Rem Add access permissions for IIS_WPG
"%SystemDrive%" /g IIS_WPG:;b468 /e
"%SystemRoot%" /g IIS_WPG:b1468;b1468 /e
"%SystemDrive%/Program Files" /g IIS_WPG:r /e
"%SystemRoot%/Downloaded Program Files" /g IIS_WPG:c /e
"%SystemRoot%/Help" /g IIS_WPG:c /e
"%SystemRoot%/IIS Temporary Compressed Files" /g IIS_WPG:c /e
"%SystemRoot%/Offline Web Pages" /g IIS_WPG:c /e
"%SystemRoot%/System32" /g IIS_WPG:c /e
"%SystemRoot%/Tasks" /g IIS_WPG:c /e
"%SystemRoot%/Web" /g IIS_WPG:c /e
Rem Add access permissions of iis_wpg [with MACFEE software installed]
Rem "%SystemDrive%/Program Files/Network Associates" /g IIS_WPG:r /e
Rem add users access permissions
"%SystemRoot%/temp" /g Everyone:m /e
"%SystemDrive%/Program Files/Common Files" /g Users:r /e
"%SystemRoot%//Framework" /g users:b1468;b1468 /e
Rem Prohibit [List folders/ Read data] This permission appears
Rem -------------------------------------------
Rem Add Users access permissions [only for servers with PHP installed]
"C:\php5" /g users:b468;b468 /e
"%SystemRoot%/system32" /r "users" /e
"%SystemRoot%/System32" /g users:b468;b468 /e
Rem -------------------------------------------
Rem Delete all users access permissions on disk D
"D:\" /r "users" /e
"D:\" /r "everyone" /e
"D:\" /r "CREATOR OWNER" /e
Rem Delete all users access permissions on E disk
"E:\" /r "users" /e
"E:\" /r "everyone" /e
"E:\" /r "CREATOR OWNER" /e
Rem Delete all users access permissions on F disk
"F:\" /r "users" /e
"F:\" /r "everyone" /e
"F:\" /r "CREATOR OWNER" /e
Rem Delete all dangerous folders under C drive Windows
attrib %SystemRoot%/Web/printers -s -r -h
del %SystemRoot%\Web\printers\*.* /s /q /f
rd %SystemRoot%\Web\printers /s /q
attrib %SystemRoot%\Help\iisHelp -s -r -h
del %SystemRoot%\Help\iisHelp\*.* /s /q /f
rd %SystemRoot%\Help\iisHelp /s /q
attrib %SystemRoot%\system32\inetsrv\iisadmpwd -s -r -h
del %SystemRoot%\system32\inetsrv\iisadmpwd\*.* /s /q /f
rd %SystemRoot%\system32\inetsrv\iisadmpwd /s /q
Echo has set permissions for the system's dangerous folders! Now it will automatically move to the next step to continue execution...
CLS
Echo is undergoing system service optimization, please wait...
@REM Application Experience Lookup Service
@REM Process application compatibility lookup requests for the application when the application starts.
@REM Suggestions: Disable
sc config AeLookupSvc start= DISABLED
sc stop AeLookupSvc
@REM Background Intelligent Transfer Service
@REM Transfer data between the client and the server in the background. If BITS is disabled, some functions, such as Windows Update, will not work properly.
@REM Suggestions: Disable
sc config BITS start= DISABLED
sc stop BITS
@REM DHCP Client
@REM Register and update the IP address for this computer. If this service is stopped, the computer will not be able to receive dynamic IP address and DNS updates. If this service is disabled, all services that explicitly depend on it will not be started.
@REM Suggestions: Disable
sc config Dhcp start= DISABLED
sc stop Dhcp
@REM Network Location Awareness (NLA)
@REM Collect and save network configuration and location information, and notify the application when information changes.
@REM Suggestions: Disable
sc config Nla start= DISABLED
sc stop Nla
@REM Secondary Logon
@REM Enable the enable process under replacement credentials. If this service is terminated, this type of login access will not be available. If this service is disabled, any service that depends on it will not start.
@REM Suggestions: Disable
sc config seclogon start= DISABLED
sc stop seclogon
@REM TCP/IP NetBIOS Helper
@REM provides support for NetBIOS on the TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, allowing users to share files, print and log in to the network. If this service is disabled, these features may not be available. If this service is disabled, any service that depends on it will not start.
@REM Suggestions: Disable
sc config LmHosts start= DISABLED
sc stop LmHosts
@REM Wireless Configuration
@REM Enable the automatic configuration of the IEEE 802.11 adapter. If this service is stopped, automatic configuration will not be available. If this service is disabled, all services that explicitly depend on it will not be started.
@REM Suggestions: Disable
sc config WZCSVC start= DISABLED
sc stop WZCSVC
@REM Smart Card (Smart Card)
@REM Microsoft: Manage the access to the smart card read by this computer. If this service is stopped, the computer will not be able to read the smart card. If this service is deactivated, any service that explicitly depends on it will not start.
@REM Addition: If you don’t use Smart Card, then you can turn it off
@REM Dependencies: Plug and Play
@REM Suggestions: Disable
sc config SCardSvr start= DISABLED
sc stop SCardSvr
@REM Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)[For XP]
@REM Microsoft: Provide network address translation, addressing and name resolution services and/or services to prevent interference for your home network or small office network.
@REM Addition: If you do not use Internet Online Sharing (ICS) or Internet Online Firewall (ICF) included in XP you can turn it off
@REM Dependencies: Application Layer Gateway Service, Network Connections, Network Location Awareness(NLA), remote Access Connection Manager
@REM Suggestions: Disable
sc config SharedAccess start= DEMAND
sc stop SharedAccess
@REM Windows Image Acquisition (WIA) (Windows Image Acquisition Program)
@REM Microsoft: Provides image capture services for scanners and digital cameras.
@REM Addition: If the scanner and digital camera have WIA function inside, you can directly see the image and no other driver is needed, so users without scanners and digital cameras can turn it off.
@REM Dependency: remote Procedure Call (RPC)
@REM Suggestions: Disable
sc config stisvc start= DISABLED
sc stop stisvc
@REM MS Software Shadow Copy Provider[For XP]
@REM Microsoft: Manage the software-based disk area shadow replication obtained by the disk area shadow replication service. If this service is stopped, it is impossible to manage software-based disk shadow replication.
@REM Addition: As mentioned above, the things used for backup, such as the MS Backup program, need this service
@REM Dependency: remote Procedure Call (RPC)
@REM Suggestions: Disable
sc config swprv start= DISABLED
sc stop swprv
@REM Performance Logs and Alerts (performance log files and warnings)
@REM Microsoft: Collect performance data on local or remote computers based on pre-configured schedule parameters, and then write this data to a log or trigger an alarm. If this service is terminated, no performance information will be collected. If this service is disabled, any service that depends on it will not start.
@REM Addition: No valuable service
@REM Suggestions: Disable
sc config SysmonLog start= DISABLED
sc stop SysmonLog
@REM Telephony (phone voice)
@REM Microsoft: Provides telephone voice API (TAPI) support for the program that controls the telephone voice device and IP for the main voice online on the local computer and on the server that is performing this service via the local area network.
@REM Supplement: General dial-up modems or some DSL/Cables may be used
@REM Dependencies: Plug and Play, remote Procedure Call (RPC), remote Access Connection Manager, remote Access Auto Connection Manager
@REM Suggestions: Manual
sc config TapiSrv start= DISABLED
sc stop SysmonLog
@REM Distributed Link Tracking Client (Distributed Link Tracking Client)
@REM Microsoft: Maintain the connection between NTFS files in computers or in different computers in network domains.
@REM Supplement: Maintain the archive links between different computers in the network in the maintenance area
@REM Dependency: remote Procedure Call (RPC)
@REM Suggestions: Disable
sc config TrkWks start= DISABLED
sc stop TrkWks
@REM Portable Media Serial Number
@REM Microsoft: Retrieves the serial number of any portable music player connected to your computer
@REM Addition: Re-acquire any music dialing serial number through the online computer? No value service
@REM Suggestions: Disable
sc config WmdmPmSN start= DISABLED
sc stop WmdmPmSN
@REM WMI Performance Adapter
@REM Microsoft: Provides performance link library information from WMIHiPerf providers.
@REM Supplement: As mentioned above
@REM Dependency: remote Procedure Call (RPC)
@REM Suggestions: Disable
sc config WmiApSrv start= DISABLED
sc stop WmiApSrv
@REM Automatic Updates
@REM Microsoft: Enable important Windows update download and installation. If this service is disabled, you can manually update the operating system from the Windows Update website.
@REM Supplement: Allow Windows to automatically check and download update patches in the background automatically online
@REM Suggestions: Disable
sc config wuauserv start= DISABLED
sc stop wuauserv
@REM Fast User Switching Compatibility[For XP]
@REM provides management for applications that need assistance with multiple users. Rely on RPC.
sc config FastUserSwitchingCompatibility start= DEMAND
sc stop FastUserSwitchingCompatibility
@REM System Restore Service[For XP]
@REM Execute system restore function. To stop the service, close System Restore from the System Restore tab in the properties of My Computer.
sc config srservice start= DISABLED
sc stop srservice
@REM SSDP Discovery Service[For XP]
@REM Start discovery of UPnP devices on your home network.
sc config SSDPSRV start= DISABLED
sc stop SSDPSRV
@REM telnet
@REM allows remote users to log in to this computer and run programs, and supports a variety of TCP/IP Telnet customers, including UNIX and Windows-based computers. If this service is stopped, the remote user cannot access the program and any service that directly relies on it will start fail.
sc config TlntSvr start= DISABLED
sc stop TlntSvr
@REM Universal Plug and Play Device Host[For XP]
@REM provides support for hosting universal plug-and-play devices.
sc config upnphost start= DEMAND
sc stop upnphost
@REM Security Center[For XP]
@REM Monitor system security settings and configuration.
sc config wscsvc start= DISABLED
sc stop wscsvc
@REM System Event Notification
@REM Supervise system events and notify COM+ Event system "subscriber". If this service is disabled, the COM+ event system "subscriber" will not receive system event notifications. If this service is disabled, any service that depends on it will not be enabled.
@REM Suggestions: Disable
sc config SENS start= DISABLED
sc stop SENS
@REM COM+ Event System
@REM Supports System Event Notification Service (SENS), which provides automatic event distribution function for subscribed component object model (COM) components. If this service is stopped, SENS will be closed and login and logout notifications cannot be provided. If this service is disabled, no other services that explicitly rely on this service will start.
@REM Suggestions: Disable
sc config EventSystem start= DISABLED
sc stop EventSystem
@REM Windows Audio
@REM manages audio devices based on Windows-based programs. If this service is terminated, the audio device and its sound effects will not work properly. If this service is disabled, any service that depends on it will not start.
@REM Addition: What sound card is used on the server? It has been removed!
@REM Suggestions: Disable
sc config AudioSrv start= DISABLED
sc stop AudioSrv
@REM Computer Browser
@REM Maintains the update list of computers on the network and provides the list to the computer for specified browsing. If the service is stopped, the list will not be updated or maintained. If the service is disabled, any services that directly depend on this service will not be started.
@REM Suggestions: Disable
sc config Browser start= DISABLED
sc stop Browser
@REM Task Scheduler
@REM enables users to configure and schedule automatic tasks on this computer. If this service is terminated, these tasks will not run during scheduled time. If this service is disabled, any service that depends on it will not start.
@REM Suggestions: Disable
sc config Schedule start= DISABLED
sc stop Schedule
@REM Routing and Remote Access
@REM provides routing services to enterprises in LAN and WAN environments.
@REM Suggestions: Disable
sc config RemoteAccess start= DISABLED
sc stop RemoteAccess
@REM Removable Storage
@REM Manage and catalog removable media and operate automated removable media devices. If this service is stopped, programs that rely on removable storage such as backup and remote storage will slow down. If this service is disabled, all services that rely on this service will not be started.
@REM Suggestions: Disable
sc config NtmsSvc start= DISABLED
sc stop NtmsSvc
@REM Remote Registry
@REM enables remote users to modify the registry settings on this computer. If this service is terminated, only users on this computer can modify the registry. If this service is disabled, any service that depends on it will not start.
@REM Suggestions: Disable
sc config RemoteRegistry start= DISABLED
sc stop RemoteRegistry
@REM Print Spooler
@REM Manage all local and network printing queues and control all printing work. If this service is disabled, printing on the local computer will not be available. If this service is disabled, any service that depends on it will not be enabled.
@REM Suggestions: Disable
sc config Spooler start= DISABLED
sc stop Spooler
@REM Error Reporting Service
@REM Collect, store and report exceptional application crashes to Microsoft. If this service is deactivated, the error report only occurs when kernel errors and certain types of user mode errors. If this service is disabled, any service that depends on it will not be enabled.
@REM Suggestions: Disable
sc config ERSvc start= DISABLED
sc stop ERSvc
@REM Workstation
@REM Create and maintain client network connections to remote services. If the service is stopped, these connections will not be available. If the service is disabled, any services that directly depend on this service will not be started. Hackers can use this service to see all computer users.
@REM Suggestions: Disable
sc config lanmanworkstation start= DISABLED
sc stop lanmanworkstation
@REM Help and Support
@REM Enable the Help and Support Center to run on this computer. If the service is stopped, the Help and Support Center will not be available. If the service is disabled, any services that directly depend on this service will not be started.
@REM Suggestions: Disable
sc config helpsvc start= DISABLED
sc stop helpsvc
The Echo system service optimization setting has been completed! Now automatically move to the next step to continue execution...
CLS
Echo is in progressing the registry related settings, please wait...
reg delete HKEY_CLASSES_ROOT\ /f
reg delete HKEY_CLASSES_ROOT\.1 /f
reg delete HKEY_CLASSES_ROOT\ /f
reg delete HKEY_CLASSES_ROOT\.1 /f
reg delete HKEY_CLASSES_ROOT\ /f
reg delete HKEY_CLASSES_ROOT\.1 /f
regsvr32 /s /u
regsvr32 /s /u
regsvr32 /s /u
The Echo registry hazardous component deletion settings have been completed! Now automatically move to the next step to continue execution...
CLS
Echo is undergoing anti-DDOS flood attacks, please wait...
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_BINARY /d "01 00 00 00" /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsHistory /t REG_BINARY /d "01 00 00 00" /f
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DontDisplayLastUserName /t REG_SZ /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareServer /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareWks /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirect /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v KeepAliveTime /t REG_DWORD /d "0x000927c0" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SynAttackProtect /t REG_DWORD /d "00000002" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpen /t REG_DWORD /d "0x000001f4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpenRetried /t REG_DWORD /d "00000190" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxConnectResponseRetransmissions /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxDataRetransmissions /t REG_DWORD /d "00000003" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TCPMaxPortsExhausted /t REG_DWORD /d "00000005" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v DisableIPSourceRouting /t REG_DWORD /d "00000002" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpTimedWaitDelay /t REG_DWORD /d "0x0000001e" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpNumConnections /t REG_DWORD /d "0x00004e20" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnablePMTUDiscovery /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v NoNameReleaseOnDemand /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableDeadGWDetect /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v PerformRouterDiscovery /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirects /t REG_DWORD /d "00000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v BacklogIncrement /t REG_DWORD /d "00000005" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v MaxConnBackLog /t REG_DWORD /d "0x000007d0" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v EnableDynamicBacklog /t REG_DWORD /d "00000001" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MinimumDynamicBacklog /t REG_DWORD /d "00000014" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MaximumDynamicBacklog /t REG_DWORD /d "00007530" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v DynamicBacklogGrowthDelta /t REG_DWORD /d "0x0000000a" /f
Rem Close port 445
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v SMBDeviceEnabled /t REG_DWORD /d "00000000" /f
Rem Close port 135
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole" /v EnableDCOM /t REG_SZ /d "N" /f
Rem prohibits the generation and deletion of dump file
The Rem dump file is a useful document to find problems when the system crashes and blue screen. However, it can also provide hackers with some sensitive information such as passwords for some applications.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 00000000 /f
attrib %SystemRoot%\ -s -r -h
del %SystemRoot%\ /s /q /f
Echo has been dealt with against DDOS flood attacks! Now it will automatically move to the next step to continue execution...
CLS
Echo is importing Changlai.com's dedicated security policy, please wait...
netsh ipsec static importpolicy
netsh ipsec static set policy name="Changlai.com’s dedicated security policy" assign=y
Rem Import Changlai.com's dedicated group strategy
secedit /configure /db /cfg /quiet
del
Echo has completed the import of Changlai.com's dedicated security policy! Now it will automatically move to the next step to continue execution...
CLS
Echo is restarting IIS to make the settings take effect, please wait...
The Echo IIS service has been restarted!
Echo has fully automatic server security settings. Now press any key to return and select other operations to continue...
PAUSE >nul
Goto start
:lock
,LockWorkStation
Goto start
:logoff
logoff
:End
Exit
Package file download