /e
"%SystemRoot%/system32/ShellExt" /r "users" /e
@Rem "%SystemRoot%/system32/wbem" /r "users" /e This affects the normal operation of the .NET program, so remove it!
Previous page123Next pageRead the full text