windows初始化脚本
搭积木一样弄出来的东西.保存为*.hta格式.
<html>
<head>
<style type="text/css">
<!--
body {
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
font-size: 9pt;
}
.style26 {font-size:9pt}
-->
</style>
<title>Autoset App 2008012102</title>
</head>
<body>
<script type="text/vbscript">
''On Error Resume Next
Dim adminuser
Dim adduser
Dim splitservice
Dim stopservice
Dim i
Dim denyport
Dim allow3389ip
Dim wsh3
Set wsh3=createobject("wscript.shell")
stopservice="lmhosts|dhcp|wmiapsrv|spooler|browser|ersvc|helpsvc|remoteregistry|shellhwdetection|AudioSrv"
denyport="135|137|138|139|445"
filterport="3389"
allow3389ip="222.222.222.177|222.222.222.174|222.222.222.176|222.222.222.175|222.222.222.179|222.222.222.178"
allow3389net="192.168.1.0|192.168.2.0"
strComputer = "."
Const ADS_UF_ACCOUNTDISABLE = &H0002
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
const HKEY_LOCAL_MACHINE = &H80000002
Function documentwrite(str)
document.body.innerHTML=document.body.innerHTML+str
End function
Public Function ClearWindow()
document.body.InnerHTML = ""
End Function
Public Function sysinfo()
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Processor")
''Set colItemsmem = objWMIService.ExecQuery("Select * from Win32_PhysicalMemoryArray",,48)
Set colItemsmem = objWMIService.ExecQuery("Select * from Win32_PhysicalMemory",,48)
document.write "<table border=1 cellspacing=0 cellpadding=0 width=100%><tr><td class=style26>"
For Each objItem in colItems
document.write "<font color=red>cpu info:</font>" _
& "<br>Address Width: " & objItem.AddressWidth _
& "<br>Architecture:" & objItem.Architecture _
& "<br>Availability: " & objItem.Availability _
& "<br>CPU Status: " & objItem.CpuStatus _
& "<br>Current Clock Speed: " & objItem.CurrentClockSpeed _
& "<br>Data Width: " & objItem.DataWidth _
& "<br>Description: " & objItem.Description _
& "<br>Device ID: " & objItem.DeviceID _
& "<br>Ext Clock: " & objItem.ExtClock _
& "<br>Family: " & objItem.Family _
& "<br>L2 Cache Size: " & objItem.L2CacheSize _
& "<br>L2 Cache Speed: " & objItem.L2CacheSpeed _
& "<br>Level: " & objItem.Level _
& "<br>Load Percentage: " & objItem.LoadPercentage _
& "<br><font color=red>Manufacturer: " & objItem.Manufacturer _
& "<br>Maximum Clock Speed: " & objItem.MaxClockSpeed _
& "<br>Name: " & objItem.Name _
& "</font> <br>PNP Device ID: " & objItem.PNPDeviceID _
& "<br>Processor Id: " & objItem.ProcessorId _
& "<br>Processor Type: " & objItem.ProcessorType _
& "<br>Revision: " & objItem.Revision _
& "<br>Role: " & objItem.Role _
& "<br>Socket Designation: " & objItem.SocketDesignation _
& "<br>Status Information: " & objItem.StatusInfo _
& "<br>Stepping: " & objItem.Stepping _
& "<br>Unique Id: " & objItem.UniqueId _
& "<br>Upgrade Method: " & objItem.UpgradeMethod _
& "<br>Version: " & objItem.Version _
& "<br>Voltage Caps: " & objItem.VoltageCaps & "<br><p></td>"
Next
document.write "<td class=style26>"
For Each objItem in colItemsmem
document.write "<font color=red>mem info</font>: " & objItem.Description _
& "<br>Bank Label: " & objItem.BankLabel _
& "<br><font color=red>Capacity: " & objItem.Capacity\1048576 _
& "M</font><br>Data Width: " & objItem.DataWidth _
& "<br>Description: " & objItem.Description _
& "<br>Device Locator: " & objItem.DeviceLocator _
& "<br>Form Factor: " & objItem.FormFactor _
& "<br>Hot Swappable: " & objItem.HotSwappable _
& "<br>Manufacturer: " & objItem.Manufacturer _
& "<br>Memory Type: " & objItem.MemoryType _
& "<br>Name: " & objItem.Name _
& "<br>Part Number: " & objItem.PartNumber _
& "<br>Position In Row: " & objItem.PositionInRow _
& "<br>Speed: " & objItem.Speed _
& "<br>Tag: " & objItem.Tag _
& "<br>Type Detail: " & objItem.TypeDetail & "<br>"
Next
document.write "</td></td></table><input id=runbutton type=button value='Next 2 Step -->config system and apply' onClick=setuserconfig() >"
End Function
Public Function setuserconfig()
ClearWindow()
documentwrite "<font color=red>config parameter: use ""|"" split,example 80|21|339 or 127.0.0.1|192.168.1.0</font><p><br>"
documentwrite "config use lan share:<input type=checkbox name=lansharecheck value='atl-ws-01'><br>"
documentwrite "config administrator username:<input type=text name=adminusername value='Administrator' ><BR>"
documentwrite "config administrator password:<input type=text size=100 name=adminuserpw value='tttt9' ><BR>"
documentwrite "config new user name to add:<input type=text name=addusername value='admin' ><BR>"
documentwrite "config new user password:<input type=text name=adduserpw value='mypassword' ><BR>"
documentwrite "config want to stop service:<INPUT Type=text size=100 name=stopservername value='" & stopservice & "'<br><br>"
''documentwrite "config ipsec lan share port deny:<INPUT Type=text size=100 name=denyports value='" & denyport & "'<br><br>"
documentwrite "config ipsec ip to access 3389 port allow:<INPUT Type=text size=100 name=allowips value='" & allow3389ip & "'<br><br>"
documentwrite "config ipsec net to access 3389 port allow:<INPUT Type=text size=100 name=allownets value='" & allow3389net & "'<br><br>"
documentwrite "config ipfilter access port allow:<INPUT Type=text size=100 name=filterports value='" & filterport & "'<br><br>"
documentwrite "<input id=runbutton2 type=button value='Next 3 Step -->apply this config ' onClick=setusers>"
End Function
Public Function setusers()
adminuser=adminusername.Value
adminwd=adminuserpw.Value
adduser=addusername.Value
addwd=adduserpw.Value
documentwrite "<hr><br>admin name:" & adminuser & "<br>admin password:" & adminwd & "<br>new user name:" & adduser & "<br>new user password:" & addwd
Dim wsh3
Set wsh3=createobject("wscript.shell")
Dim com
call wsh3.run( "net user " & adduser & " /add",0,True)
call wsh3.run( "net user " & adduser & " " & addwd,0,True)
call wsh3.run( "net localgroup administrators " & adduser & " /add",0,True)
Set objUser = GetObject("WinNT://./"&adduser)
If objUser.userFlags And ADS_UF_DONT_EXPIRE_PASSWD Then
documentwrite "<p><p>info:" & adduser & " password already set never invalidation,ignore"
Else
objPasswordNoChangeFlag = objUser.UserFlags XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put "userFlags", objPasswordNoChangeFlag
objUser.SetInfo
End If
call wsh3.run( "net user " & adminuser & " " & adminwd,0,True)
documentwrite "<p></p>===================================<p>"
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName
Set colAccounts = GetObject("WinNT://" & strComputer & "")
colAccounts.Filter = Array("user")
For Each objUser In colAccounts
If objuser.name <> adminuser and objuser.name <> adduser Then
Set objUser = GetObject("WinNT://./" & objUser.Name)
If objUser.UserFlags AND ADS_UF_ACCOUNTDISABLE Then
documentwrite objUser.Name & " already disable,ignore<br>"
Else
documentwrite objuser.name & " now disable<br>"
objaccountdisable = objUser.UserFlags XOR ADS_UF_ACCOUNTDISABLE
objUser.Put "userFlags", objaccountdisable
objUser.SetInfo
End if
End If
Next
wsh3.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions",2,"REG_DWORD"
documentwrite "<br><p>===================================</p><p>autoupdate option done..<br>"
wsh3.RegWrite "HKEY_USERS\.DEFAULT\Control Panel\Desktop\Wallpaper","(None)","REG_SZ"
documentwrite "del wallpaper..<br>"
wsh3.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareServer",0,"REG_DWORD"
documentwrite "autoshare close..<br>"
wsh3.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive",0,"REG_SZ"
wsh3.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE","","REG_SZ"
documentwrite "screensave close..<br>"
wsh3.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxConnectionTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services\fResetBroken",0,"REG_DWORD"
wsh3.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxConnectionTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fResetBroken",0,"REG_DWORD"
documentwrite "terminal servcie time setting..<br>"
Set fso=createobject("scripting.filesystemobject")
Set tf=fso.createtextfile("gp.inf",true):
tf.write("[version]" & vbCrlf & "signature='$CHICAGO$'"& vbCrlf & "[System Access]" & vbCrlf & "PasswordComplexity = 0" & vbCrlf & "LockoutBadCount = 5" & vbCrlf & "ResetLockoutCount = 30" & vbCrlf & "LockoutDuration = 30" & vbCrlf & "[Event Audit]" & vbCrlf & "AuditSystemEvents = 0" & vbCrlf & "AuditLogonEvents = 3" & vbCrlf & "AuditObjectAccess = 0" & vbCrlf & "AuditPrivilegeUse = 2" & vbCrlf & "AuditPolicyChange = 0" & vbCrlf & "AuditAccountManage = 3" & vbCrlf & "AuditProcessTracking = 0" & vbCrlf & "AuditAccountLogon = 3")
tf.close
call wsh3.run( "secedit /configure /db gp.sdb /cfg gp.inf /quiet ",0,True)
call wsh3.run( "gpupdate",0,True)
fso.deletefile ("gp.inf")
fso.deletefile ("gp.sdb")
documentwrite "update gpedit..<br>"
documentwrite "<p></p>===================================<p>"
For Each splitservice In Split (stopservername.value,"|")
call wsh3.run( "sc stop " & splitservice,0,True)
call wsh3.run( "sc config " & splitservice & " start= disabled",0,True)
documentwrite "set service disables: " & splitservice & "<br>"
Next
documentwrite "<p></p>===================================<p>"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objNetworkSettings = objWMIService.Get("Win32_NetworkAdapterConfiguration")
objNetworkSettings.EnableIPFilterSec(True)
documentwrite "enables tcp/ip port filter<br>"
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters"
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
For Each subkey In arrSubKeys
If left(subkey,1)="{" And right(subkey,1)="}" Then
strKEYPathaddress = "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\"& subkey
oReg.GetMultiStringValue HKEY_LOCAL_MACHINE,strKEYPathaddress,"IPAddress",addrvalue
If Left(addrvalue(0),3)="192" Or Left(addrvalue(0),1)="0" Then
documentwrite addrvalue(0) & " is lan Link.ignore filter<br>"
else
strKeyPatht = "SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\"& subkey
strKeyPatht1 = "SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\"& subkey
strKeyPatht2 = "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\"& subkey
strValueName = "TCPAllowedPorts"
''arrStringValues = Array("33892","80","139")
arrStringValues = Split (filterports.value,"|")
oReg.SetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPatht,strValueName,arrStringValues
oReg.SetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPatht1,strValueName,arrStringValues
oReg.SetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPatht2,strValueName,arrStringValues
documentwrite addrvalue(0) & " add allow port in filter:" & filterports.value & "<br>"
End If
End If
Next
documentwrite "<p></p>===================================<p>"
call wsh3.run( "netsh ipsec static delete policy name=""Server (Request Security)""",0,True)
call wsh3.run( "netsh ipsec static delete policy name=""Client (Respond Only)""",0,True)
call wsh3.run( "netsh ipsec static delete policy name=""Secure Server (Require Security)""",0,True)
call wsh3.run( "netsh ipsec static delete policy name=fw",0,True)
call wsh3.run( "netsh ipsec static delete filterlist name=Accessdeny",0,True)
call wsh3.run( "netsh ipsec static delete filterlist name=OpenSomePort",0,True)
call wsh3.run( "netsh ipsec static add policy name=fw",0,True)
call wsh3.run( "netsh ipsec static add filteraction name=permit action=permit",0,True)
call wsh3.run( "netsh ipsec static add filteraction name=deny action=block",0,True)
'' deny port
call wsh3.run( "netsh ipsec static add filterlist name=Accessdeny",0,True)
If lansharecheck.checked=True Then
documentwrite "enable lan share..<br>"
Else
wsh3.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\SmbDeviceEnabled",0,"REG_DWORD"
documentwrite "port 445 close..<br>"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colNetCards = objWMIService.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
For Each objNetCard in colNetCards
objNetCard.SetTCPIPNetBIOS(2)
Next
documentwrite "netbios on tcp/ip close..<br>"
For Each splitport In Split (denyport,"|")
call wsh3.run( "netsh ipsec static add filter filterlist=Accessdeny srcaddr=Any dstaddr=Me dstport=" & splitport & " protocol=TCP",0,True)
call wsh3.run( "netsh ipsec static add filter filterlist=Accessdeny srcaddr=Any dstaddr=Me dstport=" & splitport & " protocol=UDP",0,True)
documentwrite "ipsec deny port:"& splitport & "<br>"
Next
End If
call wsh3.run( "netsh ipsec static add filter filterlist=Accessdeny srcaddr=Any dstaddr=Me dstport=3389 protocol=TCP",0,True)
call wsh3.run( "netsh ipsec static add rule name=DenyAccess policy=iggfw filterlist=Accessdeny filteraction=deny",0,True)
call wsh3.run( "netsh ipsec static add filterlist name=OpenSomePort",0,True)
For Each splitip In Split (allowips.value,"|")
call wsh3.run( "netsh ipsec static add filter filterlist=OpenSomePort srcaddr=" & splitip & " dstaddr=me dstport=3389 protocol=TCP",0,True)
documentwrite "allow port 3389 for ip:" & splitip & "<br>"
Next
For Each splitnet In Split (allownets.value,"|")
call wsh3.run( "netsh ipsec static add filter filterlist=OpenSomePort " & splitnet & " dstaddr=me srcmask=24 dstport=3389 protocol=TCP",0,True)
documentwrite "allow port 3389 for net:" & splitnet & "<br>"
next
call wsh3.run( "netsh ipsec static add rule name=AllowOpenSomePort policy=iggfw filterlist=OpenSomePort filteraction=permit",0,True)
Call wsh3.run("netsh ipsec static set policy name=iggfw assign=y",0,True)
call wsh3.run( "control appwiz.cpl",0,true)
documentwrite "<p></p>===================================<p>"
documentwrite "uninstall app<br>"
documentwrite "<p></p>===================================<p>"
documentwrite "<font color=red>All Done</font>"
End function
Call sysinfo()
</script>
</body>
</html>
<head>
<style type="text/css">
<!--
body {
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
font-size: 9pt;
}
.style26 {font-size:9pt}
-->
</style>
<title>Autoset App 2008012102</title>
</head>
<body>
<script type="text/vbscript">
''On Error Resume Next
Dim adminuser
Dim adduser
Dim splitservice
Dim stopservice
Dim i
Dim denyport
Dim allow3389ip
Dim wsh3
Set wsh3=createobject("wscript.shell")
stopservice="lmhosts|dhcp|wmiapsrv|spooler|browser|ersvc|helpsvc|remoteregistry|shellhwdetection|AudioSrv"
denyport="135|137|138|139|445"
filterport="3389"
allow3389ip="222.222.222.177|222.222.222.174|222.222.222.176|222.222.222.175|222.222.222.179|222.222.222.178"
allow3389net="192.168.1.0|192.168.2.0"
strComputer = "."
Const ADS_UF_ACCOUNTDISABLE = &H0002
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
const HKEY_LOCAL_MACHINE = &H80000002
Function documentwrite(str)
document.body.innerHTML=document.body.innerHTML+str
End function
Public Function ClearWindow()
document.body.InnerHTML = ""
End Function
Public Function sysinfo()
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Processor")
''Set colItemsmem = objWMIService.ExecQuery("Select * from Win32_PhysicalMemoryArray",,48)
Set colItemsmem = objWMIService.ExecQuery("Select * from Win32_PhysicalMemory",,48)
document.write "<table border=1 cellspacing=0 cellpadding=0 width=100%><tr><td class=style26>"
For Each objItem in colItems
document.write "<font color=red>cpu info:</font>" _
& "<br>Address Width: " & objItem.AddressWidth _
& "<br>Architecture:" & objItem.Architecture _
& "<br>Availability: " & objItem.Availability _
& "<br>CPU Status: " & objItem.CpuStatus _
& "<br>Current Clock Speed: " & objItem.CurrentClockSpeed _
& "<br>Data Width: " & objItem.DataWidth _
& "<br>Description: " & objItem.Description _
& "<br>Device ID: " & objItem.DeviceID _
& "<br>Ext Clock: " & objItem.ExtClock _
& "<br>Family: " & objItem.Family _
& "<br>L2 Cache Size: " & objItem.L2CacheSize _
& "<br>L2 Cache Speed: " & objItem.L2CacheSpeed _
& "<br>Level: " & objItem.Level _
& "<br>Load Percentage: " & objItem.LoadPercentage _
& "<br><font color=red>Manufacturer: " & objItem.Manufacturer _
& "<br>Maximum Clock Speed: " & objItem.MaxClockSpeed _
& "<br>Name: " & objItem.Name _
& "</font> <br>PNP Device ID: " & objItem.PNPDeviceID _
& "<br>Processor Id: " & objItem.ProcessorId _
& "<br>Processor Type: " & objItem.ProcessorType _
& "<br>Revision: " & objItem.Revision _
& "<br>Role: " & objItem.Role _
& "<br>Socket Designation: " & objItem.SocketDesignation _
& "<br>Status Information: " & objItem.StatusInfo _
& "<br>Stepping: " & objItem.Stepping _
& "<br>Unique Id: " & objItem.UniqueId _
& "<br>Upgrade Method: " & objItem.UpgradeMethod _
& "<br>Version: " & objItem.Version _
& "<br>Voltage Caps: " & objItem.VoltageCaps & "<br><p></td>"
Next
document.write "<td class=style26>"
For Each objItem in colItemsmem
document.write "<font color=red>mem info</font>: " & objItem.Description _
& "<br>Bank Label: " & objItem.BankLabel _
& "<br><font color=red>Capacity: " & objItem.Capacity\1048576 _
& "M</font><br>Data Width: " & objItem.DataWidth _
& "<br>Description: " & objItem.Description _
& "<br>Device Locator: " & objItem.DeviceLocator _
& "<br>Form Factor: " & objItem.FormFactor _
& "<br>Hot Swappable: " & objItem.HotSwappable _
& "<br>Manufacturer: " & objItem.Manufacturer _
& "<br>Memory Type: " & objItem.MemoryType _
& "<br>Name: " & objItem.Name _
& "<br>Part Number: " & objItem.PartNumber _
& "<br>Position In Row: " & objItem.PositionInRow _
& "<br>Speed: " & objItem.Speed _
& "<br>Tag: " & objItem.Tag _
& "<br>Type Detail: " & objItem.TypeDetail & "<br>"
Next
document.write "</td></td></table><input id=runbutton type=button value='Next 2 Step -->config system and apply' onClick=setuserconfig() >"
End Function
Public Function setuserconfig()
ClearWindow()
documentwrite "<font color=red>config parameter: use ""|"" split,example 80|21|339 or 127.0.0.1|192.168.1.0</font><p><br>"
documentwrite "config use lan share:<input type=checkbox name=lansharecheck value='atl-ws-01'><br>"
documentwrite "config administrator username:<input type=text name=adminusername value='Administrator' ><BR>"
documentwrite "config administrator password:<input type=text size=100 name=adminuserpw value='tttt9' ><BR>"
documentwrite "config new user name to add:<input type=text name=addusername value='admin' ><BR>"
documentwrite "config new user password:<input type=text name=adduserpw value='mypassword' ><BR>"
documentwrite "config want to stop service:<INPUT Type=text size=100 name=stopservername value='" & stopservice & "'<br><br>"
''documentwrite "config ipsec lan share port deny:<INPUT Type=text size=100 name=denyports value='" & denyport & "'<br><br>"
documentwrite "config ipsec ip to access 3389 port allow:<INPUT Type=text size=100 name=allowips value='" & allow3389ip & "'<br><br>"
documentwrite "config ipsec net to access 3389 port allow:<INPUT Type=text size=100 name=allownets value='" & allow3389net & "'<br><br>"
documentwrite "config ipfilter access port allow:<INPUT Type=text size=100 name=filterports value='" & filterport & "'<br><br>"
documentwrite "<input id=runbutton2 type=button value='Next 3 Step -->apply this config ' onClick=setusers>"
End Function
Public Function setusers()
adminuser=adminusername.Value
adminwd=adminuserpw.Value
adduser=addusername.Value
addwd=adduserpw.Value
documentwrite "<hr><br>admin name:" & adminuser & "<br>admin password:" & adminwd & "<br>new user name:" & adduser & "<br>new user password:" & addwd
Dim wsh3
Set wsh3=createobject("wscript.shell")
Dim com
call wsh3.run( "net user " & adduser & " /add",0,True)
call wsh3.run( "net user " & adduser & " " & addwd,0,True)
call wsh3.run( "net localgroup administrators " & adduser & " /add",0,True)
Set objUser = GetObject("WinNT://./"&adduser)
If objUser.userFlags And ADS_UF_DONT_EXPIRE_PASSWD Then
documentwrite "<p><p>info:" & adduser & " password already set never invalidation,ignore"
Else
objPasswordNoChangeFlag = objUser.UserFlags XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put "userFlags", objPasswordNoChangeFlag
objUser.SetInfo
End If
call wsh3.run( "net user " & adminuser & " " & adminwd,0,True)
documentwrite "<p></p>===================================<p>"
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName
Set colAccounts = GetObject("WinNT://" & strComputer & "")
colAccounts.Filter = Array("user")
For Each objUser In colAccounts
If objuser.name <> adminuser and objuser.name <> adduser Then
Set objUser = GetObject("WinNT://./" & objUser.Name)
If objUser.UserFlags AND ADS_UF_ACCOUNTDISABLE Then
documentwrite objUser.Name & " already disable,ignore<br>"
Else
documentwrite objuser.name & " now disable<br>"
objaccountdisable = objUser.UserFlags XOR ADS_UF_ACCOUNTDISABLE
objUser.Put "userFlags", objaccountdisable
objUser.SetInfo
End if
End If
Next
wsh3.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions",2,"REG_DWORD"
documentwrite "<br><p>===================================</p><p>autoupdate option done..<br>"
wsh3.RegWrite "HKEY_USERS\.DEFAULT\Control Panel\Desktop\Wallpaper","(None)","REG_SZ"
documentwrite "del wallpaper..<br>"
wsh3.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareServer",0,"REG_DWORD"
documentwrite "autoshare close..<br>"
wsh3.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive",0,"REG_SZ"
wsh3.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE","","REG_SZ"
documentwrite "screensave close..<br>"
wsh3.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxConnectionTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Terminal Services\fResetBroken",0,"REG_DWORD"
wsh3.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxConnectionTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime",0,"REG_DWORD"
wsh3.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fResetBroken",0,"REG_DWORD"
documentwrite "terminal servcie time setting..<br>"
Set fso=createobject("scripting.filesystemobject")
Set tf=fso.createtextfile("gp.inf",true):
tf.write("[version]" & vbCrlf & "signature='$CHICAGO$'"& vbCrlf & "[System Access]" & vbCrlf & "PasswordComplexity = 0" & vbCrlf & "LockoutBadCount = 5" & vbCrlf & "ResetLockoutCount = 30" & vbCrlf & "LockoutDuration = 30" & vbCrlf & "[Event Audit]" & vbCrlf & "AuditSystemEvents = 0" & vbCrlf & "AuditLogonEvents = 3" & vbCrlf & "AuditObjectAccess = 0" & vbCrlf & "AuditPrivilegeUse = 2" & vbCrlf & "AuditPolicyChange = 0" & vbCrlf & "AuditAccountManage = 3" & vbCrlf & "AuditProcessTracking = 0" & vbCrlf & "AuditAccountLogon = 3")
tf.close
call wsh3.run( "secedit /configure /db gp.sdb /cfg gp.inf /quiet ",0,True)
call wsh3.run( "gpupdate",0,True)
fso.deletefile ("gp.inf")
fso.deletefile ("gp.sdb")
documentwrite "update gpedit..<br>"
documentwrite "<p></p>===================================<p>"
For Each splitservice In Split (stopservername.value,"|")
call wsh3.run( "sc stop " & splitservice,0,True)
call wsh3.run( "sc config " & splitservice & " start= disabled",0,True)
documentwrite "set service disables: " & splitservice & "<br>"
Next
documentwrite "<p></p>===================================<p>"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objNetworkSettings = objWMIService.Get("Win32_NetworkAdapterConfiguration")
objNetworkSettings.EnableIPFilterSec(True)
documentwrite "enables tcp/ip port filter<br>"
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters"
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
For Each subkey In arrSubKeys
If left(subkey,1)="{" And right(subkey,1)="}" Then
strKEYPathaddress = "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\"& subkey
oReg.GetMultiStringValue HKEY_LOCAL_MACHINE,strKEYPathaddress,"IPAddress",addrvalue
If Left(addrvalue(0),3)="192" Or Left(addrvalue(0),1)="0" Then
documentwrite addrvalue(0) & " is lan Link.ignore filter<br>"
else
strKeyPatht = "SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\"& subkey
strKeyPatht1 = "SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\"& subkey
strKeyPatht2 = "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\"& subkey
strValueName = "TCPAllowedPorts"
''arrStringValues = Array("33892","80","139")
arrStringValues = Split (filterports.value,"|")
oReg.SetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPatht,strValueName,arrStringValues
oReg.SetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPatht1,strValueName,arrStringValues
oReg.SetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPatht2,strValueName,arrStringValues
documentwrite addrvalue(0) & " add allow port in filter:" & filterports.value & "<br>"
End If
End If
Next
documentwrite "<p></p>===================================<p>"
call wsh3.run( "netsh ipsec static delete policy name=""Server (Request Security)""",0,True)
call wsh3.run( "netsh ipsec static delete policy name=""Client (Respond Only)""",0,True)
call wsh3.run( "netsh ipsec static delete policy name=""Secure Server (Require Security)""",0,True)
call wsh3.run( "netsh ipsec static delete policy name=fw",0,True)
call wsh3.run( "netsh ipsec static delete filterlist name=Accessdeny",0,True)
call wsh3.run( "netsh ipsec static delete filterlist name=OpenSomePort",0,True)
call wsh3.run( "netsh ipsec static add policy name=fw",0,True)
call wsh3.run( "netsh ipsec static add filteraction name=permit action=permit",0,True)
call wsh3.run( "netsh ipsec static add filteraction name=deny action=block",0,True)
'' deny port
call wsh3.run( "netsh ipsec static add filterlist name=Accessdeny",0,True)
If lansharecheck.checked=True Then
documentwrite "enable lan share..<br>"
Else
wsh3.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\SmbDeviceEnabled",0,"REG_DWORD"
documentwrite "port 445 close..<br>"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colNetCards = objWMIService.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
For Each objNetCard in colNetCards
objNetCard.SetTCPIPNetBIOS(2)
Next
documentwrite "netbios on tcp/ip close..<br>"
For Each splitport In Split (denyport,"|")
call wsh3.run( "netsh ipsec static add filter filterlist=Accessdeny srcaddr=Any dstaddr=Me dstport=" & splitport & " protocol=TCP",0,True)
call wsh3.run( "netsh ipsec static add filter filterlist=Accessdeny srcaddr=Any dstaddr=Me dstport=" & splitport & " protocol=UDP",0,True)
documentwrite "ipsec deny port:"& splitport & "<br>"
Next
End If
call wsh3.run( "netsh ipsec static add filter filterlist=Accessdeny srcaddr=Any dstaddr=Me dstport=3389 protocol=TCP",0,True)
call wsh3.run( "netsh ipsec static add rule name=DenyAccess policy=iggfw filterlist=Accessdeny filteraction=deny",0,True)
call wsh3.run( "netsh ipsec static add filterlist name=OpenSomePort",0,True)
For Each splitip In Split (allowips.value,"|")
call wsh3.run( "netsh ipsec static add filter filterlist=OpenSomePort srcaddr=" & splitip & " dstaddr=me dstport=3389 protocol=TCP",0,True)
documentwrite "allow port 3389 for ip:" & splitip & "<br>"
Next
For Each splitnet In Split (allownets.value,"|")
call wsh3.run( "netsh ipsec static add filter filterlist=OpenSomePort " & splitnet & " dstaddr=me srcmask=24 dstport=3389 protocol=TCP",0,True)
documentwrite "allow port 3389 for net:" & splitnet & "<br>"
next
call wsh3.run( "netsh ipsec static add rule name=AllowOpenSomePort policy=iggfw filterlist=OpenSomePort filteraction=permit",0,True)
Call wsh3.run("netsh ipsec static set policy name=iggfw assign=y",0,True)
call wsh3.run( "control appwiz.cpl",0,true)
documentwrite "<p></p>===================================<p>"
documentwrite "uninstall app<br>"
documentwrite "<p></p>===================================<p>"
documentwrite "<font color=red>All Done</font>"
End function
Call sysinfo()
</script>
</body>
</html>
搜索
分类
同游
呓语
链接
统计
来源