@echo on
Rem 激活administrator管理员用户
Rem net user administrator /active:yes
Rem 隐藏administrator用户
Rem reg add "HKLM\SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v administrator /t REG_DWORD /d 0 /f
Rem 设置文件共享部分的
net user guest /active:yes
::1、禁用“使用空白密码的本地用户只允许进行控制台登录”
reg add "HKLM\SYSTEM\ControlSet001\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f
::2、设置本地账户的共享模式和安全模式:仅来宾-本地用户以来宾身份验证。
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v forceguest /t REG_DWORD /d 1 /f
::3、防火墙开放文件共享访问
reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch" /v Epoch /t REG_DWORD /d 1ED /f
reg add "HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch" /v Epoch /t REG_DWORD /d 1ED /f
::设置允许任意远程ip访问共享服务的防火墙规则
netsh advfirewall firewall add rule name="Allow Ping" dir=in protocol=icmpv4 action=allow remoteip=any
netsh advfirewall firewall add rule name="Netbios-ns" protocol=UDP dir=in localport=137 action=allow remoteip=any
netsh advfirewall firewall add rule name="Netbios-dgm" protocol=UDP dir=in localport=138 action=allow remoteip=any
netsh advfirewall firewall add rule name="Netbios-ssn" protocol=TCP dir=in localport=139 action=allow remoteip=any
netsh advfirewall firewall add rule name="Netbios-ds" protocol=TCP dir=in localport=445 action=allow remoteip=any
::4、删除安全策略中guest拒绝从网络访问
echo [Version]>vt.inf
echo signature="$CHICAGO$">>vt.inf
echo Revision=1>>vt.inf
echo [Privilege Rights]>>vt.inf
echo SeDenyNetworkLogonRight =>>vt.inf
secedit /configure /db vt.sdb /cfg vt.inf
del vt.inf /q
del vt.sdb /q
::5、设置共享
mkdir d:\scan
net share scan=d:\scan /remark:"扫描共享文件夹" /unlimited /gant:everyone,full
echo y|cacls d:\scan /g everyone:f
网友评论