来看看:win2003 WEB服务器NTFS权限设置图文办法
如果你想在以后的生涯中在软件行业工作的话,学习linux是一项基本技能,所以打从你打算学习linux那天起,放弃windows吧!因为它除了能给你带来片刻的娱乐,别无其他;总得来讲,前者对照难设置,参考了他人的一些设置和本人的一些理论,找到一个自己以为还绝对中意的做法,因为团体程度无限,但愿妙手指出我不敷的中央,感谢。因为比来忙着其余事,等忙完以后再把IIS设置的部分另有本人要收拾的一些材料送上~~到时分人人能够到论坛www.n0ws.com上往检察,不外本博客也是供应相干材料的下载的。
上面是我的做法:
起首,设置体系盘下(如:c盘)的权限(已将IIS的默许文件夹删除)
1.体系盘:选中体系盘,属性,平安选项卡,删失落除administrators和system组的其他组大概用户。
2.ProgramFiles:右键文件夹->选择属性->选择“平安”选项卡->点击“初级”选项->选中“同意父项…”和“用在此显现…”->点击“复制”->点击断定,加入初级平安设置->把平安选项卡中除administrators和system组以外的组大概用户删除
初级平安设置效果以下:
3.ProgramFiles/CommonFile/users:进进到programfiles下的commonfile文件夹上面,找到system增加users,默许的权限便可。所谓默许权限就是你增加这个用户体系主动授与这个用户关于操纵文件夹大概文件的权限。(大概有人要问为何要给这个文件夹设置users的权限?答:这个部分内里有一些dll文件是asp中createobject的时分必要的)
4.DocumentsandSettings:进进体系盘,选中DocumentsandSettings文件夹右键,删撤除除administrator、system、powerusers组以外的其他用户大概组。进进到DocumentsandSettings文件夹内里,administrator这个文件夹的权限无需设置。ALLusers文件夹,进进到初级选项选择“用在此显现的能够使用到子工具的目次替换一切子工具的权限项目”,断定,到平安选项卡上面删失落除administrator和system以外的其他用户组和用户,点击断定。Defaultusers文件夹,进进到初级选项选择“用在此显现的能够使用到子工具的目次替换一切子工具的权限项目”,断定,到平安选项卡上面删失落除administrator、system、powerusers以外的其他用户组和用户,点击断定。
5.Windows:右键文件夹->选择属性->选择“平安”选项卡->删撤除除administrator和system以外的用户->点击断定。
6.Windows/temp:右键文件夹->选择属性->选择“平安”选项卡->增加users组->设置users组只具有读取、写进的权限。
7.其他根目次下的文件夹:右键文件夹->选择属性->选择“平安”选项卡->点击“初级”选项->选中“同意父项…”和“用在此显现…”->点击“复制”->点击断定,加入初级平安设置->把“平安”选项卡中除administrators和system组以外的组大概用户删除
8.批处置:接上去的是一些特别文件夹、文件的权限,一些服务的修正,伤害组件的删除。
批处置的部分最初附高低面的保留为*.bat大概间接从我供应的下载的中央下载便可。
.代码以下:
@echooff
ECHO.
ECHO.
ECHO.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ECHo.
ECHo"windows2003NTFS加固剧本"
ECHo.
ECHO.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ECHO.
ECHO.
ECHO.-------------------------------------------------------------------------
ECHo请按提醒操纵备份好注册表,不然修正后没法复原,自己不卖力.
ECHO.
ECHOYES=nextsetNO=exit(thistime30Seconddefaultforn)
ECHO.-------------------------------------------------------------------------
CHOICE/T30/Cyn/Dn
iferrorlevel2gotoend
iferrorlevel1gotonext
:next
ifEXISTbackup(echo.)elsemdbackup
ifEXISTtemp(rmdir/s/qtemp|mdtemp)elsemdtemp
ifEXISTbackupackupkey.reg(movebackupackupkey.regbackupackupkey_old.reg)elsegotorun
:run
regedit/etempackup-reg1.key1"HKEY_LOCAL_MACHINESYSTEMCurrentControlSet"
regedit/etempackup-reg2.key2"HKEY_CLASSES_ROOT"
copy/b/y/vtempackup-reg1.key1+tempackup-reg2.key2backupackupkey.reg
ifexistbackupwshom.ocx(echo备份已存在)elsecopy/v/y%SystemRoot%System32wshom.ocxbackupwshom.ocx
ifexistbackupshell32.dll(echo备份已存在)elsecopy/v/y%SystemRoot%system32shell32.dllbackupshell32.dll
ECHO备份已完成
ECHO.
gotonext2
:next2
ECHO.
ECHO.-------------------------------------------------------------------
ECHo修正权限system32目次中不平安的几个exe文件,改成只要Administrators才有权限运转
ECHOYES=nextsetNO=thissetignore(thistime30Seconddefaultfory)
ECHO.-------------------------------------------------------------------
CHOICE/T30/Cyn/Dy
iferrorlevel2gotonext3
iferrorlevel1gotonext21
:next21
echoy|cacls.exe%SystemRoot%system32
et.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32
et1.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32cmd.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32 ftp.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32
etstat.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32egedit.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32at.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32attrib.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32cacls.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32fortmat.com/gAdministrators:F
echoy|cacls.exe%SystemDrive%oot.ini/gAdministrators:F
echoy|cacls.exe%SystemDrive%AUTOEXEC.BAT/gAdministrators:F
echoy|cacls.exe%SystemRoot%/system32ftp.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32secedit.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32gpresult.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32gpupdate.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32logoff.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32shutdown.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32 elnet.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32wscript.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32doskey.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32help.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32ipconfig.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32
btstat.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32print.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32debug.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32egedt32.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32eg.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32egister.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32eplace.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32
wscript.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32share.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32ping.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32ipsec6.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32
etsh.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32edit.com/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32oute.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32 racert.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32powercfg.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32
slookup.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32arp.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32sh.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32
etdde.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32mshta.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32mountvol.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32setx.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32find.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32where.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32finger.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32egsvr32.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32sc.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32shadow.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32unas.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%PCHealthHelpCtrBinariesmsconfig.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%
otepad.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%egedit.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%winhelp.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%winhlp32.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32edlin.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32posix.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32atsvc.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32qbasic.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32unonce.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32syskey.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32cscript.exe/gAdministrators:F
echoy|cacls.exe%SystemRoot%system32sethc.exe/gAdministrators:F
echo"C盘权限设定"
cacls"%SystemRoot%/Registration"/r"everyone"/e
echo"删除C盘的windows目次下的createowner的权限"
cd/
cacls"%SystemRoot%/repair"/r"createowner"/e
cacls"%SystemRoot%/system32"/r"createowner"/e
cacls"%SystemDrive%/system32/config"/r"createowner"/e
cacls"%SystemRoot%/system32/wbem"/r"createowner"/e
echo"删除WINDOWS文件夹上面的powerusers的权限"
cacls"%SystemRoot%/repair"/r"PowerUsers"/e
cacls"%SystemRoot%/system32"/r"PowerUsers"/e
cacls"%SystemDrive%/system32/config"/r"PowerUsers"/e
cacls"%SystemRoot%/system32/wbem"/r"PowerUsers"/e
echo"删除WINDOWS下users的会见权限"
cacls"%SystemRoot%/addins"/r"users"/e
cacls"%SystemRoot%/AppPatch"/r"users"/e
cacls"%SystemRoot%/ConnectionWizard"/r"users"/e
cacls"%SystemRoot%/Debug"/r"users"/e
cacls"%SystemRoot%/DriverCache"/r"users"/e
cacls"%SystemRoot%/Help"/r"users"/e
cacls"%SystemRoot%/IISTemporaryCompressedFiles"/r"users"/e
cacls"%SystemRoot%/java"/r"users"/e
cacls"%SystemRoot%/msagent"/r"users"/e
cacls"%SystemRoot%/mui"/r"users"/e
cacls"%SystemRoot%/repair"/r"users"/e
cacls"%SystemRoot%/Resources"/r"users"/e
cacls"%SystemRoot%/security"/r"users"/e
cacls"%SystemRoot%/system"/r"users"/e
cacls"%SystemRoot%/TAPI"/r"users"/e
cacls"%SystemRoot%/Temp"/r"users"/e
cacls"%SystemRoot%/twain_32"/r"users"/e
cacls"%SystemRoot%/Web"/r"users"/e
cacls"%SystemRoot%/system32/3com_dmi"/r"users"/e
cacls"%SystemRoot%/system32/administration"/r"users"/e
cacls"%SystemRoot%/system32/Cache"/r"users"/e
cacls"%SystemRoot%/system32/CatRoot2"/r"users"/e
cacls"%SystemRoot%/system32/Com"/r"users"/e
cacls"%SystemRoot%/system32/config"/r"users"/e
cacls"%SystemRoot%/system32/dhcp"/r"users"/e
cacls"%SystemRoot%/system32/drivers"/r"users"/e
cacls"%SystemRoot%/system32/export"/r"users"/e
cacls"%SystemRoot%/system32/icsxml"/r"users"/e
cacls"%SystemRoot%/system32/lls"/r"users"/e
cacls"%SystemRoot%/system32/LogFiles"/r"users"/e
cacls"%SystemRoot%/system32/MicrosoftPassport"/r"users"/e
cacls"%SystemRoot%/system32/mui"/r"users"/e
cacls"%SystemRoot%/system32/oobe"/r"users"/e
cacls"%SystemRoot%/system32/ShellExt"/r"users"/e
cacls"%SystemRoot%/system32/wbem"/r"users"/e
gotonext3
:next3
ECHO.
ECHO.
ECHO.------------------------------------------------------------------------
ECHo克制不用要的服务,假如要加入请按Ctrl+C
ECHOYES=nextsetNO=thissetignore(thistime30Seconddefaultfory)
ECHO.------------------------------------------------------------------------
CHOICE/T30/Cyn/Dy
iferrorlevel2gotonext4
iferrorlevel1gotonext31
:next31
echoWindowsRegistryEditorVersion5.00>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
echo>>tempServices.reg
echo"Start"=dword:00000004>>tempServices.reg
regedit/stempServices.reg
ECHO.
gotonext4
:next4
ECHO.
ECHO.-------------------------------------------------------------------------
ECHo避免人侵和打击.假如要加入请按Ctrl+C
ECHOYES=nextsetNO=thissetignore(thistime30Seconddefaultfory)
ECHO.-------------------------------------------------------------------------
CHOICE/T30/Cyn/Dy
iferrorlevel2gotonext5
iferrorlevel1gotonext41
:next41
echoWindowsRegistryEditorVersion5.00>tempskyddos.reg
echo>>tempskyddos.reg
echo"EnableDeadGWDetect"=dword:00000000>>tempskyddos.reg
echo"EnableICMPRedirects"=dword:00000000>>tempskyddos.reg
echo"PerformRouterDiscovery"=dword:00000000>>tempskyddos.reg
echo"NoNameReleaseOnDemand"=dword:00000001>>tempskyddos.reg
echo"KeepAliveTime"=dword:000493e0>>tempskyddos.reg
echo"EnablePMTUDiscovery"=dword:00000000>>tempskyddos.reg
echo"SynAttackProtect"=dword:00000002>>tempskyddos.reg
echo"TcpMaxHalfOpen"=dword:00000064>>tempskyddos.reg
echo"TcpMaxHalfOpenRetried"=dword:00000050>>tempskyddos.reg
echo"TcpMaxConnectResponseRetransmissions"=dword:00000001>>tempskyddos.reg
echo"TcpMaxDataRetransmissions"=dword:00000003>>tempskyddos.reg
echo"TCPMaxPortsExhausted"=dword:00000005>>tempskyddos.reg
echo"DisableIPSourceRouting"=dword:0000002>>tempskyddos.reg
echo"TcpTimedWaitDelay"=dword:0000001e>>tempskyddos.reg
echo"EnableSecurityFilters"=dword:00000001>>tempskyddos.reg
echo"TcpNumConnections"=dword:000007d0>>tempskyddos.reg
echo"TcpMaxSendFree"=dword:000007d0>>tempskyddos.reg
echo"IGMPLevel"=dword:00000000>>tempskyddos.reg
echo"DefaultTTL"=dword:00000016>>tempskyddos.reg
echo删除IPC$(InternetProcessConnection)是共享“定名管道”的资本
echo>>tempskyddos.reg
echo"restrictanonymous"=dword:00000001>>tempskyddos.reg
echo>>tempskyddos.reg
echo"PerformRouterDiscovery"=dword:00000000>>tempskyddos.reg
echo>>tempskyddos.reg
echo"BacklogIncrement"=dword:00000003>>tempskyddos.reg
echo"MaxConnBackLog"=dword:000003e8>>tempskyddos.reg
echo>>tempskyddos.reg
echo"EnableDynamicBacklog"=dword:00000001>>tempskyddos.reg
echo"MinimumDynamicBacklog"=dword:00000014>>tempskyddos.reg
echo"MaximumDynamicBacklog"=dword:00002e20>>tempskyddos.reg
echo"DynamicBacklogGrowthDelta"=dword:0000000a>>tempskyddos.reg
echo>>tempskyddos.reg
echo"autoshareserver"=dword:00000000>>tempskyddos.reg
regedit/stempskyddos.reg
ECHO.
ECHO.
gotonext5
:next5
ECHO.
ECHO.------------------------------------------------------------------------
ECHo避免ASP木马运转卸除WScript.Shell,Shell.application,WScript.Network
ECHOYES=nextsetNO=thissetignore(thistime30Seconddefaultfory)
ECHO.-----------------------------------------------------------------------
CHOICE/T30/Cyn/Dy
iferrorlevel2gotonext6
iferrorlevel1gotonext51
:next51
echoWindowsRegistryEditorVersion5.00>tempdel.reg
echo[-HKEY_CLASSES_ROOTShell.Application]>>tempdel.reg
echo[-HKEY_CLASSES_ROOTShell.Application.1]>>tempdel.reg
echo[-HKEY_CLASSES_ROOTCLSID{13709620-C279-11CE-A49E-444553540000}]>>tempdel.reg
echo[-HKEY_CLASSES_ROOTADODB.CommandCLSID]>>tempdel.reg
echo[-HKEY_CLASSES_ROOTCLSID{00000566-0000-0010-8000-00AA006D2EA4}]>>tempdel.reg
regedit/stempdel.reg
regsvr32/u%SystemRoot%system32wshom.ocx
del/f/q%SystemRoot%System32wshom.ocx
regsvr32/u%SystemRoot%system32shell32.dll
del/f/q%SystemRoot%System32shell32.dll
rmdir/q/stemp
ECHO.
gotonext6
:next6
ECHO.
ECHO.
ECHO.---------------------------------------------------------------------
ECHo设置已完成重启后才干失效.
ECHOYES=rebootserverNO=exit(thistime60Seconddefaultfory)
ECHO.----------------------------------------------------------------------
CHOICE/T30/Cyn/Dy
iferrorlevel2gotoend
iferrorlevel1gotoreboot
:reboot
shutdown/r/t0
:end
ifEXISTtemp(rmdir/s/qtemp|exit)elseexit
如果你学不好的话,你在linux中开发的机会就很少,或者说几乎没有,它的优势就消失了,然后随着时间的流逝,你就会全部忘记她; 然我们对Linux的学习首先是通过对它的产生,发展,到今天仍然在不断完善开始的。 发问的时候一定要注意到某些礼节。因为Linux社区是一个松散的组织、也不承担回复每个帖子的义务。它不是技术支持。 其实老师让写心得我也没怎么找资料应付,自己想到什么就写些什么,所以不免有些凌乱;很少提到编程,因为那些在实验报告里已经说了,这里再写就多余了。 要增加自己Linux的技能,只有通过实践来实现了。所以,赶快找一部计算机,赶快安装一个Linux发行版本,然后进入精彩的Linux世界,相信对于你自己的Linux能力必然大有斩获。 掌握在Linux系统中安装软件,在安装Linux工具盘后大致日常所需的软件都会有,一般网络提供下载的软件都会有安装说明。 就这样,我们一边上OS理论课,一边上这个实验,这样挺互补的,老师讲课,一步一步地布置任务 现在的linux操作系统如redhat,难点,红旗等,都是用这么一个内核,加上其它的用程序(包括X)构成的。
页:
[1]