Copy Code code as follows:
@echo off
Echo----------------------------------
echo----Backing up the registry later ...----
Echo----------------------------------
REG EXPORT "HKEY_LOCAL_MACHINE" C:/reg_backup.reg
Echo----------------------
Echo----Registry backup complete----
Echo----------------------
Ping 127.0.0.1-n 3 >nul
Echo-----------------------------------
echo----Security Configuration is rewriting please wait ...----
Echo-----------------------------------
@ping 127.0.0.1-n 3 >nul
Echo----------------------
The echo----is disabling a NULL connection----
Echo----------------------
REG ADD hkey_local_machine\system\currentcontrolset\control\lsa/v restrictanonymous/t reg_dword/d 1/f
Echo--------------------------
echo----Disable NULL connection settings----
Echo--------------------------
@ping 127.0.0.1-n 3 >nul
Echo------------------------
echo----deleting default share----
Echo------------------------
REG ADD hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters/v autoshareserver/t REG_DWORD /d 0/f
Echo----------------------------
echo----Delete default share settings----
Echo----------------------------
@ping 127.0.0.1-n 3 >nul
Echo------------------------------
echo----Modifying TTL value later ...----
Echo------------------------------
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v defaultttl/t reg_dword/d 53/f
Echo-------------------
echo----TTL has been modified----
Echo-------------------
@ping 127.0.0.1-n 3 >nul
Echo-----------------------
echo----Prevent SYN flood attacks----
Echo-----------------------
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v synattackprotect/t reg_dword/d 2/f
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v enablepmtudiscovery/t reg_dword/d 0 /F
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v nonamereleaseondemand/t REG_DWORD/ D 1/f
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v enabledeadgwdetect/t reg_dword/d 0/ F
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v keepalivetime/t reg_dword/d 300000/ F
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v performrouterdiscovery/t REG_DWORD /d 0/f
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v enableicmpredirects/t reg_dword/d 0 /F
Echo-------------------------------
echo----Prevent SYN flood attack set----
Echo-------------------------------
@ping 127.0.0.1-n 3 >nul
Echo------------------------------
Echo------------------------------
echo----system service Modification----
Echo------------------------------
Echo------------------------------
@ping 127.0.0.1-n 3 >nul
Echo--------------------
echo----Modify port 3389----
Echo--------------------
REG ADD "hkey_local_machine\system\currentcontrolset\control\terminal server\wds dpwd\tds\tcp"/V portnumber/t reg_ DWORD/D 44454/f
REG ADD "hkey_local_machine\system\currentcontro1set\control\tenninal server\winstations\rdp\tcp"/V portnumber/t REG_DWORD/D 44454/f
Echo--------------------
echo----Modify Port----
Echo--------------------
@ping 127.0.0.1-n 3 >nul
Echo-------------------------------------
echo----is opening the system firewall please ...----
Echo-------------------------------------
sc config sharedaccess start= Auto & net start sharedaccess
Echo------------------------
Echo----System Firewall is open----
Echo------------------------
@ping 127.0.0.1-n 3 >nul
Echo----------------------------
echo----shutting down the shared Print service----
Echo----------------------------
@sc config Spooler start= disabled
sc config LanManServer start= disabled
sc config LmHosts start= disabled
Echo--------------------------
echo----The shared Print service is turned off----
Echo--------------------------
@ping 127.0.0.1-n 3 >nul
Echo----------------------------
echo----is shutting down the Remote Assistance service----
Echo----------------------------
@sc config rdsessmgr start= disabled
Echo--------------------------
echo----has turned off Remote Assistance services----
Echo--------------------------
@ping 127.0.0.1-n 3 >nul
Echo------------------------------
echo----shutting down the Remote Registry service----
Echo------------------------------
@sc config remoteregistry start= disabled
Echo----------------------------
echo----The Remote Registry service is turned off----
Echo----------------------------
@ping 127.0.0.1-n 3 >nul
Echo----------------------------
echo----Turn off automatic hardware playback notifications----
Echo----------------------------
sc config shellhwdetection start= disabled
Echo-----------------------
echo----AutoPlay notification is off---
Echo-----------------------
@ping 127.0.0.1-n 3 >nul
Echo----------------------------------------
echo----is shutting down the START process service under alternate credentials----
Echo----------------------------------------
sc config Seclogon start= disabled
Echo--------------------------
echo----The START process service is turned off----
Echo--------------------------
@ping 127.0.0.1-n 3 >nul
Echo------------------------------------
echo----automatic configuration of the IEEE 802.11 adapter----
Echo------------------------------------
sc config wzcsvc start= disabled
Echo------------------
echo----has the IEEE----turned off
Echo------------------
@ping 127.0.0.1-n 3 >nul
Echo--------------------------
echo----Client tracking service shutdown----
Echo--------------------------
sc config trksvr start= disabled
sc config MSDTC start= disabled
Echo----------------------------
echo----has closed the client tracking service----
Echo----------------------------
@ping 127.0.0.1-n 3 >nul
Echo--------------------
echo----Help Center off----
Echo--------------------
sc config helpsvc start= disabled
Echo--------------------------
echo----The Help Center service is turned off----
Echo--------------------------
@ping 127.0.0.1-n 3 >nul
Echo--------------------------------
Echo--------------------------------
echo----System Permissions Reinforcement----
Echo--------------------------------
Echo--------------------------------
Echo-------------------------------------------------------
echo----C disk (System disk) (Administrators,system Full Control)----
Echo-------------------------------------------------------
cacls c:\/t/c/g administrators:f system:f
Echo-------------------------------------------
echo----Common Files (Everyone user read-only permission)----
Echo-------------------------------------------
Cacls "C:\Program Files\Common Files"/t/e/c/g everyone:r
Echo-------------------------------------------------------------
echo----IIS Temporary compressed Files (everyone user changes permissions)----
Echo-------------------------------------------------------------
Cacls "C:\WINDOWS\IIS Temporary compressed Files"/t/e/c/g everyone:c
Echo--------------------------------------------
echo----Microsoft.NET (everyone user read-only permission)----
Echo--------------------------------------------
Cacls c:\windows\microsoft.net/t/e/c/g everyone:r
Echo------------------------------------------------------
echo----temporary asp.net Files (everyone user changes permissions)----
Echo------------------------------------------------------
Cacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary asp.net Files"/t/e/c/g everyone:c
Echo------------------------------------------------------
echo----temporary asp.net Files (everyone user changes permissions)----
Echo------------------------------------------------------
Cacls "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary asp.net Files"/t/e/c/g everyone:c
Echo-------------------------------------------
echo----Registration (Everyone user Read permission)----
Echo-------------------------------------------
Cacls c:\windows\registration/t/e/c/g everyone:r
Echo-----------------------------------
echo----Temp (everyone user changes permissions)----
Echo-----------------------------------
Cacls c:\windows\temp/t/e/c/g everyone:c
Echo-------------------
@echo off
Echo----------------------------------
echo----Backing up the registry later ...----
Echo----------------------------------
REG EXPORT "HKEY_LOCAL_MACHINE" C:/reg_backup.reg
Echo----------------------
Echo----Registry backup complete----
Echo----------------------
Ping 127.0.0.1-n 3 >nul
Echo-----------------------------------
echo----Security Configuration is rewriting please wait ...----
Echo-----------------------------------
@ping 127.0.0.1-n 3 >nul
Echo----------------------
The echo----is disabling a NULL connection----
Echo----------------------
REG ADD hkey_local_machine\system\currentcontrolset\control\lsa/v restrictanonymous/t reg_dword/d 1/f
Echo--------------------------
echo----Disable NULL connection settings----
Echo--------------------------
@ping 127.0.0.1-n 3 >nul
Echo------------------------
echo----deleting default share----
Echo------------------------
REG ADD hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters/v autoshareserver/t REG_DWORD /d 0/f
Echo----------------------------
echo----Delete default share settings----
Echo----------------------------
@ping 127.0.0.1-n 3 >nul
Echo------------------------------
echo----Modifying TTL value later ...----
Echo------------------------------
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v defaultttl/t reg_dword/d 53/f
Echo-------------------
echo----TTL has been modified----
Echo-------------------
@ping 127.0.0.1-n 3 >nul
Echo-----------------------
echo----Prevent SYN flood attacks----
Echo-----------------------
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v synattackprotect/t reg_dword/d 2/f
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v enablepmtudiscovery/t reg_dword/d 0 /F
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v nonamereleaseondemand/t REG_DWORD/ D 1/f
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v enabledeadgwdetect/t reg_dword/d 0/ F
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v keepalivetime/t reg_dword/d 300000/ F
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v performrouterdiscovery/t REG_DWORD /d 0/f
REG ADD hkey_local_machine\system\currentcontrolset\services\tcpip\parameters/v enableicmpredirects/t reg_dword/d 0 /F
Echo-------------------------------
echo----Prevent SYN flood attack set----
Echo-------------------------------
@ping 127.0.0.1-n 3 >nul
Echo------------------------------
Echo------------------------------
echo----system service Modification----
Echo------------------------------
Echo------------------------------
@ping 127.0.0.1-n 3 >nul
Echo--------------------
echo----Modify port 3389----
Echo--------------------
REG ADD "hkey_local_machine\system\currentcontrolset\control\terminal server\wds dpwd\tds\tcp"/V portnumber/t reg_ DWORD/D 44454/f
REG ADD "hkey_local_machine\system\currentcontro1set\control\tenninal server\winstations\rdp\tcp"/V portnumber/t REG_DWORD/D 44454/f
Echo--------------------
echo----Modify Port----
Echo--------------------
@ping 127.0.0.1-n 3 >nul
Echo-------------------------------------
echo----is opening the system firewall please ...----
Echo-------------------------------------
sc config sharedaccess start= Auto & net start sharedaccess
Echo------------------------
Echo----System Firewall is open----
Echo------------------------
@ping 127.0.0.1-n 3 >nul
Echo----------------------------
echo----shutting down the shared Print service----
Echo----------------------------
@sc config Spooler start= disabled
sc config LanManServer start= disabled
sc config LmHosts start= disabled
Echo--------------------------
echo----The shared Print service is turned off----
Echo--------------------------
@ping 127.0.0.1-n 3 >nul
Echo----------------------------
echo----is shutting down the Remote Assistance service----
Echo----------------------------
@sc config rdsessmgr start= disabled
Echo--------------------------
echo----has turned off Remote Assistance services----
Echo--------------------------
@ping 127.0.0.1-n 3 >nul
Echo------------------------------
echo----shutting down the Remote Registry service----
Echo------------------------------
@sc config remoteregistry start= disabled
Echo----------------------------
echo----The Remote Registry service is turned off----
Echo----------------------------
@ping 127.0.0.1-n 3 >nul
Echo----------------------------
echo----Turn off automatic hardware playback notifications----
Echo----------------------------
sc config shellhwdetection start= disabled
Echo-----------------------
echo----AutoPlay notification is off---
Echo-----------------------
@ping 127.0.0.1-n 3 >nul
Echo----------------------------------------
echo----is shutting down the START process service under alternate credentials----
Echo----------------------------------------
sc config Seclogon start= disabled
Echo--------------------------
echo----The START process service is turned off----
Echo--------------------------
@ping 127.0.0.1-n 3 >nul
Echo------------------------------------
echo----automatic configuration of the IEEE 802.11 adapter----
Echo------------------------------------
sc config wzcsvc start= disabled
Echo------------------
echo----has the IEEE----turned off
Echo------------------
@ping 127.0.0.1-n 3 >nul
Echo--------------------------
echo----Client tracking service shutdown----
Echo--------------------------
sc config trksvr start= disabled
sc config MSDTC start= disabled
Echo----------------------------
echo----has closed the client tracking service----
Echo----------------------------
@ping 127.0.0.1-n 3 >nul
Echo--------------------
echo----Help Center off----
Echo--------------------
sc config helpsvc start= disabled
Echo--------------------------
echo----The Help Center service is turned off----
Echo--------------------------
@ping 127.0.0.1-n 3 >nul
Echo--------------------------------
Echo--------------------------------
echo----System Permissions Reinforcement----
Echo--------------------------------
Echo--------------------------------
Echo-------------------------------------------------------
echo----C disk (System disk) (Administrators,system Full Control)----
Echo-------------------------------------------------------
cacls c:\/t/c/g administrators:f system:f
Echo-------------------------------------------
echo----Common Files (Everyone user read-only permission)----
Echo-------------------------------------------
Cacls "C:\Program Files\Common Files"/t/e/c/g everyone:r
Echo-------------------------------------------------------------
echo----IIS Temporary compressed Files (everyone user changes permissions)----
Echo-------------------------------------------------------------
Cacls "C:\WINDOWS\IIS Temporary compressed Files"/t/e/c/g everyone:c
Echo--------------------------------------------
echo----Microsoft.NET (everyone user read-only permission)----
Echo--------------------------------------------
Cacls c:\windows\microsoft.net/t/e/c/g everyone:r
Echo------------------------------------------------------
echo----temporary asp.net Files (everyone user changes permissions)----
Echo------------------------------------------------------
Cacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary asp.net Files"/t/e/c/g everyone:c
Echo------------------------------------------------------
echo----temporary asp.net Files (everyone user changes permissions)----
Echo------------------------------------------------------
Cacls "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary asp.net Files"/t/e/c/g everyone:c
Echo-------------------------------------------
echo----Registration (Everyone user Read permission)----
Echo-------------------------------------------
Cacls c:\windows\registration/t/e/c/g everyone:r
Echo-----------------------------------
echo----Temp (everyone user changes permissions)----
Echo-----------------------------------
Cacls c:\windows\temp/t/e/c/g everyone:c
Echo-------------------
Echo----assembly (everyone user Read permission)----
Echo---------------------------------------
Cacls c:\windows\assembly/t/e/c/g everyone:r
Echo-------------------------------------
echo----WinSxS (everyone user Read permission)----
Echo-------------------------------------
Cacls c:\windows\winsxs/t/e/c/g everyone:r
Echo------------------------------------
echo----Fonts (everyone user Read permission)----
Echo------------------------------------
Cacls c:\windows\fonts/t/e/c/g everyone:r
Echo---------------------------------------
echo----System32 (everyone user Read permission)----
Echo---------------------------------------
Cacls c:\windows\system32/t/e/c/g everyone:r
Echo------------------------------------------
echo----MSDTC (NetworkService user to change permissions)----
Echo------------------------------------------
Cacls c:\windows\system32\msdtc/t/e/c/g networkservice:c
Echo-----------------------------------------------------
echo----ASP Compiled Templates (Everyone user changes permissions)----
Echo-----------------------------------------------------
Cacls "C:\WINDOWS\system32\inetsrv\ASP Compiled Templates"/t/e/c/g everyone:c
Echo------------------------------------
echo----*.exe (remove everyone user rights)----
Echo------------------------------------
Cacls c:\windows\system32\*.exe/e/c/r Everyone
Echo------------------------------------
echo----Cmd.exe (remove System user rights)----
Echo------------------------------------
CACLS c:\windows\system32\cmd.exe/e/C/R System
Echo------------------------------------
echo----Net.exe (remove System user rights)----
Echo------------------------------------
Cacls C:\WINDOWS\System32 et.exe/e/c/r System
Echo-------------------------------------
echo----Net1.exe (remove System user rights)----
Echo-------------------------------------
Cacls C:\WINDOWS\System32 et1.exe/e/c/r System
Echo----------------------------------------
echo----Msdtc.exe (everyone user Read permission)----
Echo----------------------------------------
Cacls c:\windows\system32\msdtc.exe/e/c/g Everyone:r
Echo------------------------------------------
echo----Dllhost.exe (everyone user Read permission)----
Echo------------------------------------------
Cacls c:\windows\system32\dllhost.exe/e/c/g Everyone:r
Echo------------------------------------------
echo----Svchost.exe (everyone user Read permission)----
Echo------------------------------------------
Cacls c:\windows\system32\svchost.exe/e/c/g Everyone:r
Echo--------------------
Echo--------------------
echo----System reinforced----
Echo--------------------
Echo--------------------
@ping 127.0.0.1-n 3 >nul
Echo-----------------------------
echo----security settings are complete and welcome to use----
Echo-----------------------------
Echo------------------
echo----Reboot the server----
Echo------------------
@ping 127.0.0.1
Shutdown-r
@pause
Save the above code as 1.cmd or 1.bat, and double-click to run it.