Deal with server security in batch processing in half a minute

Save the following as a bat file. xcacls. vbs is also required for running and can be downloaded online.
 
: Www.2cto.com disable the WS command line component
Regsvr32/s wshom. ocx
 
: Prevents WINDOWS vulnerabilities from [Sticky Keys]. "This is a history of the coolest WINDOWS Background sethc.exe"
 
Cscript.exe xcacls. vbs "% SystemRoot %/system32/sethc.exe"/D Everyone: M/E
Cscript.exe xcacls. vbs "% SystemRoot %/ServicePackFiles/i386/sethc.exe"/D Everyone: M/E
 
: Delete system32
Pptools. dll: Create npptools. dll and set it to read-only. permission restrictions can prevent all arp viruses.
 
Del % SystemRoot % system32
Pptools. dll/A/F/Q
Dir % SystemRoot % system32com> % SystemRoot % system32
Pptools. dll
Attrib + R + S + H % SystemRoot % system32
Pptools. dll
Cscript.exe xcacls. vbs "% SystemRoot %/system32/npptools. dll"/D Everyone: M/E
 
: Delete system32packet. dll and set packet. dll to read-only. permission restrictions can prevent all arp viruses.
 
Del % SystemRoot % system32packet. dll/A/F/Q
Dir % SystemRoot % system32com> % SystemRoot % system32packet. dll
Attrib + R + S + H % SystemRoot % system32packet. dll
Cscript.exe xcacls. vbs "% SystemRoot %/system32/packet. dll"/D Everyone: M/E
 
: Delete system32pthreadVC. dll and set pthreadVC. dll to read-only. permission restrictions can prevent all arp viruses.
 
Del % SystemRoot % system32pthreadVC. dll/A/F/Q
Dir % SystemRoot % system32com> % SystemRoot % system32pthreadVC. dll
Attrib + R + S + H % SystemRoot % system32pthreadVC. dll
Cscript.exe xcacls. vbs "% SystemRoot %/system32/pthreadVC. dll"/D Everyone: M/E
 
: Delete system32wpcap. dll, and set new wpcap. dll to read-only. permission restrictions can prevent all arp viruses.
 
Del % SystemRoot % system32wpcap. dll/A/F/Q
Dir % SystemRoot % system32com> % SystemRoot % system32wpcap. dll
Attrib + R + S + H % SystemRoot % system32wpcap. dll
Cscript.exe xcacls. vbs "% SystemRoot %/system32/wpcap. dll"/D Everyone: M/E
 
: Delete system32
Pf. sys: The New npf. sys is set to read-only. permission restrictions can prevent all arp viruses.
 
Del % SystemRoot % system32drivers
Pf. sys/A/F/Q
Dir % SystemRoot % system32com> % SystemRoot % system32drivers
Pf. sys
Attrib + R + S + H % SystemRoot % system32
Pf. sys
Cscript.exe xcacls. vbs "% SystemRoot %/system32/drivers/npf. sys"/D Everyone: M/E
 
Echo disabled loading startup items by restarting and renaming
 
: The execution priority of restart rename is higher than that of the traditional self-start (generally HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows CurrentVersionRun ).
 
After the task is completed, you can delete or rename it back. This method is extremely concealed and cannot be detected by existing security tools.
: The virus is loaded by restarting the rename method, which is located in the Registry HKEY_LOCAL_MACHINESYSTEMControlSet001Control BackupRestoreKeysNotToRestore
 
The Pending Rename Operations string.
 
Reg delete "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager"/v PendingFileRenameOperations/f
 
: Close the event tracking program
Reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTReliability"/v ShutdownReasonOn/t REG_DWORD/d
 
"00000000"/f
 
: Prevent Windows from running the program you specified in this setting.
: If this setting is enabled, you cannot run the programs added to the list of applications that are not allowed.
 
Reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"/v DisallowRun/t REG_DWORD/d
 
"00000001"/f
Reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun"/v login. scr/t REG_SZ
 
/D login. scr/f
Reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun"/v xsiff.exe/t REG_SZ
 
/D xsiff.exe/f
Reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun"/v xsniff.exe/t
 
REG_SZ/d xsniff.exe/f
Reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun"/v sethc.exe/t REG_SZ
 
/D sethc.exe/f
Reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun"/v WinPcap.exe/t
 
REG_SZ/d WinPcap.exe/f
Reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun"/v nc.exe/t REG_SZ/d
 
Nc.exe/f
Reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun"/v SQL .exe/t REG_SZ
 
/D SQL .exe/f
Reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun"/v su.exe/t REG_SZ/d
 
Su.exe/f
 
Regsvr32/s/u wshom. ocx
 
Echo Application Software Restriction group policy to further enhance server security performance!
C:
Cd
Cd "% SystemRoot %/system32/GroupPolicy/Machine"
Copy Registry. pol Registry. old/y
Copy Registry. pol "% SystemRoot %/system32/GroupPolicy/Machine"/y
Gpupdate/force
Echo application restriction group policy setting is complete. Now press any key to return and select another operation to continue...
PAUSE> nul
Exit