首页帮助中心教程帮助

安装Active Directory域控制器需要开启的服务,安装AD域服务需要的条件和开启的服务

迅恒数据中心
安装Active Directory域控制器先决条件:
要确保Remote RegistryServer、TCP/IP NetBIOS Helper、Computer Browser(有的系统没此服务就忽略)、Remote Procedure Call (RPC)、Workstation、Volume Shadow Copy服务是运行状态
否则域控制器安装失败
可以在cmd命令行中安装:
powershell -command Add-WindowsFeature  AD-Domain-Services,RSAT-AD-Tools,RSAT-ADDS,RSAT-AD-AdminCenter,RSAT-ADDS-Tools,RSAT-ADLDS,RSAT-AD-PowerShell,GPMC
或者直接在powershell中执行:
Add-WindowsFeature  AD-Domain-Services,RSAT-AD-Tools,RSAT-ADDS,RSAT-AD-AdminCenter,RSAT-ADDS-Tools,RSAT-ADLDS,RSAT-AD-PowerShell,GPMC
其中RSAT-ADLDS(AD LDS管理单元和命令行工具)可以不安装
同时要注意域控和客户机(加入此域的服务器)的时间要一致 如果时间相差太大 会加入域失败
整合共享共功能和安装域控的bat文件:
@echo off
:wwwpiiscn
cls
mode 76, 32
title  开启或关闭共享、Windows更新等功能
echo:
echo:
echo:
echo        【注意:开启共享会存在安全问题,用不上共享或不是域环境请关闭共享】         
echo         ____________________________________________________________
echo:
echo                 [1] 开启系统共享功能【可能需重启后生效】
echo:
echo                 [2] 关闭系统共享功能【可能需重启后生效】
echo                 ____________________________________________
echo:
echo                 [3] 开启系统更新功能   [4] 关闭系统更新功能
echo                 ____________________________________________
echo:
echo                 [5] 开启打印机服务     [6] 关闭打印机服务
echo:
echo                 [7] 打开打印机共享端口[打印机不共享请勿打开]
echo                 ____________________________________________
echo:
echo                 [8] 安装Active Directory域控制器
echo:
echo                 [9] 作为客户机加入域开放端口[无需装域控]
echo                 ____________________________________________
echo:
echo                 [0] 退出
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,3,4,5,6,7,8,9,0]
choice /C:1234567890 /N
if errorlevel==10  exit /b
if errorlevel==9  goto :ActiveDirectoryPort
if errorlevel==8  goto :openActiveDirectory
if errorlevel==7  goto :openPrintPort
if errorlevel==6  goto :closePrint
if errorlevel==5  goto :openPrint
if errorlevel==4  goto :closewindowsupdate
if errorlevel==3  goto :openwindowsupdate
if errorlevel==2  goto :closeSharing
if errorlevel==1  goto :openSharing

:openSharing
cls
mode 110, 34
title 开启共享功能[可能需要重启服务器]
echo:
echo         开启共享会使得系统不安全,用不上共享或非域环境请关闭共享
echo         ____________________________________________________________
echo:
echo                 [1] 开启系统共享功能【可能需重启后生效】
echo:
echo                 [2] 关闭系统共享功能【域环境中不要关闭】
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,0]
choice /C:120 /N
if errorlevel==3  goto :wwwpiiscn
if errorlevel==2  goto :closeSharing
if errorlevel==1  goto :openSharing2

:openSharing2
cls
mode 110, 34
title  开启共享功能[可能需要重启服务器]
echo 开启Server,TCP/IP NetBIOS Helper,Workstation三个服务
sc config LanmanServer start= auto
net start LanmanServer
sc config lmhosts start= auto
net start lmhosts
sc config LanmanWorkstation start= auto
net start LanmanWorkstation
netsh advfirewall set allprofiles state on
rem 开启Windows系统自带的防火墙,on为开启,而off为关闭
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放打印机TCP端口"
netsh advfirewall firewall delete rule name="开放打印机UDP端口"
netsh advfirewall firewall delete rule name="关闭高危险TCP端口"
netsh advfirewall firewall delete rule name="关闭高危险UDP端口"
netsh advfirewall firewall delete rule name="关闭TCP1025端口"
netsh advfirewall firewall delete rule name="关闭TCP1211端口"
netsh advfirewall firewall delete rule name="关闭TCP135端口"
netsh advfirewall firewall delete rule name="关闭TCP137-139端口"
netsh advfirewall firewall delete rule name="关闭TCP1720端口"
netsh advfirewall firewall delete rule name="关闭TCP3001-3003端口"
netsh advfirewall firewall delete rule name="关闭TCP3095-3097端口"
netsh advfirewall firewall delete rule name="关闭TCP389端口"
netsh advfirewall firewall delete rule name="关闭TCP445端口"
netsh advfirewall firewall delete rule name="关闭TCP464端口"
netsh advfirewall firewall delete rule name="关闭TCP593端口"
netsh advfirewall firewall delete rule name="关闭TCP636端口"
netsh advfirewall firewall delete rule name="关闭TCP88端口"
netsh advfirewall firewall delete rule name="关闭UDP1211端口"
netsh advfirewall firewall delete rule name="关闭UDP135端口"
netsh advfirewall firewall delete rule name="关闭UDP137-139端口"
netsh advfirewall firewall delete rule name="关闭UDP445端口"
netsh advfirewall firewall add rule name="开放共享和域的TCP端口" dir=in action=allow protocol=TCP localport="53,88,135,137-139,389,445,464,636,873,1026,3268-3269,49152-65535"
netsh advfirewall firewall add rule name="开放共享和域的UDP端口" dir=in action=allow protocol=UDP localport="53,88,123,135,137-139,389,445,464"
netsh advfirewall firewall add rule name="关闭危险TCP端口" dir=in action=block protocol=TCP localport="593,1025,1720,3001-3003,3095-3097,11211"
netsh advfirewall firewall add rule name="关闭危险UDP端口" dir=in action=block protocol=UDP localport="11211"
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=135
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=135
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=593
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
echo 恢复文件夹右键共享功能菜单
reg add "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\background\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
echo 如果系统原来没安装SMB1.0功能,可能需要重启服务器
echo 如果没有提示重启服务器,请勿重启
echo 请耐心等待安装共享需要的SMB1.0功能…
powershell Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
pause
goto :wwwpiiscn

:closeSharing
cls
mode 110, 34
title  关闭共享功能[可能需要重启服务器]
echo 关闭Server和TCP/IP NetBIOS Helper服务
net stop LanmanServer /y
sc config LanmanServer start= disabled
net stop lmhosts /y
sc config lmhosts start= disabled
netsh advfirewall set allprofiles state on
rem 开启Windows系统自带的防火墙
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放打印机TCP端口"
netsh advfirewall firewall delete rule name="开放打印机UDP端口"
netsh advfirewall firewall delete rule name="关闭高危险TCP端口"
netsh advfirewall firewall delete rule name="关闭高危险UDP端口"
netsh advfirewall firewall delete rule name="关闭TCP1025端口"
netsh advfirewall firewall delete rule name="关闭TCP1211端口"
netsh advfirewall firewall delete rule name="关闭TCP135端口"
netsh advfirewall firewall delete rule name="关闭TCP137-139端口"
netsh advfirewall firewall delete rule name="关闭TCP1720端口"
netsh advfirewall firewall delete rule name="关闭TCP3001-3003端口"
netsh advfirewall firewall delete rule name="关闭TCP3095-3097端口"
netsh advfirewall firewall delete rule name="关闭TCP389端口"
netsh advfirewall firewall delete rule name="关闭TCP445端口"
netsh advfirewall firewall delete rule name="关闭TCP464端口"
netsh advfirewall firewall delete rule name="关闭TCP593端口"
netsh advfirewall firewall delete rule name="关闭TCP636端口"
netsh advfirewall firewall delete rule name="关闭TCP88端口"
netsh advfirewall firewall delete rule name="关闭UDP1211端口"
netsh advfirewall firewall delete rule name="关闭UDP135端口"
netsh advfirewall firewall delete rule name="关闭UDP137-139端口"
netsh advfirewall firewall delete rule name="关闭UDP445端口"
netsh advfirewall firewall add rule name="关闭危险TCP端口" dir=in action=block protocol=TCP localport="593,1025,1720,3001-3003,3095-3097,11211"
netsh advfirewall firewall add rule name="关闭危险UDP端口" dir=in action=block protocol=UDP localport="11211"
netsh advfirewall firewall add rule name="关闭高危险TCP端口" dir=in action=block protocol=TCP localport="88,135,137-139,389,445,464,636"
netsh advfirewall firewall add rule name="关闭高危险UDP端口" dir=in action=block protocol=UDP localport="88,135,137-139,389,445,464,636"
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=135
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=135
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=137
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=137
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=138
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=138
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=139
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=139
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=445
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=445
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=593
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
echo 删除右键共享菜单
reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ModernSharing" /va /f
reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\Directory\background\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_CLASSES_ROOT\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing" /va /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing" /va /f
rem 下面三是Win11和Win2025另有的共享功能项
reg delete "HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\ModernSharing" /va /f
reg delete "HKEY_CLASSES_ROOT\MSGraphDocument\shellex\ContextMenuHandlers\ModernSharing" /va /f
reg delete "HKEY_CLASSES_ROOT\MSGraphDocument_38664959\shellex\ContextMenuHandlers\ModernSharing" /va /f
echo 如果系统原来安装了SMB1.0功能,可能需要重启服务器
echo 如果没有提示重启服务器,请勿重启
echo 请耐心等待禁用SMB1.0功能…
powershell Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
pause
goto :wwwpiiscn

:openwindowsupdate
cls
mode 110, 34
title 开启Windows更新功能
echo 开启"Windows Update"和"更新Orchestrator服务(Update Orchestrator服务)"2个服务
sc config wuauserv start= auto
net start wuauserv
sc config UsoSvc start= demand
rem 手动demand,禁用disabled,自动auto
net start UsoSvc
echo:
echo:
echo 已经开启Windows更新功能,请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:closewindowsupdate
cls
mode 110, 34
title 关闭Windows更新功能
net stop wuauserv /y
sc config wuauserv start= disabled
net stop UsoSvc /y
sc config UsoSvc start= demand
net stop BITS /y
sc config BITS start= disabled
rem 停止并禁用后台智能传输服务"Background Intelligent Transfer Service",不影响手动更新
echo:
echo:
echo 已经关闭Windows更新功能,请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:openPrint
cls
mode 110, 34
title  开启打印机服务
echo 开启Print Spooler打印机服务
sc config spooler start= auto
net start spooler
echo:
echo:
echo 已开启Print Spooler打印机服务,请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:closePrint
cls
mode 110, 34
title  关闭打印机服务
echo 关闭Print Spooler打印机服务
net stop spooler /y
sc config spooler start= disabled
echo:
echo:
echo 已关闭Print Spooler打印机服务,请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:openPrintPort
cls
mode 110, 34
title 打开打印机共享端口[打印机不在局域网中共享请勿打开]
echo:
echo         打印机不在局域网中共享请勿打开
echo         ____________________________________________________________
echo:
echo                 [1] 打开打印机共享需要的端口
echo:
echo                 [2] 关闭系统共享功能【含打印机共享】
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,0]
choice /C:120 /N
if errorlevel==3  goto :wwwpiiscn
if errorlevel==2  goto :closeSharing
if errorlevel==1  goto :openPrintPort2
:openPrintPort2
echo 设置Print Spooler打印机服务为自动
sc config spooler start= auto
net start spooler
netsh advfirewall set allprofiles state on
rem 开启Windows系统自带的防火墙
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放打印机TCP端口"
netsh advfirewall firewall delete rule name="开放打印机UDP端口"
netsh advfirewall firewall delete rule name="关闭高危险TCP端口"
netsh advfirewall firewall delete rule name="关闭高危险UDP端口"
netsh advfirewall firewall delete rule name="关闭TCP1025端口"
netsh advfirewall firewall delete rule name="关闭TCP1211端口"
netsh advfirewall firewall delete rule name="关闭TCP135端口"
netsh advfirewall firewall delete rule name="关闭TCP137-139端口"
netsh advfirewall firewall delete rule name="关闭TCP1720端口"
netsh advfirewall firewall delete rule name="关闭TCP3001-3003端口"
netsh advfirewall firewall delete rule name="关闭TCP3095-3097端口"
netsh advfirewall firewall delete rule name="关闭TCP389端口"
netsh advfirewall firewall delete rule name="关闭TCP445端口"
netsh advfirewall firewall delete rule name="关闭TCP464端口"
netsh advfirewall firewall delete rule name="关闭TCP593端口"
netsh advfirewall firewall delete rule name="关闭TCP636端口"
netsh advfirewall firewall delete rule name="关闭TCP88端口"
netsh advfirewall firewall delete rule name="关闭UDP1211端口"
netsh advfirewall firewall delete rule name="关闭UDP135端口"
netsh advfirewall firewall delete rule name="关闭UDP137-139端口"
netsh advfirewall firewall delete rule name="关闭UDP445端口"
netsh advfirewall firewall add rule name="开放共享和域的TCP端口" dir=in action=allow protocol=TCP localport="53,88,135,137-139,389,445,464,636,873,1026,3268-3269,49152-65535"
netsh advfirewall firewall add rule name="开放共享和域的UDP端口" dir=in action=allow protocol=UDP localport="53,88,123,135,137-139,389,445,464"
netsh advfirewall firewall add rule name="开放打印机TCP端口" dir=in action=allow protocol=TCP localport="9100-9102,9220-9222,9280-9282,9290-9292"
netsh advfirewall firewall add rule name="开放打印机UDP端口" dir=in action=allow protocol=UDP localport="105,5353"
netsh advfirewall firewall add rule name="关闭危险TCP端口" dir=in action=block protocol=TCP localport="593,1025,1720,3001-3003,3095-3097,11211"
netsh advfirewall firewall add rule name="关闭危险UDP端口" dir=in action=block protocol=UDP localport="11211"
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=88
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=135
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=135
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=389
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=464
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=593
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=636
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
echo 恢复文件夹右键共享功能菜单
reg add "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\background\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_CLASSES_ROOT\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" /f
echo 如果系统原来没安装SMB1.0功能,可能需要重启服务器
echo 如果没有提示重启服务器,请勿重启
echo 请耐心等待安装共享需要的SMB1.0功能…
powershell Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
echo:
echo:
echo 已打开打印机共享需要的端口,请在共享中手动设置需要共享的打印机
echo 按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:openActiveDirectory
cls
mode 110, 34
title 安装Active Directory域控制器
echo:
echo         安装Active Directory域控制器
echo         ____________________________________________________________
echo:
echo                 [1] 请先开启共享功能[安装AD域前提条件]
echo:
echo                 [2] 安装Active Directory域控制器
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,0]
choice /C:120 /N
if errorlevel==3  goto :wwwpiiscn
if errorlevel==2  goto :openActiveDirectory2
if errorlevel==1  goto :openSharing2
:openActiveDirectory2
cls
mode 110, 34
title  安装Active Directory域控制器
echo 开启Active Directory域控制器需要的服务
sc config LanmanServer start= auto
net start LanmanServer
sc config RemoteRegistry start= auto
net start RemoteRegistry
sc config lmhosts start= auto
net start lmhosts
sc config Browser start= auto
net start Browser
sc config RpcSs start= auto
net start RpcSs
sc config LanmanWorkstation start= auto
net start LanmanWorkstation
sc config VSS start= auto
net start VSS
netsh advfirewall set allprofiles state on
rem 开启Windows系统自带的防火墙
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放打印机TCP端口"
netsh advfirewall firewall delete rule name="开放打印机UDP端口"
netsh advfirewall firewall delete rule name="关闭高危险TCP端口"
netsh advfirewall firewall delete rule name="关闭高危险UDP端口"
netsh advfirewall firewall delete rule name="关闭TCP1025端口"
netsh advfirewall firewall delete rule name="关闭TCP1211端口"
netsh advfirewall firewall delete rule name="关闭TCP135端口"
netsh advfirewall firewall delete rule name="关闭TCP137-139端口"
netsh advfirewall firewall delete rule name="关闭TCP1720端口"
netsh advfirewall firewall delete rule name="关闭TCP3001-3003端口"
netsh advfirewall firewall delete rule name="关闭TCP3095-3097端口"
netsh advfirewall firewall delete rule name="关闭TCP389端口"
netsh advfirewall firewall delete rule name="关闭TCP445端口"
netsh advfirewall firewall delete rule name="关闭TCP464端口"
netsh advfirewall firewall delete rule name="关闭TCP593端口"
netsh advfirewall firewall delete rule name="关闭TCP636端口"
netsh advfirewall firewall delete rule name="关闭TCP88端口"
netsh advfirewall firewall delete rule name="关闭UDP1211端口"
netsh advfirewall firewall delete rule name="关闭UDP135端口"
netsh advfirewall firewall delete rule name="关闭UDP137-139端口"
netsh advfirewall firewall delete rule name="关闭UDP445端口"
netsh advfirewall firewall add rule name="开放共享和域的TCP端口" dir=in action=allow protocol=TCP localport="53,88,135,137-139,389,445,464,636,873,1026,3268-3269,49152-65535"
netsh advfirewall firewall add rule name="开放共享和域的UDP端口" dir=in action=allow protocol=UDP localport="53,88,123,135,137-139,389,445,464"
netsh advfirewall firewall add rule name="开放打印机TCP端口" dir=in action=allow protocol=TCP localport="9100-9102,9220-9222,9280-9282,9290-9292"
netsh advfirewall firewall add rule name="开放打印机UDP端口" dir=in action=allow protocol=UDP localport="105,5353"
netsh advfirewall firewall add rule name="关闭危险TCP端口" dir=in action=block protocol=TCP localport="593,1025,1720,3001-3003,3095-3097,11211"
netsh advfirewall firewall add rule name="关闭危险UDP端口" dir=in action=block protocol=UDP localport="11211"
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=593
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
echo 请耐心等待安装Active Directory域控制器…
powershell -command Add-WindowsFeature  AD-Domain-Services,RSAT-AD-Tools,RSAT-ADDS,RSAT-AD-AdminCenter,RSAT-ADDS-Tools,RSAT-ADLDS,RSAT-AD-PowerShell,GPMC
echo:
echo:
echo 请手动检查:网络设置-网卡属性-Internet协议版本4(TCP/IP4)-高级-WINS-启用TCP/IP上的NetBIOS
echo 正常情况下NetBIOS默认是启动状态
echo 已安装Active Directory域控制器,请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn

:ActiveDirectoryPort
cls
mode 110, 34
title 作为客户机加入域环境开放端口[客户机无需装域控]
echo:
echo         作为客户机加入域环境开放端口
echo         ____________________________________________________________
echo:
echo                 [1] 请先开启共享功能[加入AD域前提条件]
echo:
echo                 [2] 作为客户机加入域环境开放端口
echo                 ____________________________________________
echo:
echo                 [0] 返回
echo         ____________________________________________________________
echo:
echo         请在键盘中输入菜单选项[1,2,0]
choice /C:120 /N
if errorlevel==3  goto :wwwpiiscn
if errorlevel==2  goto :ActiveDirectoryPort2
if errorlevel==1  goto :openSharing2
:ActiveDirectoryPort2
cls
mode 110, 34
title  作为客户机加入域环境开放相关端口
echo 开启域客户机所需要的服务
sc config LanmanServer start= auto
net start LanmanServer
sc config RemoteRegistry start= auto
net start RemoteRegistry
sc config lmhosts start= auto
net start lmhosts
sc config Browser start= auto
net start Browser
sc config RpcSs start= auto
net start RpcSs
sc config LanmanWorkstation start= auto
net start LanmanWorkstation
sc config VSS start= auto
net start VSS
netsh advfirewall set allprofiles state on
rem 开启Windows系统自带的防火墙
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放共享和域的TCP端口"
netsh advfirewall firewall delete rule name="开放打印机TCP端口"
netsh advfirewall firewall delete rule name="开放打印机UDP端口"
netsh advfirewall firewall delete rule name="关闭高危险TCP端口"
netsh advfirewall firewall delete rule name="关闭高危险UDP端口"
netsh advfirewall firewall delete rule name="关闭TCP1025端口"
netsh advfirewall firewall delete rule name="关闭TCP1211端口"
netsh advfirewall firewall delete rule name="关闭TCP135端口"
netsh advfirewall firewall delete rule name="关闭TCP137-139端口"
netsh advfirewall firewall delete rule name="关闭TCP1720端口"
netsh advfirewall firewall delete rule name="关闭TCP3001-3003端口"
netsh advfirewall firewall delete rule name="关闭TCP3095-3097端口"
netsh advfirewall firewall delete rule name="关闭TCP389端口"
netsh advfirewall firewall delete rule name="关闭TCP445端口"
netsh advfirewall firewall delete rule name="关闭TCP464端口"
netsh advfirewall firewall delete rule name="关闭TCP593端口"
netsh advfirewall firewall delete rule name="关闭TCP636端口"
netsh advfirewall firewall delete rule name="关闭TCP88端口"
netsh advfirewall firewall delete rule name="关闭UDP1211端口"
netsh advfirewall firewall delete rule name="关闭UDP135端口"
netsh advfirewall firewall delete rule name="关闭UDP137-139端口"
netsh advfirewall firewall delete rule name="关闭UDP445端口"
netsh advfirewall firewall add rule name="开放共享和域的TCP端口" dir=in action=allow protocol=TCP localport="53,88,135,137-139,389,445,464,636,873,1026,3268-3269,49152-65535"
netsh advfirewall firewall add rule name="开放共享和域的UDP端口" dir=in action=allow protocol=UDP localport="53,88,123,135,137-139,389,445,464"
netsh advfirewall firewall add rule name="开放打印机TCP端口" dir=in action=allow protocol=TCP localport="9100-9102,9220-9222,9280-9282,9290-9292"
netsh advfirewall firewall add rule name="开放打印机UDP端口" dir=in action=allow protocol=UDP localport="105,5353"
netsh advfirewall firewall add rule name="关闭危险TCP端口" dir=in action=block protocol=TCP localport="593,1025,1720,3001-3003,3095-3097,11211"
netsh advfirewall firewall add rule name="关闭危险UDP端口" dir=in action=block protocol=UDP localport="11211"
netsh ipsec static delete all
rem 删除IP安全策略中的所有的策略、规则、筛选器列表、筛选器、筛选器动作等
netsh ipsec static add policy name=IDC数据中心安全策略
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=593
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1720
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=1025
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3001
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3002
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3003
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3095
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3096
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=3097
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filter filterlist=关闭端口 srcaddr=any dstaddr=me protocol=UDP mirrored=yes srcport=0 dstport=11211
netsh ipsec static add filteraction name=阻止 action=block
netsh ipsec static add rule name=关闭端口 policy=IDC数据中心安全策略 filterlist=关闭端口 filteraction=阻止
netsh ipsec static set policy name=IDC数据中心安全策略 assign=y
echo 请手动检查:网络设置-网卡属性-Internet协议版本4(TCP/IP4)-高级-WINS-启用TCP/IP上的NetBIOS
echo 正常情况下NetBIOS默认是启动状态
echo 加入域环境所需要的端口已开启,请手动将本机加入到您的域环境中
echo 请按任意键返回主菜单…
pause>nul
goto :wwwpiiscn
搭建2台域控服务器的教程参考:www.piis.cn/zhishi/427.html
客户机加入域参考教程:www.piis.cn/zhishi/426.html

分类:教程帮助 百度收录 必应收录

文章来源: 网络小编D
版权声明: 本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,请联系本站立刻删除。

上一篇Ubuntu22server下载和Ubuntu22.04.4安装教程,Ubuntu配置IP,DNS和设置root能SSH

下一篇域中计算机SID一样用命令行重新产生新的SID,无法完成域加入,原因是试图加入的域的SID与本计算机的SID相同

最新图文