@echo off echo 判断是否有光驱,如有将光驱盘符修改为K... for /f "delims=" %%i in ('Wmic LogicalDisk Where "DriveType='5'" Get DeviceID/Value') do set "%%i">nul rem 利用for命令寻找驱动号为5的驱动,2移动磁盘,3本地磁盘,5光驱,DeviceID为盘符Name为驱动名 rem 参数delims=设置分隔符,"delims="留空代表取消默认的以空格作为分隔符,意思就是全显示不分隔 rem 单纯使用delims而不用tokens时,只显示第一个分隔符前的内容,第一个分隔符和第一个分隔符后面的内容将被忽略 rem 可以设置多个分隔符配合tokens提字符串,"tokens=1,3 delims=、."意思是用顿号和点分割原字符串,然后显示第一和第三列 rem 跳过开头的n行参数skip=n,如"skip=1 tokens=1,2-4 delims=、-." rem 最后的%%i %%j %%k %%l对应于token后面的列数,有多少列就要有多少个输出变量,并且各变量中的字母存在先后顺序 set "CDROM=%DeviceID%" rem 将驱动号为5光驱设为CDROM,请不要命名为CD会出错,我也不知道原因 if "%CDROM%"=="" goto kms rem 如果光驱不存在,跳转到kms标签,标签后最好不要有空格 for /f %%i in ('mountvol %CDROM% /l') do set "vol=%%i" mountvol %CDROM% /d mountvol K: %vol% echo 通过光驱的K:\ip.txt设置IP... rem 请将ip.txt集成到ISO安装盘的根目录 rem ip.txt的内容为183.36.37.197|255.255.255.192|183.36.37.193|8.8.8.8|223.5.5.5| rem 请注意不要用空格,上面的格式为“IP|掩码|网关|DNS1|DNS2|” if exist "K:\ip.txt" (set "OK=OK") else (set "NO=NO") if "%NO%"=="NO" goto kms rem 如果光驱K:\中不存在ip.txt则跳转到kms标签 for /f "tokens=1 delims=|" %%i in ('type "K:\ip.txt"') do set "newip2=%%i">nul for /f "tokens=2 delims=|" %%i in ('type "K:\ip.txt"') do set "netmask2=%%i">nul for /f "tokens=3 delims=|" %%i in ('type "K:\ip.txt"') do set "gateway2=%%i">nul for /f "tokens=4 delims=|" %%i in ('type "K:\ip.txt"') do set "dns3=%%i">nul for /f "tokens=5 delims=|" %%i in ('type "K:\ip.txt"') do set "dns4=%%i">nul for /f "tokens=*" %%i in ('wmic nic where "NetConnectionStatus='2'" get NetConnectionID /value^|find "="') do set %%i set "NetConnectionID=%NetConnectionID%" for /f "tokens=*" %%i in ('wmic nic where "NetConnectionID='%NetConnectionID%'" get index /value^|find "="') do set %%i set "index=%index%" wmic nicconfig where index="%index%" call enablestatic("%newip2%"),("%netmask2%") wmic nicconfig where index="%index%" call setgateways("%gateway2%"),(1) wmic nicconfig where index="%index%" call SetDNSServerSearchOrder("%dns3%","%dns4%") wmic nicconfig where index="%index%" call SetTcpipNetbios 2 :kms echo 开始激活WIN2012R2系统(重启后生效)... if exist "K:\KMS\Loader.exe" (set "OK2=OK2") else (set "NO2=NO2") if "%NO2%"=="NO2" goto port rem 如果光驱K:\中不存在KMS\Loader.exe则跳转到port标签 mkdir %windir%\KMS xcopy "K:\KMS" "%windir%\KMS" /s /e /c /y rem 参数说明/s复制子目录 /e复制空目录 /c忽略错误 /y不提示覆盖 rem 请将激活程序文件夹KMS放光盘ISO的根目录 icacls "%windir%\KMS" /inheritance:d /C icacls "%windir%\KMS" /remove everyone /C icacls "%windir%\KMS" /remove users /C icacls "%windir%\KMS" /remove "creator owner" /C icacls "%windir%\KMS" /remove trustedinstaller /C icacls "%windir%\KMS" /remove "all application packages" /C start /wait %windir%\KMS\Loader.exe /silent rem 激活系统start的参数wait为运行结束后再运行下一个 rem 如果激活2008-2012系统用start /wait %windir%\KMS\Loader.exe /silent rem Loader激活后面再加/restart参数在激活后重启服务器 rem 如果激活2016-2022系统用start /wait cmd /c %windir%\KMS38\KMS38_Activation.cmd /ap rem 用cmd /c打开一个新的cmd窗口执行cmd,执行完后关闭这个打开的cmd窗口 rem 用cmd /k打开一个新的cmd窗口执行cmd,命令执行完后不关闭这个打开的cmd窗口(这样无法判断命令执行完毕) rem 有些程序执行慢可加命令TIMEOUT /T 20等待20秒 :port echo 正在关闭TCP和UDP的135、137、138、139、445端口… echo 防火墙中关闭端口规则需要确保防火墙是开启状态才生效 netsh advfirewall firewall add rule name = "关闭TCP135端口" dir = in action = block protocol = TCP localport = 135 netsh advfirewall firewall add rule name = "关闭UDP135端口" dir = in action = block protocol = UDP localport = 135 netsh advfirewall firewall add rule name = "关闭TCP137-139端口" dir = in action = block protocol = TCP localport = 137-139 netsh advfirewall firewall add rule name = "关闭UDP137-139端口" dir = in action = block protocol = UDP localport = 137-139 netsh advfirewall firewall add rule name = "关闭TCP445端口" dir = in action = block protocol = TCP localport = 445 netsh advfirewall firewall add rule name = "关闭UDP445端口" dir = in action = block protocol = UDP localport = 445 netsh advfirewall firewall add rule name = "关闭TCP1211端口" dir = in action = block protocol = TCP localport = 1211 netsh advfirewall firewall add rule name = "关闭UDP1211端口" dir = in action = block protocol = UDP localport = 1211 echo 正在关闭TCP的88 389 464 593 636 1025 1720端口… netsh advfirewall firewall add rule name = "关闭TCP88端口" dir = in action = block protocol = TCP localport = 88 netsh advfirewall firewall add rule name = "关闭TCP389端口" dir = in action = block protocol = TCP localport = 389 netsh advfirewall firewall add rule name = "关闭TCP464端口" dir = in action = block protocol = TCP localport = 464 netsh advfirewall firewall add rule name = "关闭TCP593端口" dir = in action = block protocol = TCP localport = 593 netsh advfirewall firewall add rule name = "关闭TCP636端口" dir = in action = block protocol = TCP localport = 636 netsh advfirewall firewall add rule name = "关闭TCP1025端口" dir = in action = block protocol = TCP localport = 1025 netsh advfirewall firewall add rule name = "关闭TCP1720端口" dir = in action = block protocol = TCP localport = 1720 echo 正在关闭TCP的3001-3003 3095-3097端口… netsh advfirewall firewall add rule name = "关闭TCP3001-3003端口" dir = in action = block protocol = TCP localport = 3001-3003 netsh advfirewall firewall add rule name = "关闭TCP3095-3097端口" dir = in action = block protocol = TCP localport = 3095-3097 echo 放行能ping通… netsh advfirewall firewall set rule name="文件和打印机共享(回显请求 - ICMPv4-In)" new enable=yes netsh advfirewall firewall set rule name="虚拟机监控(回显请求- ICMPv4-In)" new enable=yes echo 简单设置服务器部分目录安全权限,请耐性等待… icacls %HOMEDRIVE%\ /remove everyone /C icacls %HOMEDRIVE%\ /remove users /C icacls %HOMEDRIVE%\ /remove "creator owner" /C icacls %HOMEDRIVE%\ /remove *S-1-15-2-1 /C icacls %HOMEDRIVE%\ /remove *S-1-15-2-2 /C icacls %HOMEDRIVE%\ /remove *S-1-5-11 /C icacls %HOMEDRIVE%\ /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C icacls %HOMEDRIVE%\ /grant:r users:(RA) icacls %windir%\system32\catroot2\* /reset /T /C icacls %HOMEDRIVE%\$RECYCLE.BIN /remove users /C icacls C:\ /remove everyone /C icacls C:\ /remove users /C icacls C:\ /remove "creator owner" /C icacls C:\ /remove *S-1-15-2-1 /C icacls C:\ /remove *S-1-15-2-2 /C icacls C:\ /remove *S-1-5-11 /C icacls C:\ /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C icacls C:\ /grant:r users:(RA) icacls C:\windows\system32\catroot2\* /reset /T /C icacls C:\$RECYCLE.BIN /remove users /C icacls D:\$RECYCLE.BIN /remove users /C icacls E:\$RECYCLE.BIN /remove users /C icacls F:\$RECYCLE.BIN /remove users /C icacls G:\$RECYCLE.BIN /remove users /C icacls H:\$RECYCLE.BIN /remove users /C icacls %HOMEDRIVE%\RECYCLER /remove users /C icacls C:\RECYCLER /remove users /C icacls D:\RECYCLER /remove users /C icacls E:\RECYCLER /remove users /C icacls F:\RECYCLER /remove users /C icacls G:\RECYCLER /remove users /C icacls H:\RECYCLER /remove users /C echo 关闭系统危险服务… net stop LanmanServer /y sc config LanmanServer start= disabled net stop LmHosts /y sc config LmHosts start= disabled net stop Spooler /y sc config Spooler start= disabled net stop VSS /y sc config VSS start= disabled sc config wuauserv start= demand echo 卸载危险组件 regsvr32 /u %windir%\system32\wshom.ocx /s regsvr32 /u %windir%\system32\shell32.dll /s echo 设置危险程序的用户权限 takeown /f %windir%\system32\at.exe icacls %windir%\system32\at.exe /inheritance:d icacls %windir%\system32\at.exe /grant:r administrators:F icacls %windir%\system32\at.exe /grant:r system:F icacls %windir%\system32\at.exe /remove users /C icacls %windir%\system32\at.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\at.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\at.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\attrib.exe icacls %windir%\system32\attrib.exe /inheritance:d icacls %windir%\system32\attrib.exe /grant:r administrators:F icacls %windir%\system32\attrib.exe /grant:r system:F icacls %windir%\system32\attrib.exe /remove users /C icacls %windir%\system32\attrib.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\attrib.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\attrib.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\cacls.exe icacls %windir%\system32\cacls.exe /inheritance:d icacls %windir%\system32\cacls.exe /grant:r administrators:F icacls %windir%\system32\cacls.exe /grant:r system:F icacls %windir%\system32\cacls.exe /remove users /C icacls %windir%\system32\cacls.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\cacls.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\cacls.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\cmd.exe icacls %windir%\system32\cmd.exe /inheritance:d icacls %windir%\system32\cmd.exe /grant:r administrators:F icacls %windir%\system32\cmd.exe /grant:r system:F icacls %windir%\system32\cmd.exe /remove users /C icacls %windir%\system32\cmd.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\cmd.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\cmd.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\format.com icacls %windir%\system32\format.com /inheritance:d icacls %windir%\system32\format.com /grant:r administrators:F icacls %windir%\system32\format.com /grant:r system:F icacls %windir%\system32\format.com /remove users /C icacls %windir%\system32\format.com /remove *S-1-15-2-1 /C icacls %windir%\system32\format.com /remove *S-1-15-2-2 /C icacls %windir%\system32\format.com /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\ftp.exe icacls %windir%\system32\ftp.exe /inheritance:d icacls %windir%\system32\ftp.exe /grant:r administrators:F icacls %windir%\system32\ftp.exe /grant:r system:F icacls %windir%\system32\ftp.exe /remove users /C icacls %windir%\system32\ftp.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\ftp.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\ftp.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\net.exe icacls %windir%\system32\net.exe /inheritance:d icacls %windir%\system32\net.exe /grant:r administrators:F icacls %windir%\system32\net.exe /grant:r system:F icacls %windir%\system32\net.exe /remove users /C icacls %windir%\system32\net.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\net.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\net.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\net1.exe icacls %windir%\system32\net1.exe /inheritance:d icacls %windir%\system32\net1.exe /grant:r administrators:F icacls %windir%\system32\net1.exe /grant:r system:F icacls %windir%\system32\net1.exe /remove users /C icacls %windir%\system32\net1.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\net1.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\net1.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\netstat.exe icacls %windir%\system32\netstat.exe /inheritance:d icacls %windir%\system32\netstat.exe /grant:r administrators:F icacls %windir%\system32\netstat.exe /grant:r system:F icacls %windir%\system32\netstat.exe /remove users /C icacls %windir%\system32\netstat.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\netstat.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\netstat.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\wshom.ocx icacls %windir%\system32\wshom.ocx /inheritance:d icacls %windir%\system32\wshom.ocx /grant:r administrators:F icacls %windir%\system32\wshom.ocx /grant:r system:F icacls %windir%\system32\wshom.ocx /remove users /C icacls %windir%\system32\wshom.ocx /remove *S-1-15-2-1 /C icacls %windir%\system32\wshom.ocx /remove *S-1-15-2-2 /C icacls %windir%\system32\wshom.ocx /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\at.exe icacls %windir%\syswow64\at.exe /inheritance:d icacls %windir%\syswow64\at.exe /grant:r administrators:F icacls %windir%\syswow64\at.exe /grant:r system:F icacls %windir%\syswow64\at.exe /remove users /C icacls %windir%\syswow64\at.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\at.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\at.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\attrib.exe icacls %windir%\syswow64\attrib.exe /inheritance:d icacls %windir%\syswow64\attrib.exe /grant:r administrators:F icacls %windir%\syswow64\attrib.exe /grant:r system:F icacls %windir%\syswow64\attrib.exe /remove users /C icacls %windir%\syswow64\attrib.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\attrib.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\attrib.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\cacls.exe icacls %windir%\syswow64\cacls.exe /inheritance:d icacls %windir%\syswow64\cacls.exe /grant:r administrators:F icacls %windir%\syswow64\cacls.exe /grant:r system:F icacls %windir%\syswow64\cacls.exe /remove users /C icacls %windir%\syswow64\cacls.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\cacls.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\cacls.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\cmd.exe icacls %windir%\syswow64\cmd.exe /inheritance:d icacls %windir%\syswow64\cmd.exe /grant:r administrators:F icacls %windir%\syswow64\cmd.exe /grant:r system:F icacls %windir%\syswow64\cmd.exe /remove users /C icacls %windir%\syswow64\cmd.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\cmd.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\cmd.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\format.com icacls %windir%\syswow64\format.com /inheritance:d icacls %windir%\syswow64\format.com /grant:r administrators:F icacls %windir%\syswow64\format.com /grant:r system:F icacls %windir%\syswow64\format.com /remove users /C icacls %windir%\syswow64\format.com /remove *S-1-15-2-1 /C icacls %windir%\syswow64\format.com /remove *S-1-15-2-2 /C icacls %windir%\syswow64\format.com /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\ftp.exe icacls %windir%\syswow64\ftp.exe /inheritance:d icacls %windir%\syswow64\ftp.exe /grant:r administrators:F icacls %windir%\syswow64\ftp.exe /grant:r system:F icacls %windir%\syswow64\ftp.exe /remove users /C icacls %windir%\syswow64\ftp.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\ftp.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\ftp.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\net.exe icacls %windir%\syswow64\net.exe /inheritance:d icacls %windir%\syswow64\net.exe /grant:r administrators:F icacls %windir%\syswow64\net.exe /grant:r system:F icacls %windir%\syswow64\net.exe /remove users /C icacls %windir%\syswow64\net.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\net.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\net.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\net1.exe icacls %windir%\syswow64\net1.exe /inheritance:d icacls %windir%\syswow64\net1.exe /grant:r administrators:F icacls %windir%\syswow64\net1.exe /grant:r system:F icacls %windir%\syswow64\net1.exe /remove users /C icacls %windir%\syswow64\net1.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\net1.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\net1.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\netstat.exe icacls %windir%\syswow64\netstat.exe /inheritance:d icacls %windir%\syswow64\netstat.exe /grant:r administrators:F icacls %windir%\syswow64\netstat.exe /grant:r system:F icacls %windir%\syswow64\netstat.exe /remove users /C icacls %windir%\syswow64\netstat.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\netstat.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\netstat.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\wshom.ocx icacls %windir%\syswow64\wshom.ocx /inheritance:d icacls %windir%\syswow64\wshom.ocx /grant:r administrators:F icacls %windir%\syswow64\wshom.ocx /grant:r system:F icacls %windir%\syswow64\wshom.ocx /remove users /C icacls %windir%\syswow64\wshom.ocx /remove *S-1-15-2-1 /C icacls %windir%\syswow64\wshom.ocx /remove *S-1-15-2-2 /C icacls %windir%\syswow64\wshom.ocx /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\regedit.exe icacls %windir%\regedit.exe /inheritance:d icacls %windir%\regedit.exe /grant:r administrators:F icacls %windir%\regedit.exe /grant:r system:F icacls %windir%\regedit.exe /remove users /C icacls %windir%\regedit.exe /remove *S-1-15-2-1 /C icacls %windir%\regedit.exe /remove *S-1-15-2-2 /C icacls %windir%\regedit.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\reg.exe icacls %windir%\system32\reg.exe /inheritance:d icacls %windir%\system32\reg.exe /grant:r administrators:F icacls %windir%\system32\reg.exe /grant:r system:F icacls %windir%\system32\reg.exe /remove users /C icacls %windir%\system32\reg.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\reg.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\reg.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\regedit.exe icacls %windir%\system32\regedit.exe /inheritance:d icacls %windir%\system32\regedit.exe /grant:r administrators:F icacls %windir%\system32\regedit.exe /grant:r system:F icacls %windir%\system32\regedit.exe /remove users /C icacls %windir%\system32\regedit.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\regedit.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\regedit.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\system32\regedt32.exe icacls %windir%\system32\regedt32.exe /inheritance:d icacls %windir%\system32\regedt32.exe /grant:r administrators:F icacls %windir%\system32\regedt32.exe /grant:r system:F icacls %windir%\system32\regedt32.exe /remove users /C icacls %windir%\system32\regedt32.exe /remove *S-1-15-2-1 /C icacls %windir%\system32\regedt32.exe /remove *S-1-15-2-2 /C icacls %windir%\system32\regedt32.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\reg.exe icacls %windir%\syswow64\reg.exe /inheritance:d icacls %windir%\syswow64\reg.exe /grant:r administrators:F icacls %windir%\syswow64\reg.exe /grant:r system:F icacls %windir%\syswow64\reg.exe /remove users /C icacls %windir%\syswow64\reg.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\reg.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\reg.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\regedit.exe icacls %windir%\syswow64\regedit.exe /inheritance:d icacls %windir%\syswow64\regedit.exe /grant:r administrators:F icacls %windir%\syswow64\regedit.exe /grant:r system:F icacls %windir%\syswow64\regedit.exe /remove users /C icacls %windir%\syswow64\regedit.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\regedit.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\regedit.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C takeown /f %windir%\syswow64\regedt32.exe icacls %windir%\syswow64\regedt32.exe /inheritance:d icacls %windir%\syswow64\regedt32.exe /grant:r administrators:F icacls %windir%\syswow64\regedt32.exe /grant:r system:F icacls %windir%\syswow64\regedt32.exe /remove users /C icacls %windir%\syswow64\regedt32.exe /remove *S-1-15-2-1 /C icacls %windir%\syswow64\regedt32.exe /remove *S-1-15-2-2 /C icacls %windir%\syswow64\regedt32.exe /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C if exist "K:\0.服务器IP安全策略2020-客户(没限制mssql数据库1433端口和MySQL数据库3306端口对外).ipsec" (set "OK3=OK3") else (set "NO3=NO3") if "%NO3%"=="NO3" goto rdp rem 如果光驱K:\中不存在"0.服务器IP安全策略2020-客户(没限制mssql数据库1433端口和MySQL数据库3306端口对外).ipsec"文件则跳转到rdp标签 netsh ipsec static importpolicy file="K:\0.服务器IP安全策略2020-客户(没限制mssql数据库1433端口和MySQL数据库3306端口对外).ipsec" netsh ipsec static set policy name="迅恒IP安全策略-客户(没限制mssql数据库1433端口和MySQL数据库3306端口对外)" assign=y rem 请将"0.服务器IP安全策略2020-客户(没限制mssql数据库1433端口和MySQL数据库3306端口对外).ipsec"放ISO光盘根目录 :rdp echo 开启远程桌面并修改远程桌面端口 set rdpport=20300 rem 这里设置远程桌面端口号,如果设置为其他端口号请修改上面的20300 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Serve" /v fDenyTSConnections /t reg_dword /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t reg_dword /d %rdpport% /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t reg_dword /d %rdpport% /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP" /v UserAuthentication /t REG_DWORD /d 1 /f rem 开启仅允许运行使用网络级别身份验证的远程桌面的计算机连接UserAuthentication值为1(不设置默认是0) wmic RDTOGGLE WHERE ServerName='%COMPUTERNAME%' call SetAllowTSConnections 1 rem 将SetAllowTSConnections值为1是开启远程桌面,关闭远程桌面为0 netsh advfirewall firewall add rule name = "%rdpport%" dir = in action = allow protocol = TCP localport = %rdpport% netsh advfirewall set allprofiles state on net stop TermService /y net start TermService echo 创建“重启服务器”快捷方式到桌面 if exist "K:\3.重启服务器.bat" (set "OK4=OK4") else (set "NO4=NO4") if "%NO4%"=="NO4" goto internetworking xcopy "K:\3.重启服务器.bat" "%windir%\" /c /y (echo [InternetShortcut] && echo URL="%windir%\3.重启服务器.bat" echo IconIndex=46 && echo IconFile="%windir%\system32\SHELL32.dll" )>"%PUBLIC%\Desktop\重启服务器.url" rem 请将"3.重启服务器.bat"放在ISO光盘根目录 rem 查看SHELL32.dll给文件夹修改图标后看文件夹内desktop.ini文件 icacls "%windir%\3.重启服务器.bat" /inheritance:d /C icacls "%windir%\3.重启服务器.bat" /remove everyone /C icacls "%windir%\3.重启服务器.bat" /remove users /C icacls "%windir%\3.重启服务器.bat" /remove "creator owner" /C icacls "%windir%\3.重启服务器.bat" /remove trustedinstaller /C icacls "%windir%\3.重启服务器.bat" /remove "all application packages" /C :internetworking echo 创建网络连接查看软件的快捷方式到桌面 if exist "K:\7.网络连接查看.exe" (set "OK5=OK5") else (set "NO5=NO5") if "%NO5%"=="NO5" goto bandwidth xcopy "K:\7.网络连接查看.exe" "%PROGRAMFILES%\" /c /y (echo [InternetShortcut] && echo URL="%PROGRAMFILES%\7.网络连接查看.exe" echo IconIndex=0 && echo IconFile="%PROGRAMFILES%\7.网络连接查看.exe" )>"%PUBLIC%\Desktop\进程连接查看.url" rem 请将"7.网络连接查看.exe"放在ISO光盘根目录 icacls "%PROGRAMFILES%\7.网络连接查看.exe" /inheritance:d icacls "%PROGRAMFILES%\7.网络连接查看.exe" /remove everyone /C icacls "%PROGRAMFILES%\7.网络连接查看.exe" /remove users /C icacls "%PROGRAMFILES%\7.网络连接查看.exe" /remove "creator owner" /C icacls "%PROGRAMFILES%\7.网络连接查看.exe" /remove trustedinstaller /C icacls "%PROGRAMFILES%\7.网络连接查看.exe" /remove "all application packages" /C :bandwidth if exist "K:\7.流量监控.exe" (set "OK6=OK6") else (set "NO6=NO6") if "%NO6%"=="NO6" goto timecalibration xcopy "K:\7.流量监控.exe" "%PROGRAMFILES%\" /c /y rem 请将"7.流量监控.exe"放在ISO光盘根目录 icacls "%PROGRAMFILES%\7.流量监控.exe" /inheritance:d icacls "%PROGRAMFILES%\7.流量监控.exe" /remove everyone /C icacls "%PROGRAMFILES%\7.流量监控.exe" /remove users /C icacls "%PROGRAMFILES%\7.流量监控.exe" /remove "creator owner" /C icacls "%PROGRAMFILES%\7.流量监控.exe" /remove trustedinstaller /C icacls "%PROGRAMFILES%\7.流量监控.exe" /remove "all application packages" /C :timecalibration if exist "K:\9.自动校时软件(AutoCalTime)v1.2.exe" (set "OK7=OK7") else (set "NO7=NO7") if "%NO7%"=="NO7" goto winrar xcopy "K:\9.自动校时软件(AutoCalTime)v1.2.exe" "%PROGRAMFILES%\" /c /y rem 请将"9.自动校时软件(AutoCalTime)v1.2.exe"放在ISO光盘根目录 icacls "%PROGRAMFILES%\9.自动校时软件(AutoCalTime)v1.2.exe" /inheritance:d icacls "%PROGRAMFILES%\9.自动校时软件(AutoCalTime)v1.2.exe" /remove everyone /C icacls "%PROGRAMFILES%\9.自动校时软件(AutoCalTime)v1.2.exe" /remove users /C icacls "%PROGRAMFILES%\9.自动校时软件(AutoCalTime)v1.2.exe" /remove "creator owner" /C icacls "%PROGRAMFILES%\9.自动校时软件(AutoCalTime)v1.2.exe" /remove trustedinstaller /C icacls "%PROGRAMFILES%\9.自动校时软件(AutoCalTime)v1.2.exe" /remove "all application packages" /C :winrar echo 安装WINRAR if exist "K:\WinRAR6.23x64SC.exe" (set "OK8=OK8") else (set "NO8=NO8") if "%NO8%"=="NO8" goto iceweasel "K:\WinRAR6.23x64SC.exe" /S rem 请将WinRAR软件放ISO光盘根目录 icacls "%PROGRAMFILES%\WinRAR" /inheritance:d icacls "%PROGRAMFILES%\WinRAR" /remove everyone /C icacls "%PROGRAMFILES%\WinRAR" /remove users /C icacls "%PROGRAMFILES%\WinRAR" /remove "creator owner" /C icacls "%PROGRAMFILES%\WinRAR" /remove trustedinstaller /C icacls "%PROGRAMFILES%\WinRAR" /remove "all application packages" /C :iceweasel echo 安装Iceweasel浏览器 if exist "K:\Iceweasel.exe" (set "OK9=OK9") else (set "NO9=NO9") if "%NO9%"=="NO9" goto authority "K:\Iceweasel.exe" rem 请将Iceweasel.exe软件放ISO光盘根目录 reg add "HKEY_CLASSES_ROOT\http\shell\open\command" /ve /t REG_SZ /d "\"%ProgramFiles(x86)%\Iceweasel\App\Iceweasel.exe\" -osint -url \"%%1\"" /f reg add "HKEY_CLASSES_ROOT\https\shell\open\command" /ve /t REG_SZ /d "\"%ProgramFiles(x86)%\Iceweasel\App\Iceweasel.exe\" -osint -url \"%%1\"" /f rem 将Iceweasel设置为默认浏览器 将\放在引号"前会保留引号"到值里面去 (echo [InternetShortcut] && echo URL="%ProgramFiles(x86)%\Iceweasel\App\Iceweasel.exe" echo IconIndex=0 && echo IconFile="%ProgramFiles(x86)%\Iceweasel\App\Iceweasel.exe" )>"%PUBLIC%\Desktop\网络浏览器.url" icacls "%ProgramFiles(x86)%\Iceweasel" /inheritance:d icacls "%ProgramFiles(x86)%\Iceweasel" /remove everyone /C icacls "%ProgramFiles(x86)%\Iceweasel" /remove users /C icacls "%ProgramFiles(x86)%\Iceweasel" /remove "creator owner" /C icacls "%ProgramFiles(x86)%\Iceweasel" /remove trustedinstaller /C icacls "%ProgramFiles(x86)%\Iceweasel" /remove "all application packages" /C :authority echo 删除users和all application packages用户在Program Files和Program Files(x86)的权限 rem 设置Program Files权限后会使得IIS运行ASP出错,故全部注释掉不使用 rem takeown /f "%PROGRAMFILES%" rem takeown /f "%PROGRAMFILES%\*.*" /a /r /d y rem 将子文件夹和文件所有者修改为管理员组,原有可能是TrustedInstaller或system rem icacls "%PROGRAMFILES%" /inheritance:d /C rem :d禁用继承并复制权限,而:e启用继承,:r删除所有继承,/C忽略错误 rem 在inheritance:d后加/T应用到子目录和文件(一般不需要应用到子目录),如/inheritance:d /T /C rem icacls "%PROGRAMFILES%" /remove everyone /C rem 删除everyone用户的权限,并忽略错误 rem icacls "%PROGRAMFILES%" /remove users /C rem icacls "%PROGRAMFILES%" /remove "creator owner" /C rem icacls "%PROGRAMFILES%" /remove trustedinstaller /C rem icacls "%PROGRAMFILES%" /remove "all application packages" /C rem icacls "%PROGRAMFILES%\*" /reset /T /C rem 使用默认继承权限,/T应用到子目录和文件,/C忽略错误 rem 去掉\*就含""目录本身,就会将""原有权限恢复了 rem takeown /f "%PROGRAMFILES(x86)%" rem takeown /f "%PROGRAMFILES(x86)%\*.*" /a /r /d y rem icacls "%PROGRAMFILES(x86)%" /inheritance:d /C rem icacls "%PROGRAMFILES(x86)%" /remove everyone /C rem icacls "%PROGRAMFILES(x86)%" /remove users /C rem icacls "%PROGRAMFILES(x86)%" /remove "creator owner" /C rem icacls "%PROGRAMFILES(x86)%" /remove trustedinstaller /C rem icacls "%PROGRAMFILES(x86)%" /remove "all application packages" /C rem icacls "%PROGRAMFILES(x86)%\*" /reset /T /C echo 卸载恶意软件删除工具 wusa /uninstall /kb:890830 /quiet /norestart reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT" /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f echo 关闭“Windows已保护你的电脑”的提示 reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d Off /f echo 创建右键菜单-用记事本打开 reg add "HKEY_CLASSES_ROOT\*\shell\用记事本打开\command" /ve /t REG_SZ /d "notepad.exe %%1" /f echo 创建右键菜单-在此执行CMD命令 reg add "HKEY_CLASSES_ROOT\Folder\shell\在此执行CMD命令\command" /ve /t REG_SZ /d "cmd.exe /k cd %%1" /f echo 关闭自动维护 reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance" /v MaintenanceDisabled /t REG_DWORD /d 1 /f echo 创建计划任务 schtasks /delete /tn "改名" /f rem 先删除旧的计划任务,以免重复执行 schtasks /create /tn "改名C" /tr "%HOMEDRIVE%\gaimingc.bat" /sc onstart /ru System /f schtasks /create /tn "改名K" /tr "K:\gaimingk.bat" /sc onstart /ru System /f rem 确保不出问题没用%HOMEDRIVE%路径,直接用C: echo 首次登陆系统提示重启服务器和自动关闭密码策略复杂性设置 echo echo 提醒重启服务器>%HOMEDRIVE%\prompt.bat echo start mshta vbscript:msgbox("请重启服务器!重启后系统自动激活,IIS等组件才能正常安装!!",64,"请重启服务器")(window.close)>>%HOMEDRIVE%\prompt.bat echo del /f /q "%%windir%%\System32\Tasks\提醒重启服务器">>%HOMEDRIVE%\prompt.bat echo echo 关闭密码策略的复杂性要求>>%HOMEDRIVE%\prompt.bat echo echo [version]^>^>%%HOMEDRIVE%%\gp.inf>>%HOMEDRIVE%\prompt.bat echo echo signature="$CHICAGO$"^>^>%%HOMEDRIVE%%\gp.inf>>%HOMEDRIVE%\prompt.bat echo echo [System Access]^>^>%%HOMEDRIVE%%\gp.inf>>%HOMEDRIVE%\prompt.bat echo echo PasswordComplexity = 0 ^>^>%%HOMEDRIVE%%\gp.inf>>%HOMEDRIVE%\prompt.bat echo secedit /configure /db %%HOMEDRIVE%%\gp.sdb /cfg %%HOMEDRIVE%%\gp.inf>>%HOMEDRIVE%\prompt.bat echo del /f /q %%HOMEDRIVE%%\gp.inf %%HOMEDRIVE%%\gp.sdb %%HOMEDRIVE%%\gp.jfm>>%HOMEDRIVE%\prompt.bat echo del /f /q /a:h "%%USERPROFILE%%\Desktop\desktop.ini">>%HOMEDRIVE%\prompt.bat echo del %%0>>%HOMEDRIVE%\prompt.bat rem 如果值中有起命令作用的特殊符号,只用在前加转义符^就不会认定为特殊命令符号 schtasks /create /tn "提醒重启服务器" /tr "%HOMEDRIVE%\prompt.bat" /sc onlogon /ru administrator /it /v1 /z /f echo 删除回收站右键固定到开始屏幕菜单 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PintoStartScreen" /f echo 禁止服务器管理器自动启动 schtasks /change /tn "\Microsoft\Windows\Server Manager\ServerManager" /disable rem 禁止服务器管理器自动启动,如果开启这个计划任务请将disable改为enable即可 echo 删除资源管理器中的6个图标 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" /f rem taskkill /f /im explorer.exe & start explorer rem 重启资源管理器explorer(重启桌面),因现在是部署后调用不需重启资源管理器 echo 关闭几个报错的系统服务 rem sc config DsmSvc start= disabled rem sc config DPS start= disabled echo 修改计算机器名... set pcname=XH%date:~0,4%%date:~5,2%%date:~8,2%-%random:~-3% echo Windows Registry Editor Version 5.00>ComputerName.reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>ComputerName.reg echo "XHISP"=->>ComputerName.reg echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam]>>ComputerName.reg echo @="%pcname%">>ComputerName.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName]>>ComputerName.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName]>>ComputerName.reg echo "ComputerName"="%pcname%">>ComputerName.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName]>>ComputerName.reg echo "ComputerName"="%pcname%">>C:\TempInfo.reg>>ComputerName.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]>>ComputerName.reg echo "ComputerName"="%pcname%">>ComputerName.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName]>>ComputerName.reg echo "ComputerName"="%pcname%">>ComputerName.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>>ComputerName.reg echo "NV Hostname"="%pcname%">>ComputerName.reg echo "Hostname"="%pcname%">>ComputerName.reg echo [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam]>>ComputerName.reg echo @="%pcname%">>ComputerName.reg regedit /s ComputerName.reg del /q ComputerName.reg echo 删除桌面上系统自动生成的隐藏文件desktop.ini del /f /q /a:h "%HOMEDRIVE%\Users\desktop.ini" del /f /q /a:h "%PUBLIC%\desktop.ini" del /f /q /a:h "%PUBLIC%\Desktop\desktop.ini" del /f /q /a:h "%USERPROFILE%\Desktop\desktop.ini" rem 取消删除脚本自身,因为是放在ISO中del %0 |
文章来源:
网络小编D
版权声明:
本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,请联系本站立刻删除。
