首页帮助中心教程帮助

服务器开启共享功能,电脑开启共享功能,一建bat命令行开启系统共享功能

迅恒数据中心
一键开启共享功能等bat.rar
f974cad4f3a72db1e9f87e38053c6c42.rar (4.04 KB)
开启共享要确保“Server”“TCP/IP NetBIOS Helper”“Workstation”服务是启动状态
一键开启共享功能,将下面的保存为bat执行即可:
@echo off
:wwwpiiscn
cls
mode 76, 32
title  开启或关闭共享、Windows更新等功能
echo:
echo:
echo:
echo        【注意:开启共享会存在安全问题,用不上共享或不是域环境请关闭共享】         
echo         ____________________________________________________________
echo:
echo                 [1] 开启系统共享功能【可能需重启后生效】
echo:
echo                 [2] 关闭系统共享功能【域环境中不要关闭】
echo                 ____________________________________________
echo:
echo                 [3] 开启或关闭系统更新功能
echo                 ____________________________________________
echo:
echo                 [4] 开启或关闭系统显示缩略图【重启后生效】
echo                 ____________________________________________
echo:
echo                 [5] 开启打印机服务     [6] 关闭打印机服务
echo:
echo                 [7] 打开打印机共享端口[打印机不共享请勿打开]
echo                 ____________________________________________
echo:
echo                 [8] 安装Active Directory域控制器
echo:
echo                 [9] 作为客户机加入域开放端口[无需装域控]
echo                 ____________________________________________
echo:
echo                 [0] 退出
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,3,4,5,6,7,8,9,0]
choice /C:1234567890 /N
if errorlevel==10  exit /b
if errorlevel==9  goto :ActiveDirectoryPort
if errorlevel==8  goto :openActiveDirectory
if errorlevel==7  goto :openPrintPort
if errorlevel==6  goto :closePrint
if errorlevel==5  goto :openPrint
if errorlevel==4  goto :thumbnail
if errorlevel==3  goto :windowsupdate
if errorlevel==2  goto :closeSharing
if errorlevel==1  goto :openSharing

:openSharing
cls
mode 110, 34
title 开启共享功能[可能需要重启服务器]
echo:
echo         开启共享会使得系统不安全,用不上共享或非域环境请关闭共享
echo         ____________________________________________________________
echo:
echo                 [1] 开启SMBv2/SMBv3共享功能【Win10-Win2025】
echo:
echo                 [2] 关闭系统共享功能【域环境中不要关闭】
echo:
echo                 [3] 开启SMBv1共享功能【旧的共享模式,很不安全】
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,3,0]
choice /C:1230 /N
if errorlevel==4  goto :wwwpiiscn
if errorlevel==3  goto :openSharing3
if errorlevel==2  goto :closeSharing
if errorlevel==1  goto :openSharing2
:openSharing2
cls
mode 110, 34
title  开启SMBv2/SMBv3共享功能
echo 开启Server,TCP/IP NetBIOS Helper,Workstation三个服务
sc config LanmanServer start= auto
net start LanmanServer
sc config lmhosts start= auto
net start lmhosts
sc config LanmanWorkstation start= auto
net start LanmanWorkstation
netsh advfirewall set allprofiles state on
rem 开启Windows系统自带的防火墙,on为开启,而off为关闭
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放共享和域的UDP端口"
netsh advfirewall firewall delete rule name="开放打印机TCP端口"
netsh advfirewall firewall delete rule name="开放打印机UDP端口"
netsh advfirewall firewall delete rule name="关闭高危险TCP端口"
netsh advfirewall firewall delete rule name="关闭高危险UDP端口"
netsh advfirewall firewall delete rule name="关闭危险TCP端口"
netsh advfirewall firewall delete rule name="关闭危险UDP端口"
netsh advfirewall firewall delete rule name="关闭TCP1025端口"
netsh advfirewall firewall delete rule name="关闭TCP1211端口"
netsh advfirewall firewall delete rule name="关闭TCP135端口"
netsh advfirewall firewall delete rule name="关闭TCP137-139端口"
netsh advfirewall firewall delete rule name="关闭TCP1720端口"
netsh advfirewall firewall delete rule name="关闭TCP3001-3003端口"
netsh advfirewall firewall delete rule name="关闭TCP3095-3097端口"
netsh advfirewall firewall delete rule name="关闭TCP389端口"
netsh advfirewall firewall delete rule name="关闭TCP445端口"
netsh advfirewall firewall delete rule name="关闭TCP464端口"
netsh advfirewall firewall delete rule name="关闭TCP593端口"
netsh advfirewall firewall delete rule name="关闭TCP636端口"
netsh advfirewall firewall delete rule name="关闭TCP88端口"
netsh advfirewall firewall delete rule name="关闭UDP1211端口"
netsh advfirewall firewall delete rule name="关闭UDP135端口"
netsh advfirewall firewall delete rule name="关闭UDP137-139端口"
netsh advfirewall firewall delete rule name="关闭UDP445端口"
netsh advfirewall firewall add rule name="开放共享和域的TCP端口" dir=in action=allow protocol=TCP localport="53,88,135-139,389,445,464,593,636,860,1026,1392,1760,3260-3269,3343,3407,5985-5986,6301,6600,9389,49152-65535"
netsh advfirewall firewall add rule name="开放共享和域的UDP端口" dir=in action=allow protocol=UDP localport="53,88,123,135-139,389,445,464,500,636,860,1372,1382,1760,3260-3269,3343,3407,4500,6301"
netsh advfirewall firewall add rule name="关闭危险TCP端口" dir=in action=block protocol=TCP localport="1025,1720,3001-3003,3095-3097,11211"
netsh advfirewall firewall add rule name="关闭危险UDP端口" dir=in action=block protocol=UDP localport="11211"
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=593
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
echo 恢复文件夹右键共享功能菜单
reg add "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\background\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
echo 请耐心等待开启SMB2/SMB3功能…
powershell Set-SmbServerConfiguration -EnableSMB2Protocol $true -Confirm:$false
rem 上面的参数-Confirm:$false是关闭交互确认提示
echo 已经开启SMB2/SMB3共享功能
pause
goto :openSharing

:openSharing3
cls
mode 110, 34
title 开启旧版SMBv1功能[可能需要重启服务器]
echo:
echo         开启旧版SMBv1功能会使得服务器非常不安全
echo         ____________________________________________________________
echo:
echo                 [1] 开启旧版SMBv1共享功能【非常不安全】
echo:
echo                 说明:SMBv1主要是给Win10以下系统的客户机连接
echo:
echo                        局域网中没Win7等电脑连接本机共享勿开启
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,0]
choice /C:10 /N
if errorlevel==2  goto :openSharing
if errorlevel==1  goto :openSharing4
:openSharing4
echo 安装SMB1.0功能,可能需要重启服务器
echo 如果没有提示重启服务器,请勿重启
echo 请耐心等待安装SMB1.0功能…
powershell Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
pause
goto :wwwpiiscn

:closeSharing
cls
mode 110, 34
title 关闭共享功能[可能需要重启服务器]
echo:
echo         关闭共享功能[可能需要重启服务器]
echo         ____________________________________________________________
echo:
echo                 [1] 关闭系统共享功能【域环境中不要关闭】
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,0]
choice /C:10 /N
if errorlevel==2  goto :wwwpiiscn
if errorlevel==1  goto :closeSharing2
:closeSharing2
cls
mode 110, 34
title  关闭共享功能[可能需要重启服务器]
echo 关闭Server和TCP/IP NetBIOS Helper服务
net stop LanmanServer /y
sc config LanmanServer start= disabled
net stop lmhosts /y
sc config lmhosts start= disabled
netsh advfirewall set allprofiles state on
rem 开启Windows系统自带的防火墙
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放共享和域的UDP端口"
netsh advfirewall firewall delete rule name="开放打印机TCP端口"
netsh advfirewall firewall delete rule name="开放打印机UDP端口"
netsh advfirewall firewall delete rule name="关闭高危险TCP端口"
netsh advfirewall firewall delete rule name="关闭高危险UDP端口"
netsh advfirewall firewall delete rule name="关闭危险TCP端口"
netsh advfirewall firewall delete rule name="关闭危险UDP端口"
netsh advfirewall firewall delete rule name="关闭TCP1025端口"
netsh advfirewall firewall delete rule name="关闭TCP1211端口"
netsh advfirewall firewall delete rule name="关闭TCP135端口"
netsh advfirewall firewall delete rule name="关闭TCP137-139端口"
netsh advfirewall firewall delete rule name="关闭TCP1720端口"
netsh advfirewall firewall delete rule name="关闭TCP3001-3003端口"
netsh advfirewall firewall delete rule name="关闭TCP3095-3097端口"
netsh advfirewall firewall delete rule name="关闭TCP389端口"
netsh advfirewall firewall delete rule name="关闭TCP445端口"
netsh advfirewall firewall delete rule name="关闭TCP464端口"
netsh advfirewall firewall delete rule name="关闭TCP593端口"
netsh advfirewall firewall delete rule name="关闭TCP636端口"
netsh advfirewall firewall delete rule name="关闭TCP88端口"
netsh advfirewall firewall delete rule name="关闭UDP1211端口"
netsh advfirewall firewall delete rule name="关闭UDP135端口"
netsh advfirewall firewall delete rule name="关闭UDP137-139端口"
netsh advfirewall firewall delete rule name="关闭UDP445端口"
netsh advfirewall firewall add rule name="关闭危险TCP端口" dir=in action=block protocol=TCP localport="1025,1720,3001-3003,3095-3097,11211"
netsh advfirewall firewall add rule name="关闭危险UDP端口" dir=in action=block protocol=UDP localport="11211"
netsh advfirewall firewall add rule name="关闭高危险TCP端口" dir=in action=block protocol=TCP localport="88,135-139,389,445,464,593,636"
netsh advfirewall firewall add rule name="关闭高危险UDP端口" dir=in action=block protocol=UDP localport="88,135-139,389,445,464,593,636"
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=135
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=135
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=136
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=136
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=137
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=137
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=138
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=138
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=139
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=139
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=445
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=445
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=593
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
echo 删除右键共享菜单
reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ModernSharing" /va /f
reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\Directory\background\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing" /va /f
rem 下面三是Win11和Win2025另有的共享功能项
reg delete "HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\ModernSharing" /va /f
reg delete "HKEY_CLASSES_ROOT\MSGraphDocument\shellex\ContextMenuHandlers\ModernSharing" /va /f
reg delete "HKEY_CLASSES_ROOT\MSGraphDocument_38664959\shellex\ContextMenuHandlers\ModernSharing" /va /f
echo 禁用SMB共享功能,可能需要重启服务器
echo 如果没有提示重启服务器,请勿重启
echo 请耐心等待禁用SMB1/SMB2/SMB3功能…
powershell Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$false
powershell Set-SmbServerConfiguration -EnableSMB2Protocol $false -Confirm:$false
rem 上面的参数-Confirm:$false是关闭交互确认提示
powershell Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
pause
goto :wwwpiiscn

:windowsupdate
cls
mode 110, 34
title 开启或关闭Windows更新功能
echo:
echo         开启或关闭Windows更新功能
echo         ____________________________________________________________
echo:
echo                 [1] 开启Windows更新功能【操作后建议重启服务器】
echo:
echo                 [2] 关闭Windows更新功能
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,0]
choice /C:120 /N
if errorlevel==3  goto :wwwpiiscn
if errorlevel==2  goto :closewindowsupdate
if errorlevel==1  goto :openwindowsupdate
:openwindowsupdate
cls
mode 110, 34
title 开启Windows更新功能
echo 开启"Windows Update"和"更新Orchestrator服务(Update Orchestrator服务)"2个服务
sc config wuauserv start= auto
net start wuauserv
sc config UsoSvc start= demand
rem 手动demand,禁用disabled,自动auto
net start UsoSvc
echo:
echo:
echo 已经开启Windows更新功能,请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn
:closewindowsupdate
cls
mode 110, 34
title 关闭Windows更新功能
net stop wuauserv /y
sc config wuauserv start= disabled
net stop UsoSvc /y
sc config UsoSvc start= demand
net stop BITS /y
sc config BITS start= disabled
rem 停止并禁用后台智能传输服务"Background Intelligent Transfer Service",不影响手动更新
echo:
echo:
echo 已经关闭Windows更新功能,请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:thumbnail
cls
mode 110, 34
title 开启或关闭系统缩略图功能
echo:
echo         开启或关闭系统显示缩略图功能
echo         ____________________________________________________________
echo:
echo                 [1] 开启系统显示缩略图【重启后生效】
echo:
echo                 [2] 关闭系统显示缩略图【重启后生效】
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,0]
choice /C:120 /N
if errorlevel==3  goto :wwwpiiscn
if errorlevel==2  goto :closethumbnail
if errorlevel==1  goto :openthumbnail
:openthumbnail
cls
mode 110, 34
title 开启系统显示缩略图功能
echo 开启系统显示缩略图【重启后生效】
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisableThumbnails" /t REG_DWORD /d 0 /f
rem 或者reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisableThumbnails" /f
echo:
echo:
echo 已开启系统显示缩略图[重启后生效],请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn
:closethumbnail
cls
mode 110, 34
title 关闭系统显示缩略图功能
echo 关闭系统显示缩略图【重启后生效】
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisableThumbnails" /t REG_DWORD /d 1 /f
echo:
echo:
echo 已关闭系统显示缩略图[重启后生效],请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:openPrint
cls
mode 110, 34
title  开启打印机服务
echo 开启Print Spooler打印机服务
sc config spooler start= auto
net start spooler
echo:
echo:
echo 已开启Print Spooler打印机服务,请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:closePrint
cls
mode 110, 34
title  关闭打印机服务
echo 关闭Print Spooler打印机服务
net stop spooler /y
sc config spooler start= disabled
echo:
echo:
echo 已关闭Print Spooler打印机服务,请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:openPrintPort
cls
mode 110, 34
title 打开打印机共享端口[打印机不在局域网中共享请勿打开]
echo:
echo         打印机不在局域网中共享请勿打开
echo         ____________________________________________________________
echo:
echo                 [1] 打开打印机共享需要的端口
echo:
echo                 [2] 关闭系统共享功能【含打印机共享】
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,0]
choice /C:120 /N
if errorlevel==3  goto :wwwpiiscn
if errorlevel==2  goto :closeSharing
if errorlevel==1  goto :openPrintPort2
:openPrintPort2
echo 设置Print Spooler打印机服务为自动
sc config spooler start= auto
net start spooler
netsh advfirewall set allprofiles state on
rem 开启Windows系统自带的防火墙
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放共享和域的UDP端口"
netsh advfirewall firewall delete rule name="开放打印机TCP端口"
netsh advfirewall firewall delete rule name="开放打印机UDP端口"
netsh advfirewall firewall delete rule name="关闭高危险TCP端口"
netsh advfirewall firewall delete rule name="关闭高危险UDP端口"
netsh advfirewall firewall delete rule name="关闭危险TCP端口"
netsh advfirewall firewall delete rule name="关闭危险UDP端口"
netsh advfirewall firewall delete rule name="关闭TCP1025端口"
netsh advfirewall firewall delete rule name="关闭TCP1211端口"
netsh advfirewall firewall delete rule name="关闭TCP135端口"
netsh advfirewall firewall delete rule name="关闭TCP137-139端口"
netsh advfirewall firewall delete rule name="关闭TCP1720端口"
netsh advfirewall firewall delete rule name="关闭TCP3001-3003端口"
netsh advfirewall firewall delete rule name="关闭TCP3095-3097端口"
netsh advfirewall firewall delete rule name="关闭TCP389端口"
netsh advfirewall firewall delete rule name="关闭TCP445端口"
netsh advfirewall firewall delete rule name="关闭TCP464端口"
netsh advfirewall firewall delete rule name="关闭TCP593端口"
netsh advfirewall firewall delete rule name="关闭TCP636端口"
netsh advfirewall firewall delete rule name="关闭TCP88端口"
netsh advfirewall firewall delete rule name="关闭UDP1211端口"
netsh advfirewall firewall delete rule name="关闭UDP135端口"
netsh advfirewall firewall delete rule name="关闭UDP137-139端口"
netsh advfirewall firewall delete rule name="关闭UDP445端口"
netsh advfirewall firewall add rule name="开放共享和域的TCP端口" dir=in action=allow protocol=TCP localport="53,88,135-139,389,445,464,593,636,860,1026,1392,1760,3260-3269,3343,3407,5985-5986,6301,6600,9389,49152-65535"
netsh advfirewall firewall add rule name="开放共享和域的UDP端口" dir=in action=allow protocol=UDP localport="53,88,123,135-139,389,445,464,500,636,860,1372,1382,1760,3260-3269,3343,3407,4500,6301"
netsh advfirewall firewall add rule name="开放打印机TCP端口" dir=in action=allow protocol=TCP localport="515,631,721-731,1997,2000,3702,9100-9103,9220-9222,9280-9282,9290-9292"
netsh advfirewall firewall add rule name="开放打印机UDP端口" dir=in action=allow protocol=UDP localport="105,161-162,5353,5357-5358,54921-54925"
netsh advfirewall firewall add rule name="关闭危险TCP端口" dir=in action=block protocol=TCP localport="1025,1720,3001-3003,3095-3097,11211"
netsh advfirewall firewall add rule name="关闭危险UDP端口" dir=in action=block protocol=UDP localport="11211"
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=593
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
echo 恢复文件夹右键共享功能菜单
reg add "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\background\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
echo 如果系统原来没安装SMB1.0功能,可能需要重启服务器
echo 如果没有提示重启服务器,请勿重启
echo 请耐心等待安装共享需要的SMB1.0功能…
powershell Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
echo:
echo:
echo 已打开打印机共享需要的端口,请在共享中手动设置需要共享的打印机
echo 按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:openActiveDirectory
cls
mode 110, 34
title 安装Active Directory域控制器
echo:
echo         安装Active Directory域控制器
echo         ____________________________________________________________
echo:
echo                 [1] 请先开启共享功能[安装AD域前提条件]
echo:
echo                 [2] 安装Active Directory域控制器并开放端口
echo:
echo                 [3] AD域控服务器安全加固【执行前2项后再操作】
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,3,0]
choice /C:1230 /N
if errorlevel==4  goto :wwwpiiscn
if errorlevel==3  goto :ADacceptip
if errorlevel==2  goto :openActiveDirectory2
if errorlevel==1  goto :openSharing2
:openActiveDirectory2
cls
mode 110, 34
title  安装Active Directory域控制器
echo 开启Active Directory域控制器需要的服务
sc config LanmanServer start= auto
net start LanmanServer
sc config RemoteRegistry start= auto
net start RemoteRegistry
sc config lmhosts start= auto
net start lmhosts
sc config Browser start= auto
net start Browser
sc config RpcSs start= auto
net start RpcSs
sc config LanmanWorkstation start= auto
net start LanmanWorkstation
sc config VSS start= auto
net start VSS
netsh advfirewall set allprofiles state on
rem 开启Windows系统自带的防火墙
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放共享和域的UDP端口"
netsh advfirewall firewall delete rule name="开放打印机TCP端口"
netsh advfirewall firewall delete rule name="开放打印机UDP端口"
netsh advfirewall firewall delete rule name="关闭高危险TCP端口"
netsh advfirewall firewall delete rule name="关闭高危险UDP端口"
netsh advfirewall firewall delete rule name="关闭危险TCP端口"
netsh advfirewall firewall delete rule name="关闭危险UDP端口"
netsh advfirewall firewall delete rule name="关闭TCP1025端口"
netsh advfirewall firewall delete rule name="关闭TCP1211端口"
netsh advfirewall firewall delete rule name="关闭TCP135端口"
netsh advfirewall firewall delete rule name="关闭TCP137-139端口"
netsh advfirewall firewall delete rule name="关闭TCP1720端口"
netsh advfirewall firewall delete rule name="关闭TCP3001-3003端口"
netsh advfirewall firewall delete rule name="关闭TCP3095-3097端口"
netsh advfirewall firewall delete rule name="关闭TCP389端口"
netsh advfirewall firewall delete rule name="关闭TCP445端口"
netsh advfirewall firewall delete rule name="关闭TCP464端口"
netsh advfirewall firewall delete rule name="关闭TCP593端口"
netsh advfirewall firewall delete rule name="关闭TCP636端口"
netsh advfirewall firewall delete rule name="关闭TCP88端口"
netsh advfirewall firewall delete rule name="关闭UDP1211端口"
netsh advfirewall firewall delete rule name="关闭UDP135端口"
netsh advfirewall firewall delete rule name="关闭UDP137-139端口"
netsh advfirewall firewall delete rule name="关闭UDP445端口"
netsh advfirewall firewall add rule name="开放共享和域的TCP端口" dir=in action=allow protocol=TCP localport="53,88,135-139,389,445,464,593,636,860,1026,1392,1760,3260-3269,3343,3407,5985-5986,6301,6600,9389,49152-65535"
netsh advfirewall firewall add rule name="开放共享和域的UDP端口" dir=in action=allow protocol=UDP localport="53,88,123,135-139,389,445,464,500,636,860,1372,1382,1760,3260-3269,3343,3407,4500,6301"
netsh advfirewall firewall add rule name="关闭危险TCP端口" dir=in action=block protocol=TCP localport="1025,1720,3001-3003,3095-3097,11211"
netsh advfirewall firewall add rule name="关闭危险UDP端口" dir=in action=block protocol=UDP localport="11211"
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
echo 请耐心等待安装Active Directory域控制器…
powershell -command Add-WindowsFeature  AD-Domain-Services,RSAT-AD-Tools,RSAT-ADDS,RSAT-AD-AdminCenter,RSAT-ADDS-Tools,RSAT-ADLDS,RSAT-AD-PowerShell,GPMC
echo:
echo:
echo 请手动检查:网络设置-网卡属性-Internet协议版本4(TCP/IP4)-高级-WINS-启用TCP/IP上的NetBIOS
echo 正常情况下NetBIOS默认是启动状态
echo 已安装Active Directory域控制器并开放相关端口,请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:ActiveDirectoryPort
cls
mode 110, 34
title 作为客户机加入域环境开放端口[客户机无需装域控]
echo:
echo         作为客户机加入域环境开放端口
echo         ____________________________________________________________
echo:
echo                 [1] 请先开启共享功能[加入AD域前提条件]
echo:
echo                 [2] 作为客户机加入域环境开放端口
echo:
echo                 [3] 域成员客户机安全加固【执行前2项后再操作】
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,3,0]
choice /C:1230 /N
if errorlevel==4  goto :wwwpiiscn
if errorlevel==3  goto :ADacceptip
if errorlevel==2  goto :ActiveDirectoryPort2
if errorlevel==1  goto :openSharing2
:ActiveDirectoryPort2
cls
mode 110, 34
title  作为客户机加入域环境开放相关端口
echo 开启域客户机所需要的服务
sc config LanmanServer start= auto
net start LanmanServer
sc config RemoteRegistry start= auto
net start RemoteRegistry
sc config lmhosts start= auto
net start lmhosts
sc config Browser start= auto
net start Browser
sc config RpcSs start= auto
net start RpcSs
sc config LanmanWorkstation start= auto
net start LanmanWorkstation
sc config VSS start= auto
net start VSS
netsh advfirewall set allprofiles state on
rem 开启Windows系统自带的防火墙
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放共享和域的UDP端口"
netsh advfirewall firewall delete rule name="开放打印机TCP端口"
netsh advfirewall firewall delete rule name="开放打印机UDP端口"
netsh advfirewall firewall delete rule name="关闭高危险TCP端口"
netsh advfirewall firewall delete rule name="关闭高危险UDP端口"
netsh advfirewall firewall delete rule name="关闭危险TCP端口"
netsh advfirewall firewall delete rule name="关闭危险UDP端口"
netsh advfirewall firewall delete rule name="关闭TCP1025端口"
netsh advfirewall firewall delete rule name="关闭TCP1211端口"
netsh advfirewall firewall delete rule name="关闭TCP135端口"
netsh advfirewall firewall delete rule name="关闭TCP137-139端口"
netsh advfirewall firewall delete rule name="关闭TCP1720端口"
netsh advfirewall firewall delete rule name="关闭TCP3001-3003端口"
netsh advfirewall firewall delete rule name="关闭TCP3095-3097端口"
netsh advfirewall firewall delete rule name="关闭TCP389端口"
netsh advfirewall firewall delete rule name="关闭TCP445端口"
netsh advfirewall firewall delete rule name="关闭TCP464端口"
netsh advfirewall firewall delete rule name="关闭TCP593端口"
netsh advfirewall firewall delete rule name="关闭TCP636端口"
netsh advfirewall firewall delete rule name="关闭TCP88端口"
netsh advfirewall firewall delete rule name="关闭UDP1211端口"
netsh advfirewall firewall delete rule name="关闭UDP135端口"
netsh advfirewall firewall delete rule name="关闭UDP137-139端口"
netsh advfirewall firewall delete rule name="关闭UDP445端口"
netsh advfirewall firewall add rule name="开放共享和域的TCP端口" dir=in action=allow protocol=TCP localport="53,88,135-139,389,445,464,593,636,860,1026,1392,1760,3260-3269,3343,3407,5985-5986,6301,6600,9389,49152-65535"
netsh advfirewall firewall add rule name="开放共享和域的UDP端口" dir=in action=allow protocol=UDP localport="53,88,123,135-139,389,445,464,500,636,860,1372,1382,1760,3260-3269,3343,3407,4500,6301"
netsh advfirewall firewall add rule name="关闭危险TCP端口" dir=in action=block protocol=TCP localport="1025,1720,3001-3003,3095-3097,11211"
netsh advfirewall firewall add rule name="关闭危险UDP端口" dir=in action=block protocol=UDP localport="11211"
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
echo 请手动检查:网络设置-网卡属性-Internet协议版本4(TCP/IP4)-高级-WINS-启用TCP/IP上的NetBIOS
echo 正常情况下NetBIOS默认是启动状态
echo 加入域环境所需要的端口已开启,请手动将本机加入到您的域环境中
echo 请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:ADacceptip
cls
mode 110, 34
title 域环境安全加固
echo:
echo         域环境安全加固【注意先后顺序,请先执行1次[1]再反复执行[2]】
echo         ____________________________________________________________
echo:
echo                 [1] 禁止外部访问本机域业务端口【执行1次即可,会清除所有授权】
echo:
echo                 [2] 授权域成员IP能访问本机域业务端口【需先执行1次[1]】
echo:
echo                 [3] 删除已授权IP访问本机域业务端口【IP已不在域中使用时】
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,3,0]
choice /C:1230 /N
if errorlevel==4  goto :wwwpiiscn
if errorlevel==3  goto :ADacceptip3
if errorlevel==2  goto :ADacceptip2
if errorlevel==1  goto :ADacceptip1
:ADacceptip1
cls
mode 110, 34
title  设置域环境中业务端口禁止外部访问
echo 设置域环境中业务端口禁止外部访问
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filterlist 关闭端口
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add filterlist 许可端口
netsh ipsec static add filteraction name=许可 action=permit
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=135
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=135
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=136
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=136
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=137
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=137
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=138
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=138
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=139
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=139
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=445
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=445
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=500
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=593
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=593
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=1372
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=1382
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1382
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=1760
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1760
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=2049
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=2049
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3260
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3260
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3261
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3261
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3262
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3262
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3263
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3263
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3264
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3264
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3265
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3265
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3266
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3266
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3267
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3267
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3268
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3268
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3269
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3269
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3343
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3343
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3407
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=3407
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=4500
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=5985
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=5986
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=6301
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=6301
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=6600
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=9389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static add filter filterlist=许可端口 srcaddr=127.0.0.1 dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=80
rem 建立上面这条许可规则是为了增加筛选列表,后面会删除这条规则
netsh ipsec static add rule name=许可端口 policy=IDC数据中心安全策略 filterlist=许可端口 filteraction=许可
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
netsh ipsec static delete filter filterlist=许可端口 srcaddr=127.0.0.1 dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=80
rem 删除前面建立的一个辅助规则
echo:
echo:
echo 已禁止本机域业务端口外部访问
echo 请尽快授权域成员IP访问本机的域业务端口
echo 在域成员全部服务器上都需要授权除自身IP外的成员IP能访问
echo 请按任意键去授权域控和域客户机的IP能访问业务端口…
pause>nul
goto :ADacceptip
:ADacceptip2
cls
mode 110, 34
title  授权域控和域客户机的IP能访问业务端口
echo 授权域控和域客户机的IP能访问业务端口
echo 在域成员全部服务器上都需要授权除自身IP外的成员IP能访问
echo 请在域控机和域客户机将域成员IP加入进来,每次输入一个IP
set /p  acceptip=请输入域控和域客户机的IP并按回车(每次输入1个IP):
for  %%i in (
88
135
136
137
138
139
445
464
593
636
860
1372
1382
1392
1760
2049
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3343
3407
4500
5985
5986
6301
6600
9389
) do netsh ipsec static add filter filterlist=许可端口 srcaddr=%acceptip% dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=%%i && netsh ipsec static add filter filterlist=许可端口 srcaddr=%acceptip% dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=%%i
echo:
echo:
echo 已授权%acceptip%访问域业务端口
echo 请在域控机和域客户机反复操作将域成员的IP加入进来
echo 在域成员全部服务器上都需要授权除自己IP外的成员IP访问
echo 请按任意键再次授权域控和域客户机的剩下IP能访问业务端口…
pause>nul
goto :ADacceptip
:ADacceptip3
cls
mode 110, 34
title  删除已授权IP访问域业务端口
echo 删除已授权IP访问域业务端口
echo 除非此IP已经不在域成员中使用,否则请不要删除
set /p  acceptip=请输入需要删除的授权IP并按回车(每次输入1个IP):
for  %%i in (
88
135
136
137
138
139
445
464
593
636
860
1372
1382
1392
1760
2049
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3343
3407
4500
5985
5986
6301
6600
9389
) do netsh ipsec static delete filter filterlist=许可端口 srcaddr=%acceptip% dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=%%i && netsh ipsec static delete filter filterlist=许可端口 srcaddr=%acceptip% dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=%%i
echo:
echo:
echo 已删除%acceptip%访问本机域业务端口
echo 除非此IP已经不在域成员中使用,否则请不要删除
echo 如果错误删除IP,再次加入即可
echo 请按任意键返回…
pause>nul
goto :ADacceptip
 

分类:教程帮助 百度收录 必应收录

文章来源: 网络小编D
版权声明: 本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,请联系本站立刻删除。

上一篇命令行添加Windows防火墙规则,命令行修改防火墙规则或删除规则

下一篇Windows11系统封装简单教程,Win2022,WIN2025系统封装教程sysprep

最新图文