我是常来网的服务器管理员，此文章是我这几年来服务器管理经验的结晶，绝对够实用，希望能和更多高手交流，大家一起努力为国内的站长们造一个绝对安全稳定的服务器纯静运行环境！

　　请各位高手们指点!我的ＱＱ是303657，欢迎交流！

　　这里公布的是我的原创安全设置器1.9.4的核心源代码!这里省去了全自动设置服务器和系统服务优化的代码,太多了,贴子有字数限制,兄弟们可以直接下载我提供的下载地址或直接从附件里下载,里面是全部源代码并含有帮助文件,适合各类WINDOWS服务器和新老站长使用!

　　常来网是国内比较有名气的提供免费空间的网站，现在有二十多台服务器在为免费空间用户们提供全功能支持的免费空间服务，做为核心服务器管理员每日面临的威胁相信会比运营其他网站的服务器管理员所面临的要多的多，我的工作相对来说也比较重要，我相信这篇文章会给不少兄弟一些启示，希望我们能共同携手打造看似不可能达到的目标，绝对安全的服务器！

　　软件名称：青云服务器安全设置器1.9.4

　　软件切图:

　　

Thecsafe2.jpg (34.15 KB)

2008-3-18 17:50

　　软件价格:从2.0以后20元一套,青云负责永久免费更新!

　　适用系统：Windows2000/WindowsXP/Windows2003

　　软件功能:让你的服务器有一个绝对安全稳定的服务器纯静运行环境！

　　服务器要求：所有盘符必须为NTFS磁盘格式，服务器以前没有设置过权限类的设置，新装好的服务器系统最佳！如以前设置过权限了请先看清楚批处理内容里都设了哪些地方，如果有你已经设置过的地方直接删除不用重复再设就可以了，一般重复设也没有问题的！

　　使用方法：解压后直接运行ThecSafe.bat即可，里面的选项可以按你的需要来设置！


　　其他安全设置：

　　Serv-U的设置很简单，改下默认的管理密码再给专用管理账户就可以了，SQL2000也是，给普通用户管理权限并把危险的存储过程删除即可完美解决安全问题！这些都加不到批处理里面，因为用命令无法控制和每个人的服务器环境都不一样，所以没法统一加入让大家使用，按我说的操作保证绝对安全！


　　我们的目标是努力打造绝对安全稳定的服务器纯静运行环境！

　　下载地址如下:

　　http://a.thec.cn/fhcmail/ThecSafe1.9.4.rar

　　好了不费话了,核心源码内容如下:

=========================================================
@Echo Off
TITLE  常来网服务器高级安全设置器

:start
CLS
COLOR 1f
Rem 使用COLOR命令对控制台输出颜色进行更改
MODE con: COLS=32 LINES=21
Rem MODE语句为设定窗体的宽和高
Set tm1=%time:~0,2%
Set tm2=%time:~3,2%
Set tm3=%time:~6,2%
Echo %date% %tm1%点%tm2%分%tm3%秒
Echo ================================
Echo 请选择要进行的操作，然后按回车
Echo ───────────────
Echo.
Echo A. 一键搞定/全自动设置服务器
Echo 0. 清理系统垃圾文件
Echo 1. 给系统危险文件设置权限
Echo 2. 给系统危险文件夹设置权限
Echo 3. 系统服务优化
Echo 4. 注册表危险组件删除
Echo 5. 防DDOS洪水攻击处理
Echo 6. 导入常来网专用安全策略
Echo 7. 重启IIS使设置生效
Echo 8. 刷新当前时间
Echo 9. 锁定计算机
Echo L. 注销当前用户
Echo Q. 退出安全设置器
Echo.

:cho
Set Choice=
Set /P Choice=选择:
Rem 设定变量"Choice"为用户输入的字符
If Not "%Choice%"=="" Set Choice=%Choice:~0,1%
Rem 如果输入大于1位,取第1位,比如输入132,则返回值为1
Echo.
If /I "%Choice%"=="A" Goto Auto
If /I "%Choice%"=="0" Goto Clear
If /I "%Choice%"=="1" Goto SetFile
If /I "%Choice%"=="2" Goto SetFolder
If /I "%Choice%"=="3" Goto Service
If /I "%Choice%"=="4" Goto Reg
If /I "%Choice%"=="5" Goto Ddos
If /I "%Choice%"=="6" Goto Ipsec
If /I "%Choice%"=="7" Goto restartiis
If /I "%Choice%"=="8" Goto start
If /I "%Choice%"=="9" Goto lock
If /I "%Choice%"=="L" Goto logoff
If /I "%Choice%"=="Q" Goto End
Rem 为避免出现返回值为空或含空格而导致程序异常,需在变量外另加双引号
Rem 注意,If语句需要双等于号
Rem 如果输入的字符不是以上数字,将返回重新输入
Echo 选择无效，请重新输入
Echo.
Goto cho

:Clear
CLS
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Echo 正在清理系统垃圾文件，请稍等......
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
del /f /s /q %windir%\temp\*.*
del /f /s /q %userprofile%\cookies\*.*
del /f /s /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
del /f /s /q "%userprofile%\recent\*.*"

Echo 清理系统垃圾完成! 请按任意键返回并选1继续...
PAUSE >nul
Goto start

:SetFile
CLS
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 删除系统危险文件的访问权限，只留管理组成员

cscript.exe xcacls.vbs "%SystemDrive%/boot.ini" /G Administrators:F
cscript.exe xcacls.vbs "%SystemDrive%/boot.ini" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemDrive%/AUTOEXEC.BAT" /G Administrators:F
cscript.exe xcacls.vbs "%SystemDrive%/AUTOEXEC.BAT" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemDrive%/Program Files/Internet Explorer/iexplore.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/Internet Explorer/iexplore.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/net.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/net.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/net1.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/net1.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/cmd.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/cmd.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/ftp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ftp.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/scrrun.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/scrrun.dll" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/shell.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shell.dll" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/netstat.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/netstat.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/regedit.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/regedit.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/secedit.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/secedit.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/gpresult.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/gpresult.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/gpupdate.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/gpupdate.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/at.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/at.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/attrib.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/attrib.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/format.com" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/format.com" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/logoff.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/logoff.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/shutdown.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shutdown.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/telnet.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/telnet.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/wscript.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/wscript.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/doskey.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/doskey.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/help.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/help.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/ipconfig.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ipconfig.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/nbtstat.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/nbtstat.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/print.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/print.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/xcopy.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/xcopy.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/edit.com" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/edit.com" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/regedt32.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/regedt32.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/reg.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/reg.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/register.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/register.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/replace.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/replace.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/nwscript.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/nwscript.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/share.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/share.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/ping.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ping.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/ipsec6.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/ipsec6.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/netsh.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/netsh.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/debug.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/debug.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/route.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/route.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/tracert.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/tracert.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/powercfg.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/powercfg.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/nslookup.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/nslookup.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/arp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/arp.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/rsh.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/rsh.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/netdde.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/netdde.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/mshta.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/mshta.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/mountvol.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/mountvol.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/tftp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/tftp.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/setx.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/setx.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/find.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/find.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/finger.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/finger.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/where.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/where.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/regsvr32.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/regsvr32.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/cacls.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/cacls.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/sc.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/sc.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/shadow.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shadow.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/runas.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/runas.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/wshom.ocx" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshom.ocx" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/wshext.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshext.dll" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/shell32.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/shell32.dll" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/zipfldr.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/zipfldr.dll" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/PCHealth/HelpCtr/Binaries/msconfig.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/PCHealth/HelpCtr/Binaries/msconfig.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/notepad.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/notepad.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/regedit.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/regedit.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/winhelp.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/winhelp.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/winhlp32.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/winhlp32.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/notepad.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/notepad.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/edlin.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/edlin.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/posix.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/posix.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/atsvc.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/atsvc.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/qbasic.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/qbasic.exe" /G Administrators:F

cscript.exe xcacls.vbs "%SystemRoot%/system32/runonce.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/runonce.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/syskey.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/syskey.exe" /D Guests:F /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/cscript.exe" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/cscript.exe" /D Guests:F /E

Echo 给系统危险文件设置权限设定完毕! 请按任意键返回并选2继续...
PAUSE >nul
Goto start

:SetFolder
CLS
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 删除C盘所有的Everone权限
cd/

cscript.exe xcacls.vbs "%SystemDrive%" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemRoot%" /r "Everyone" /e
@REM "cscript.exe xcacls.vbs "%SystemRoot%/Registration" /r "Everyone" /e " 这个不能去Everyone权限
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users" /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents"  /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Inetpub/wwwroot/aspnet_client"  /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft"  /r "Everyone" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help"  /r "Everyone" /e

Rem 删除C盘所有的CREATOR OWNER权限
cd/

cscript.exe xcacls.vbs "%SystemRoot%" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/repair" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/WindowsUpdate" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents"  /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data"  /r "CREATOR OWNER" /e

Rem 删除C盘所有的Power Users权限
cd/

cscript.exe xcacls.vbs "%SystemRoot%" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/repair" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/WindowsUpdate" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users" /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents"  /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data"  /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft"  /r "Power Users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help"  /r "Power Users" /e

Rem 删除C盘所有的TERMINAL SERVER USER权限
cd/

cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "TERMINAL SERVER USER" /e

Rem 添加Guests组拒绝权限[IUSR_XXX或某个虚拟主机用户组禁止列目录,可有效防止FSO类木马]
cd/

cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/repair" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/inetsrv" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/inetsrv/MetaBack" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/inetsrv/ASP Compiled Templates" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/IIS Temporary Compressed Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/Microsoft.NET/Framework/v1.1.4322/Temporary ASP.NET Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemRoot%/Microsoft.NET/Framework/v2.0.50727/Temporary ASP.NET Files" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/DSS/achineKeys" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/RSA/MachineKeys" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /D Guests:1;1 /E

Rem 删除C盘的所有的users的访问权限
cd/

cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Documents"  /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data"  /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /r "users" /e
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/addins" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/AppPatch" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Connection Wizard" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Debug" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Driver Cache" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Help" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/IIS Temporary Compressed Files" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/java" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/msagent" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/mui" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/repair" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Resources" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/security" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/TAPI" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/twain_32" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/Web" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/3com_dmi" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/administration" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/Cache" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/CatRoot2" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/Com" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/config" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/dhcp" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/drivers" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/export" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/icsxml" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/lls" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/LogFiles" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/MicrosoftPassport" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/mui" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/oobe" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/ShellExt" /r "users" /e
@Rem cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "users" /e 这里影响.NET程序的正常运行,所以去掉!

Rem 添加IIS_WPG的访问权限
cscript.exe xcacls.vbs "%SystemDrive%" /g IIS_WPG:;b468 /e
cscript.exe xcacls.vbs "%SystemRoot%" /g IIS_WPG:b1468;b1468 /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /g IIS_WPG:r /e
cscript.exe xcacls.vbs "%SystemRoot%/Downloaded Program Files" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/Help" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/IIS Temporary Compressed Files" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/Offline Web Pages" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/System32" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/Tasks" /g IIS_WPG:c /e
cscript.exe xcacls.vbs "%SystemRoot%/Web" /g IIS_WPG:c /e

Rem 添加iis_wpg的访问权限[装了MACFEE的软件专用]
Rem cscript.exe xcacls.vbs "%SystemDrive%/Program Files/Network Associates" /g IIS_WPG:r /e

Rem 添加users的访问权限
cscript.exe xcacls.vbs "%SystemRoot%/temp" /g Everyone:m /e
cscript.exe xcacls.vbs "%SystemDrive%/Program Files/Common Files" /g Users:r /e
cscript.exe xcacls.vbs "%SystemRoot%/Microsoft.NET/Framework" /g users:b1468;b1468 /e



Rem 禁止[列出文件夹 / 读取数据]此权限出现
Rem -------------------------------------------
Rem 添加Users的访问权限[装了PHP的服务器专用]
cscript.exe xcacls.vbs "C:\php5" /g users:b468;b468 /e
cscript.exe xcacls.vbs "%SystemRoot%/system32" /r "users" /e
cscript.exe xcacls.vbs "%SystemRoot%/System32" /g users:b468;b468 /e
Rem -------------------------------------------

Rem 删除C盘Windows下的所有的危险文件夹

attrib %SystemRoot%/Web/printers -s -r -h
del %SystemRoot%\Web\printers\*.* /s /q /f
rd %SystemRoot%\Web\printers /s /q

attrib %SystemRoot%\Help\iisHelp -s -r -h
del %SystemRoot%\Help\iisHelp\*.* /s /q /f
rd %SystemRoot%\Help\iisHelp /s /q

attrib %SystemRoot%\system32\inetsrv\iisadmpwd -s -r -h
del %SystemRoot%\system32\inetsrv\iisadmpwd\*.* /s /q /f
rd %SystemRoot%\system32\inetsrv\iisadmpwd /s /q

Echo 给系统危险文件夹设置权限设定完毕! 请按任意键返回并选3继续...
PAUSE >nul
Goto start

:Reg
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 注册表相关设定

reg delete HKEY_CLASSES_ROOT\WScript.Shell /f

reg delete HKEY_CLASSES_ROOT\WScript.Shell.1 /f

reg delete HKEY_CLASSES_ROOT\Shell.application /f

reg delete HKEY_CLASSES_ROOT\Shell.application.1 /f

reg delete HKEY_CLASSES_ROOT\WSCRIPT.NETWORK /f

reg delete HKEY_CLASSES_ROOT\WSCRIPT.NETWORK.1 /f

regsvr32 /s /u wshom.ocx

regsvr32 /s /u wshext.dll

regsvr32 /s /u shell32.dll

Echo 注册表危险组件删除设定完毕! 请按任意键返回并选5继续...
PAUSE >nul
Goto start

dos
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 防DDOS洪水攻击处理

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_BINARY /d "01 00 00 00" /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsHistory /t REG_BINARY /d "01 00 00 00" /f
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DontDisplayLastUserName /t REG_SZ /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareServer /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareWks /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirect /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v KeepAliveTime /t REG_DWORD /d "0x000927c0" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SynAttackProtect /t REG_DWORD /d "00000002" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpen /t REG_DWORD /d "0x000001f4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpenRetried /t REG_DWORD /d "00000190" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxConnectResponseRetransmissions /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxDataRetransmissions /t REG_DWORD /d "00000003" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TCPMaxPortsExhausted /t REG_DWORD /d "00000005" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v DisableIPSourceRouting /t REG_DWORD /d "00000002" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpTimedWaitDelay /t REG_DWORD /d "0x0000001e" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpNumConnections /t REG_DWORD /d "0x00004e20" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnablePMTUDiscovery /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v NoNameReleaseOnDemand /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableDeadGWDetect /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v PerformRouterDiscovery /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirects /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v BacklogIncrement /t REG_DWORD /d "00000005" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v MaxConnBackLog /t REG_DWORD /d "0x000007d0" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v EnableDynamicBacklog /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MinimumDynamicBacklog /t REG_DWORD /d "00000014" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MaximumDynamicBacklog /t REG_DWORD /d "00007530" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v DynamicBacklogGrowthDelta /t REG_DWORD /d "0x0000000a" /f

Rem 关闭445端口
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v SMBDeviceEnabled /t REG_DWORD /d "00000000" /f

Rem 关闭135端口
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole" /v EnableDCOM /t REG_SZ /d "N" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc" /v "DCOM Protocols" /t REG_MULTI_SZ /d "" /f

Rem 禁止dump file的产生和删除现有MEMORY.DMP文件
Rem dump文件在系统崩溃和蓝屏的时候是一份很有用的查找问题的资料。然而，它也能够给黑客提供一些敏感信息比如一些应用程序的密码等。

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD  /d 00000000 /f

attrib %SystemRoot%\MEMORY.DMP -s -r -h
del %SystemRoot%\MEMORY.DMP /s /q /f

Echo 防DDOS洪水攻击处理完毕! 请按任意键返回并选6继续...
PAUSE >nul
Goto start


:Ipsec
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 导入常来网专用IP安全策略

netsh ipsec static importpolicy ThecSafe.ipsec
netsh ipsec static set policy name="常来网专用安全策略" assign=y

Rem 导入常来网专用组策略
secedit /configure /db ThecSafe.sdb /cfg ThecSafe.inf /quiet
del ThecSafe.sdb

Echo 导入常来网专用安全策略完毕! 请按任意键返回并选7继续...
PAUSE >nul
Goto start

:restartiis
MODE con: COLS=80 LINES=18
COLOR 70
Echo.
Rem 重启IIS使设置生效

iisreset.exe

Echo IIS服务重启完毕! 请按任意键返回并选其他操作继续...
PAUSE >nul
Goto start

:lock
rundll32.exe user32.dll,LockWorkStation
Goto start

:logoff
logoff

:End
Exit
=========================================================

路过比较好奇,来看看.好象很有用