XP安全设置补丁的批处理命令XP安全设置补丁bat

XP安全设置补丁的批处理命令,双击即可[code]@echo offclsrem Copyright (C) 2003-05 Ansgar Wiechers & Torsten Mannrem Contact: admin@ntsvcfg.derem 深山红叶汉化remrem 免费程序，可在 GNU 框架下自由分发或/和修改。rem You can redistribute it and/or modify it underrem the terms of the GNU General Public License as published by the Free Software Foundation;rem either version 2 of the License, or (at your option) any later version.rem This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;rem without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.rem See the GNU General Public License for more details.remrem You should have received a copy of the GNU General Public License along with this program;rem if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,rem MA 02111-1307, USA.echo.REM Tested on ... WinXP_SP2REM Always basic XP64 SupportREM Modifications to BITS service (cause of v5 WindowsUpdate) - #discharged#REM Additional notices corresponding to DHCP issueREM Variables problems during RESTORE_DEFAULT usage fixedREM SMBDEVICEENABLED Restore Bug fixedREM Mod_history-09-27-2005**11-08-2005**11-29-2005**12-07-2005**12-18-2005

setlocal

REM *** INIT_VARS ***set CHK_SVC=YESset XPSP2=FALSEset SERVER=FALSEset NT_SERVER_CHK=TRUE

:STARTecho "svc2kXp.cmd" v2.2_build7b (18.12.2005), 基于 GNU GPL 发布echo ================================================================set find=%SystemRoot%System32find.exeset regedit=%SystemRoot%regedit.exeif not exist "%find%" goto :NOFINDif not exist "%regedit%" goto :NOREGEDITif not "%1" == "%*" goto :SYNTAXif /I "%1"=="/?" goto :HELPif /I "%1"=="/help" goto :HELPif /I "%1"=="-h" goto :HELPif /I "%1"=="--help" goto :HELPif /I "%1"=="-?" goto :HELPif /I "%1"=="--?" goto :HELPif /I "%1"=="/fix" goto :FIXgoto :VERSION

:SYNTAXecho.echo.echo !!语法错误!!echo ________________echo 只允许一个或没有参数。goto :QUIT

:HELPecho.echo -= 帮助 =-echo 参数:echo /lan.......一些 LAN 所需的服务保持不更改!echo /std.......关闭所有端口,但部分保持不更改echo /all.......更改所有被 www.ntsvcfg.de ("hardening") 推荐有问题的服务echo /restore...撤消上次更改echo /reLAN.....恢复 LAN 所需的服务echo /default...恢复默认出厂服务设置 (在首次使用前)echo.echo 例如: svc2kxp.cmd /allecho.set /P CHS= [Press "G" 查看 GNU GPL 信息，或 "Q" 退出]?if /I "%CHS%"=="G" goto :GNU_GPLif /I "%CHS%"=="Q" goto :QUIT_EXTCLSgoto :HELP

:GNU_GPLCLSecho Informations about GNU-General Public License for "svc2kxp.cmd"echo ===============================================================echo.echo Copyright (C) 2003-05 Ansgar Wiechers, Torsten Mannecho Contact: admin@ntsvcfg.deecho.echo This program is free software; you can redistribute it and/or modify it underecho the terms of the GNU General Public License as published by the Free Softwareecho Foundation; either version 2 of the License, or (at your option) any laterecho version. This program is distributed in the hope that it will be useful, butecho WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY orecho FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for moreecho details.echo.echo You should have received a copy of the GNU General Public License along withecho this program; if not, write to the:echo.echo Free Software Foundation, Inc.echo 59 Temple Place, Suite 330echo Boston, MA 02111-1307, USA.echo.set /P CHS= [Press "H" for help or "Q" for quit]?CLSif /I "%CHS%"=="H" goto :HELPif /I "%CHS%"=="Q" goto :QUIT_EXTgoto GNU_GPL

:VERSIONecho 正在检查系统版本 ...

if /I "%NT_SERVER_CHK%"=="FALSE" goto :SKIP_NT_SERVER_CHKREM Checking for running server version "%regedit%" /e "%TEMP%~svr.txt" "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlProductOptions" type "%TEMP%~svr.txt"|"%find%" /i "Server" >NUL if not errorlevel 1 set SERVER=TRUE type "%TEMP%~svr.txt"|"%find%" /i "LanMan" >NUL if not errorlevel 1 set SERVER=TRUE if exist "%TEMP%~svr.txt" del /F /Q "%TEMP%~svr.txt" if /I "%SERVER%"=="TRUE" goto :NTSERVER

:SKIP_NT_SERVER_CHK

ver | "%find%" /i "Windows 2000" > nulif not errorlevel 1 goto :OS2K

ver | "%find%" /i "Windows XP" > nulif not errorlevel 1 goto :OSXP

ver | "%find%" /i "Microsoft Windows [Version 5.2.3790]" > nulif not errorlevel 1 goto :OSXP64

echo !!失败!!echo __________echo.echo 此脚本只能工作于 Windows 2000/XP 系统的机器!echo.goto :QUIT

:NOFINDecho.echo !!失败!!echo __________echo.echo 对不起，以下文件丢失:echo.echo.echo # %SystemRoot%System32FIND.EXEecho.echo.goto :QUIT

:NOREGEDITecho.echo !!失败!!echo __________echo.echo 对不起以下文件丢失:echo.echo.echo # %SystemRoot%REGEDIT.EXEecho.echo.goto :QUIT

:NTSERVERecho.echo !!失败!!echo __________echo.echo 此脚本不支持 NT server 版本!echo.goto :QUIT

:OS2Krem Specific OS Detection Iset SYSTEM=2k

rem Testing for XP ServicePacks

"%regedit%" /e "%TEMP%~svclist.txt" "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion" type "%TEMP%~svclist.txt"|"%find%" /i "Service Pack 4" >NUL if errorlevel==1 (

type "%TEMP%~svclist.txt"|"%find%" /i "Service Pack 3" >NUL if errorlevel==1 (

type "%TEMP%~svclist.txt"|"%find%" /i "Service Pack 2" >NUL if errorlevel==1 (

type "%TEMP%~svclist.txt"|"%find%" /i "Service Pack 1" >NUL if errorlevel==1 (

echo !Windows 2000 [无或没有 Service Pack] 被检测到! goto NO_2KSP )

echo !Windows 2000 [Service Pack 1] 被检测到! goto :NO_2KSP )

echo !Windows 2000 [Service Pack 2] 被检测到! goto :NO_2KSP )

echo !Windows 2000 [Service Pack 3] 被检测到! goto :NO_2KSP )

echo !Windows 2000 [Service Pack 4] 被检测到! goto :NO_2KSP

:NO_2kSPif exist "%TEMP%~svclist.txt" del /F /Q "%TEMP%~svclist.txt"goto :CONTINUE

:OSXPrem Specific OS detection IIset SYSTEM=xprem Testing for XP ServicePack 2

"%regedit%" /e "%TEMP%~svclist.txt" "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion" type "%TEMP%~svclist.txt"|"%find%" /i "Service Pack 2" >NUL if errorlevel==1 (

type "%TEMP%~svclist.txt"|"%find%" /i "Service Pack 1" >NUL if errorlevel==1 (

SET XPSP2=FALSE echo !Windows XP [no or unknown Service Pack] 被检测到！ goto NO_XPSP )

SET XPSP2=FALSE echo !Windows XP [Service Pack 1] 被检测到！ goto :NO_XPSP )

SET XPSP2=TRUE echo !Windows XP [ServicePack 2] 被检测到！ goto :NO_XPSP

:OSXP64rem Specific OS detection IIset SYSTEM=xprem Testing for XP ServicePack 2

"%regedit%" /e "%TEMP%~svclist.txt" "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion" type "%TEMP%~svclist.txt"|"%find%" /i "Service Pack 2" >NUL if errorlevel==1 (

type "%TEMP%~svclist.txt"|"%find%" /i "Service Pack 1" >NUL if errorlevel==1 (

SET XPSP2=FALSE echo !EXPERIMENTAL! Windows XP64 [无或未知 Service Pack] 被检测到！ goto NO_XPSP )

SET XPSP2=FALSE echo !EXPERIMENTAL! Windows XP64 [Service Pack 1] 被检测到！ goto :NO_XPSP )

SET XPSP2=TRUE echo !EXPERIMENTAL! Windows XP64 [ServicePack 2] 被检测到！ goto :NO_XPSP

:NO_XPSPif exist "%TEMP%~svclist.txt" del /F /Q "%TEMP%~svclist.txt"goto :CONTINUE

:CONTINUE

REM Creating subdirectory "ntsvcfg" in userprofile if necessaryif not exist "%USERPROFILE%ntsvcfg*.*" mkdir "%USERPROFILE%ntsvcfg"

REM Moving old script backup files to ...%USERNAME%ntsvcfg : if exist "%USERPROFILE%dcom.reg" move /Y "%USERPROFILE%dcom.reg" "%USERPROFILE%ntsvcfgdcom.reg" if exist "%USERPROFILE%dcomp.reg" move /Y "%USERPROFILE%dcomp.reg" "%USERPROFILE%ntsvcfgdcomp.reg" if exist "%USERPROFILE%services.reg" move /Y "%USERPROFILE%services.reg" "%USERPROFILE%ntsvcfgservices.reg" if exist "%USERPROFILE%current_services_config.reg" move /Y "%USERPROFILE%current_services_config.reg" "%USERPROFILE%ntsvcfgcurrent_services_config.reg" if exist "%USERPROFILE%smb.reg" move /Y "%USERPROFILE%smb.reg" "%USERPROFILE%ntsvcfgsmb.reg" if exist "%USERPROFILE%FPRINT.REF" move /Y "%USERPROFILE%FPRINT.REF" "%USERPROFILE%ntsvcfgFPRINT.REF" if exist "%USERPROFILE%handler_aim.reg" move /Y "%USERPROFILE%handler_aim.reg" "%USERPROFILE%ntsvcfghandler_aim.reg" if exist "%USERPROFILE%handler_gopher.reg" move /Y "%USERPROFILE%handler_gopher.reg" "%USERPROFILE%ntsvcfghandler_gopher.reg" if exist "%USERPROFILE%handler_telnet.reg" move /Y "%USERPROFILE%handler_telnet.reg" "%USERPROFILE%ntsvcfghandler_telnet.reg" if exist "%USERPROFILE%services.reg.default" move /Y "%USERPROFILE%services.reg.default" "%USERPROFILE%ntsvcfgservices.reg.default" if exist "%USERPROFILE%dcom.reg.default" move /Y "%USERPROFILE%dcom.reg.default" "%USERPROFILE%ntsvcfgdcom.reg.default" if exist "%USERPROFILE%dcomp.reg.default" move /Y "%USERPROFILE%dcomp.reg.default" "%USERPROFILE%ntsvcfgdcomp.reg.default" if exist "%USERPROFILE%smb.reg.default" move /Y "%USERPROFILE%smb.reg.default" "%USERPROFILE%ntsvcfgsmb.reg.default" if exist "%USERPROFILE%handler_aim.reg.default" move /Y "%USERPROFILE%handler_aim.reg.default" "%USERPROFILE%ntsvcfghandler_aim.reg.default" if exist "%USERPROFILE%handler_gopher.reg.default" move /Y "%USERPROFILE%handler_gopher.reg.default" "%USERPROFILE%ntsvcfghandler_gopher.reg.default" if exist "%USERPROFILE%handler_telnet.reg.default" move /Y "%USERPROFILE%handler_telnet.reg.default" "%USERPROFILE%ntsvcfghandler_telnet.reg.default"

REM *****Declarations*****set SELECT="no"set SVC_BAK=%USERPROFILE%ntsvcfgservices.regset SVC_SAV=%USERPROFILE%ntsvcfgcurrent_services_config.regset DCOM_BAK=%USERPROFILE%ntsvcfgdcom.regset DCOMP_BAK=%USERPROFILE%ntsvcfgdcomp.regset SMB_BAK=%USERPROFILE%ntsvcfgsmb.regset DCOM_TMP=%TEMP%dcomoff.regset DCOMP_TMP=%TEMP%dcompoff.regset SMB_TMP=%TEMP%smboff.regset FPRINT=%USERPROFILE%ntsvcfgFPRINT.REFset HANDLER1=%USERPROFILE%ntsvcfghandler_aim.regset HANDLER2=%USERPROFILE%ntsvcfghandler_gopher.regset HANDLER3=%USERPROFILE%ntsvcfghandler_telnet.regset NB_TMP=%TEMP%nb_off.vbsset srctmp=%USERPROFILE%ntsvcfg~srcreate.vbsset DHCP_CHANGES="YES"

REM *****Options*****set SCHEDULER_ENABLED=NOset UseXPSysRestore=YESset RESTORE=NOset SVC_MOD=NOset USE_FPRINT=YESset Deactivate_NetBIOS=YESset RESTORE_MODE=2

REM *****APP_PATHs******set NET=%SystemRoot%system32net.exeset SC=%SystemRoot%system32sc.exeset FC=%SystemRoot%system32fc.exeset IPCONFIG=%SystemRoot%system32ipconfig.exe

echo 正在检查可用权限: [local], 请稍候 ..."%net%" user "%USERNAME%" 2> nul | "%find%" /i "admin" | "%find%" /i /v "name" > nulif errorlevel 1 ( echo " " " : [domain], 请稍候 ... "%net%" user "%USERNAME%" /domain 2> nul | "%find%" /i "admin" | "%find%" /i /v "name" > nul if errorlevel 1 ( echo. echo 失败! echo __________ echo 对不起，没有执行此任务的权限。 echo 请以 Administrator 登录。 echo. goto :END ) )

set IMPORT_OLD_FILES=FALSErem searching for sc.exeif not exist "%FPRINT%" echo 检查 SC.EXE 是否存在..."%sc%" qc > nul 2>&1if errorlevel 1 ( echo !!失败!! echo __________ echo. echo SC.EXE 在系统目录没有找到： [%SystemRoot%SYSTEM32] echo 请从此下载: echo. echo. echo -= ftp://ftp.microsoft.com/reskit/win2000/sc.zip =- echo. echo 自解压安装 SC.EXE echo ====================== echo. echo 如果网络连接可用，svc2kxp.cmd 可以试图自动下载 SC.EXE。 goto :SC_DOWNLOAD )

if /I "%1"=="/all" ( set SELECT="/all" goto :SKIP_MENUE )

if /I "%1"=="/relan" ( set SELECT="/relan" goto :SKIP_MENUE )

if /I "%1"=="/std" ( set SELECT="/std" goto :SKIP_MENUE )

if /I "%1"=="/default" goto :RESTORE_DEFAULTS

rem checking for modified servicesif /I %CHK_SVC%==YES ( if /I %USE_FPRINT%==YES ( if exist "%FPRINT%" ( rem Creating fingerprint of current service settings... if exist "%USERPROFILE%ntsvcfgsvc2cmp.sav" del /F /Q "%USERPROFILE%ntsvcfgsvc2cmp.sav" "%sc%" query type= service state= all bufsize= 8192 | %FIND% "SERVICE_NAME" >%TEMP%~svclist.txt for /F "tokens=1*" %%a in (%TEMP%~svclist.txt) do ( echo %%b >>"%USERPROFILE%ntsvcfgsvc2cmp.sav" "%sc%" query "%%b" | %FIND% "STATE" >>"%USERPROFILE%ntsvcfgsvc2cmp.sav" "%sc%" qc "%%b" | %FIND% "DISPLAY_NAME" >>"%USERPROFILE%ntsvcfgsvc2cmp.sav" "%SC%" qc "%%b" | %FIND% "START_TYPE" >>"%USERPROFILE%ntsvcfgsvc2cmp.sav" echo. >> "%USERPROFILE%ntsvcfgsvc2cmp.sav" ) del "%TEMP%~svclist.txt"

"%FC%" "%FPRINT%" "%USERPROFILE%ntsvcfgsvc2cmp.sav" >NUL if errorlevel 1 goto :DIFF goto OK

:DIFF echo 正在检查被修改的服务 ... 失败的服务可能被修改! [E]valuate set SVC_MOD=YES goto :MOD_END

:OK echo 正在检查被修改的服务 ... OK set SVC_MOD=NO if exist "%USERPROFILE%ntsvcfgsvc2cmp.sav" del /F /Q "%USERPROFILE%ntsvcfgsvc2cmp.sav" goto :MOD_END

:MOD_END REM ) ) )set CHK_SVC=NO

if /I "%1"=="/restore" goto :RESTORE

:MENUEif /I "%1"=="/lan" goto :SKIP_MENUEecho.echo 请选择一个要执行的任务:echo.echo (1) LAN: 一些 LAN 所需的服务保持不更改!echo (2) Standard: 关闭所有端口,但部分保持不更改echo (3) ALL: 更改所有被 www.ntsvcfg.de ("hardening") 推荐有问题的服务echo (4) restore: 恢复上次的更改echo.set /P CHS= 请选择: [1],[2],[3],[4], [M]更多选项，或 [Q]退出?

if /I "%CHS%"=="1" ( set SELECT="/lan" goto :SKIP_MENUE )

if /I "%CHS%"=="2" ( set SELECT="/std" goto :SKIP_MENUE )

if /I "%CHS%"=="3" ( set SELECT="/all" goto :SKIP_MENUE )

if /I "%CHS%"=="4" goto :RESTOREif /I "%CHS%"=="R" goto :RESTOREif /I "%CHS%"=="M" goto :MORE_OPTIONSif /I "%SVC_MOD%"=="YES" if /I "%CHS%"=="E" goto :EVALUATE_SERVICESif /I "%CHS%"=="G" goto :CREATING_NEW_FINGERPRINTif /I "%CHS%"=="Q" goto :QUITclsgoto :START

:SKIP_MENUE

rem Checking if old restorefiles exists.rem if it is so old files will be restored before new changesif not exist "%SVC_BAK%" goto :NO_RESTOREif /I %RESTORE_MODE%==3 goto :NO_RESTOREif /I %RESTORE_MODE%==4 goto :NO_RESTOREset RESTORE=YESecho.echo _______________________________________________________________________echo.echo [选择恢复模式: %RESTORE_MODE%]echo.echo.echo 注意: 找到了旧的恢复文件!echo.echo 本程序不是第一次运行。要应用所有新的更改，echo 需要适当的旧恢复文件以获取一个确定的状态。echo.echo.echo # 正在开始恢复 ...goto RESTORE_EXT

:NO_RESTORErem query if taskplaner should runif /I "%SYSTEM%"=="2k" goto :SKIP_SQUERYif /I "%SYSTEM%"=="xp" ( if /I %SELECT%=="" goto :SKIP_SQUERY if /I %SELECT%=="/all" goto :SKIP_SQUERY if /I %XPSP2%==True ( set SCHEDULER_ENABLED=YES goto :SKIP_SQUERY )

)

echo.echo.echo Queryecho ==================echo.echo.echo Should the "scheduler service" be disabled?echo.echo If you have time-controlled tasks [i.e. AV-Updates] or you will not setecho automatic system restore points press ANY KEY TO CONTINUE to close port 135echo [RPC] and port 1025 [scheduler] instantly. Otherwise press "N"echo ___________________________________________echo.set /P UNDO= Close scheduler [y/n]?if /I "%UNDO%"=="n" set SCHEDULER_ENABLED=YES

:SKIP_SQUERY

if not exist "%SVC_BAK%.default" ( echo. echo Creating backup of defaults ... "%regedit%" /e "%SVC_BAK%.default" HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices "%regedit%" /e "%DCOM_BAK%.default" HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle "%regedit%" /e "%DCOMP_BAK%.default" HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpc "%regedit%" /e "%SMB_BAK%.default" HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters "%regedit%" /e "%HANDLER1%.default" HKEY_CLASSES_ROOTAIM "%regedit%" /e "%HANDLER2%.default" HKEY_CLASSES_ROOTgopher "%regedit%" /e "%HANDLER3%.default" HKEY_CLASSES_ROOTtelnet echo ... done. )

if exist "%SVC_BAK%" ( if /I %RESTORE_MODE%==2 goto :SKIP_SAVING if /I %RESTORE_MODE%==4 goto :SKIP_SAVING )

rem saving registry settingsecho _________________________________________________________________________echo.echo [Selected Restore Mode: %RESTORE_MODE%]echo.echo Saving services settings toecho %SVC_BAK% ..."%regedit%" /e "%SVC_BAK%" HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesecho Saving DCOM settings toecho %DCOM_BAK% ..."%regedit%" /e "%DCOM_BAK%" HKEY_LOCAL_MACHINESOFTWAREMicrosoftOleecho Saving DCOM standard protocols settings toecho %DCOMP_BAK% ..."%regedit%" /e "%DCOMP_BAK%" HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcecho Saving SMB settings toecho %SMB_BAK%"%regedit%" /e "%SMB_BAK%" HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParametersecho Saving URL-Handler [AIM, GOPHER, TELNET] toecho %HANDLER1%"%regedit%" /e "%HANDLER1%" HKEY_CLASSES_ROOTAIMecho %HANDLER2%"%regedit%" /e "%HANDLER2%" HKEY_CLASSES_ROOTgopherecho %HANDLER3%"%regedit%" /e "%HANDLER3%" HKEY_CLASSES_ROOTtelnetecho.

echo All done.echo ___________________________________________echo.

:SKIP_SAVING

if /I "%SYSTEM%"=="xp" ( if /I %UseXPSysRestore%==YES ( goto :XPSYSRESTORE ) ):XPSYSRESTORE_DONE

rem reconfigure servicesrem startup: demandecho.echo Setting services to "demand" ...

echo ___________________________________________echo.echo # Checking DHCP ..."%ipconfig%" -all | "%find%" /i "Lease" > nulif errorlevel 1 ( rem trying other method for DHCP "%ipconfig%" -all | "%find%" /i "DHCP-Server" > nul if errorlevel 1 ( echo ... no active DHCP found. echo. echo Notice echo ====== echo Your configuration indicates that DHCP no longer will be required. echo But if you use a DSL internet connection this choice probably echo might be wrong. If you experiences problems during accessing the echo internet please re-activate the "DHCP Service" manually. echo. echo ___________________________________________ echo. "%sc%" config DHCP start= demand goto :SKIP_DHCP ))set DHCP_CHANGES="NO"echo ... DHCP active, status of service will NOT be changed!echo.

:SKIP_DHCP"%sc%" config dmadmin start= demand"%sc%" config DNSCache start= demand"%sc%" config mnmsrvc start= demand"%sc%" config MSIServer start= demand"%sc%" config NetDDE start= demand"%sc%" config NetDDEdsdm start= demand"%sc%" config Netman start= demand"%sc%" config NTLMSsp start= demand"%sc%" config NtmsSvc start= demand"%sc%" config PolicyAgent start= demand"%sc%" config RASAuto start= demand"%sc%" config RASMan start= demand"%sc%" config RSVP start= demand"%sc%" config Scardsvr start= demand

"%sc%" query ScardDrv | "%find%" /i "OpenService FAILED" >NULif errorlevel 1 "%sc%" config ScardDrv start= demand

if /I %XPSP2%==True ( rem If XP SP2 is installed there are less changes to XP-ICF if /I %SELECT%=="/std" goto :SKIP_FIREWALL )"%sc%" config SharedAccess start= demand

:SKIP_FIREWALL"%sc%" config Sysmonlog start= demand"%sc%" config TAPISrv start= demand"%sc%" config TrkWks start= demand"%sc%" config UPS start= demand"%sc%" config W32Time start= demand"%sc%" config WMI start= demand

if /I %SELECT%=="/all" ( "%sc%" config SamSs start= demand "%sc%" config LmHosts start= demand "%sc%" config Winmgmt start= demand )

if /I "%SYSTEM%"=="2k" ( "%sc%" config AppMgmt start= demand "%sc%" config Browser start= demand "%sc%" config clipsrv start= demand "%sc%" config EventSystem start= demand "%sc%" config Fax start= demand "%sc%" config netlogon start= demand "%sc%" config RPCLocator start= demand "%sc%" config Utilman start= demand if /I %SELECT%=="/all" ( "%sc%" config seclogon start= demand "%sc%" config RPCSs start= demand "%sc%" config lanmanServer start= demand ) )

if /I "%SYSTEM%"=="xp" ( "%sc%" config ALG start= demand "%sc%" config FastUserSwitchingCompatibility start= demand "%sc%" config helpsvc start= demand "%sc%" config ImapiService start= demand "%sc%" config Nla start= demand "%sc%" config RdSessMgr start= demand "%sc%" config seclogon start= demand "%sc%" config stisvc start= demand "%sc%" config SwPrv start= demand "%sc%" config TermService start= demand "%sc%" config upnphost start= demand "%sc%" config VSS start= demand

"%sc%" query WmdmPmSp | "%find%" /i "OpenService FAILED" >NUL if errorlevel 1 "%sc%" config WmdmPmSp start= demand

"%sc%" config WmiApSrv start= demand rem Wireless Zero Configuration - fuer WLAN-Verbindungen notwendig. rem Falls erforderlich auf AUTO stellen. rem "%sc%" config WZCSVC start= demand )echo.

rem startup: autoecho Setting services to "auto" ..."%sc%" config dmserver start= auto"%sc%" config eventlog start= auto"%sc%" config PlugPlay start= auto"%sc%" config ProtectedStorage start= auto"%sc%" config sens start= auto"%sc%" config spooler start= auto

if /I "%SYSTEM%"=="2k" ( "%sc%" config lanmanworkstation start= auto "%sc%" config alerter start= auto )

if /I "%SYSTEM%"=="xp" ( "%sc%" query InteractiveLogon | "%find%" /i "OpenService FAILED" >NUL if errorlevel 1 "%sc%" config InteractiveLogon start= auto "%sc%" config Audiosrv start= auto "%sc%" config CryptSvc start= auto "%sc%" config RPCSs start= auto "%sc%" config ShellHWDetection start= auto "%sc%" config srservice start= auto "%sc%" query uploadmgr | "%find%" /i "OpenService FAILED" >NUL if errorlevel 1 "%sc%" config uploadmgr start= auto "%sc%" config WebClient start= auto )echo.

rem startup: disabledecho Setting services to "disabled" ..."%sc%" config cisvc start= disabled"%sc%" config MSDTC start= disabled"%sc%" config RemoteAccess start= disabled"%sc%" config TlntSvr start= disabled"%sc%" config messenger start= disabled

if /I %SELECT%=="/all" ( "%sc%" query BITS | "%find%" /i "SERVICE_NAME" >NUL if not errorlevel 1 "%sc%" config BITS start= disabled "%sc%" query wuauserv | "%find%" /i "SERVICE_NAME" >NUL if not errorlevel 1 "%sc%" config wuauserv start= disabled "%sc%" config schedule start= disabled "%sc%" config RemoteRegistry start= disabled )

if /I "%SYSTEM%"=="xp" ( "%sc%" config ERSvc start= disabled "%sc%" config HidServ start= disabled "%sc%" config SSDPSRV start= disabled

if /I %SELECT%=="/lan" ( if /I %SCHEDULER_ENABLED%==NO "%sc%" config schedule start= disabled )

if /I %SELECT%=="/std" ( if /I %SCHEDULER_ENABLED%==NO "%sc%" config schedule start= disabled )

if /I %XPSP2%==True ( echo. echo XPSP2: 正在禁用安全中心 ... "%sc%" config wscsvc start= disabled ) )

echo.echo ------------------echo # Checking and stopping unnecessary system services ...echo."%sc%" query cisvc | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop cisvc"%sc%" query RemoteAccess | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop RemoteAccess"%sc%" query TlntSvr | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop TlntSvr"%sc%" query MSDTC | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop MSDTC"%sc%" query messenger | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop messenger

if /I %SELECT%=="/all" ( "%sc%" query BITS | "%find%" /i "SERVICE_NAME" >NUL if not errorlevel 1 ( "%sc%" query BITS | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop BITS ) "%sc%" query wuauserv | "%find%" /i "SERVICE_NAME" >NUL if not errorlevel 1 ( "%sc%" query wuauserv | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop wuauserv ) "%sc%" query schedule | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop schedule )

if /I "%SYSTEM%"=="xp" ( if /I %SELECT%=="/lan" ( if /I %SCHEDULER_ENABLED%==NO "%net%" ( "%sc%" query schedule | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop schedule ) )

if /I %SELECT%=="/std" ( if /I %SCHEDULER_ENABLED%==NO "%net%" ( "%sc%" query schedule | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop schedule )

if /I %XPSP2%==True ( "%sc%" query wscsvc | "%find%" /i "4 RUNNING" >NUL if not errorlevel 1 "%net%" stop wscsvc )

)

echo ------------------echo Disabling DCOM ...echo REGEDIT4 > "%DCOM_TMP%"echo. >> "%DCOM_TMP%"echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle] >> "%DCOM_TMP%"echo "EnableDCOM"="N" >> "%DCOM_TMP%"echo "EnableDCOMHTTP"="N" >> "%DCOM_TMP%"echo. >> "%DCOM_TMP%"echo. >> "%DCOM_TMP%""%regedit%" /s "%DCOM_TMP%"del /F /Q "%DCOM_TMP%"

echo Disabling DCOM standard protocols ...echo REGEDIT4 > "%DCOMP_TMP%"echo. >> "%DCOMP_TMP%"echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpc] >> "%DCOMP_TMP%"echo "DCOM Protocols"=hex(7):00,00,00,00 >> "%DCOMP_TMP%"echo. >> "%DCOMP_TMP%"echo. >> "%DCOMP_TMP%""%regedit%" /s "%DCOMP_TMP%"del /F /Q "%DCOMP_TMP%"

echo Disabling port 135 (maybe 1025 too) ... echo - Removing RPC Client Protocols echo REGEDIT4 > "%SMB_TMP%" echo [-HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcClientProtocols] >> "%SMB_TMP%" echo. >> "%SMB_TMP%"

if /I %SCHEDULER_ENABLED%==NO ( echo - Advanced RPC Configuration echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcInternet] >> "%SMB_TMP%" echo "PortsInternetAvailable"="N" >> "%SMB_TMP%" echo "UseInternetPorts"="N" >> "%SMB_TMP%" echo. >> "%SMB_TMP%" )

if /I %XPSP2%==TRUE ( echo - Advanced RPC Configuration echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcInternet] >> "%SMB_TMP%" echo "PortsInternetAvailable"="N" >> "%SMB_TMP%" echo "UseInternetPorts"="N" >> "%SMB_TMP%" echo. >> "%SMB_TMP%" )

echo - Removing needless URL Handler [AIM,gopher,telnet] echo [-HKEY_CLASSES_ROOTAIM] >> "%SMB_TMP%" echo [-HKEY_CLASSES_ROOTgopher] >> "%SMB_TMP%" echo [-HKEY_CLASSES_ROOTtelnet] >> "%SMB_TMP%" echo. >> "%SMB_TMP%" echo. >> "%SMB_TMP%" "%regedit%" /s "%SMB_TMP%" del /F /Q "%SMB_TMP%"

if /I %SELECT%=="/all" ( echo. echo Disabling SMB port 445 ... echo REGEDIT4 > "%SMB_TMP%" echo. >> "%SMB_TMP%" echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters] >> "%SMB_TMP%" echo "SMBDeviceEnabled"=dword:00000000 >> "%SMB_TMP%" echo. >> "%SMB_TMP%" echo. >> "%SMB_TMP%" "%regedit%" /s "%SMB_TMP%" del /F /Q "%SMB_TMP%" set REBOOT_REQUIRED=yes )

if /I %SELECT%=="/std" ( echo. echo Disabling SMB port 445 ... echo REGEDIT4 > "%SMB_TMP%" echo. >> "%SMB_TMP%" echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters] >> "%SMB_TMP%" echo "SMBDeviceEnabled"=dword:00000000 >> "%SMB_TMP%" echo. >> "%SMB_TMP%" echo. >> "%SMB_TMP%" "%regedit%" /s "%SMB_TMP%" del /F /Q "%SMB_TMP%" set REBOOT_REQUIRED=yes )

if /I %SELECT%=="/std" goto :NB_DISABLEif /I %SELECT%=="/all" goto :NB_DISABLEgoto :SKIP_NB_DISABLE

:NB_DISABLE if /I %DEACTIVATE_NETBIOS%==NO ( echo. echo. Due problems with SP2 and deactivating NetBIOS this option echo will be skipped. echo. goto :SKIP_NB_DISABLE )

rem Because of problems with SP2 Netbios: if /I %XPSP2%==True ( echo. echo Note: echo ----- echo If you experiencing problems after updating Windows XP with echo Service Pack 2 please do following: echo. echo set Deactivate_NetBIOS=NO echo. ) rem *** Thx2 Johannes Lichtenberger for the following lines using vbscript*** echo Disable NetBios on all local interfaces ... echo. echo On Error Resume Next>> "%nb_tmp%" echo.>> "%nb_tmp%" echo TcpipoverNetbios = 2 '0=NetbiosfromDHCP 1=EnableNetbios 2=DisableNetbios>> "%nb_tmp%" echo.>> "%nb_tmp%" echo strComputer = ".">> "%nb_tmp%" echo Set objWMIService = GetObject("winmgmts:" ^& strComputer ^& "rootcimv2")>> "%nb_tmp%" echo Set objNICs = objWMIService.ExecQuery _>> "%nb_tmp%" echo ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")>> "%nb_tmp%" echo For Each objNic In objNICs>> "%nb_tmp%" echo errTcpipNetbios = objNic.SetTCPIPNetBIOS(TcpipoverNetbios)>> "%nb_tmp%" echo Next>> "%nb_tmp%" "%SYSTEMROOT%SYSTEM32CSCRIPT.EXE" "%nb_tmp%" del /F /Q "%nb_tmp%" set REBOOT_REQUIRED=yes

:SKIP_NB_DISABLErem Skip Billboard because /all is usedif /I %SELECT%=="/all" goto :SW_ALLif /I %SELECT%=="/std" goto :S

警告：运行BAT源码是一种危险的动作，如果你不熟悉，请不要尝试！