Windows 2003 Server directory security permission settings diagram

, installation of the system

1, according to the WINDOWS2003 installation CD-ROM prompts installation, by default, 2003 did not install IIS6.0 installed in the system.

2, the installation of IIS6.0

Start Menu-> Control Panel-> Add or Remove Programs-> Add/Remove Windows Components

Application ——— ASP. NET (optional)

|--Enable network COM + access (required)

|--internet Information Services (IIS) ——— Internet Information Services Manager (required)

|--Public files (required)

|--World Wide Web service ——— Active Server pages (required)

|--internet data connector (optional)

|--webdav Release (optional)

|--WWW service (required)

|--on server-side include file (optional)

Then click OK-> next installation. (see annex 1 of this article)

3, the System Patch update

Click Start Menu-> All Programs->windows update

Follow the prompts to install the patches.

4. Backup system

Use Ghost to back up the system.

5, the installation of commonly used software

For example: Anti-Virus software, decompression software, etc. after installation, configure anti-virus software, scanning system vulnerabilities, after installation with Ghost again back up the system.

6. First turn off unwanted ports open firewall import IPSec policy

In "Network Connections", delete all the unwanted protocols and services, install only basic Internet Protocol (TCP/IP), and install the QoS Packet Scheduler in addition to the bandwidth flow service. In Advanced TCP/IP Settings--"NetBIOS" setting disables NetBIOS (S) on TCP/IP. In the advanced option, use Internet Connection Firewall, which is a firewall with Windows 2003, not in the 2000 system, although not functional, but can screen ports, so that has basically reached an IPSec function.

Modify 3389 Remote connection ports

Modify your registry.

Start--run--regedit

Expand hkey_local_machine/system/currentcontrolset/control/Sequentially

TERMINAL server/wds/rdpwd/tds/tcp

PortNumber to the port number you want to use in the right key value. Note The use of decimal (example 10000)

Hkey_local_machine/system/currentcontrolset/control/terminal server/

winstations/rdp-tcp/

PortNumber to the port number you want to use in the right key value. Note The use of decimal (example 10000)

Note: Don't forget to WINDOWS2003 the firewall with the + 10000 port

The modification is complete. Reboot the server. setting takes effect.

Second, user security settings

1. Disable Guest Account

Disable the Guest account in a computer-managed user. For insurance purposes, it's a good idea to add a complex password to the guest. You can open Notepad, enter a string of long strings containing special characters, numbers, letters, and then handcuff it as the Guest user's password.

2. Restrict unnecessary users

Remove all duplicate user users, test users, shared users, and so on. User Group Policy sets the appropriate permissions and frequently checks the users of the system to remove users that are no longer in use. Many of these users are a breakthrough for hackers to hack into their systems.

3, the system administrator account name

As you all know, Windows 2003 administrator users cannot be deactivated, which means that others can try this user's password over and over again. Try to disguise it as a regular user, such as GUESYCLUDX.

4. Create a trap user

What is a trap user? That is, create a local user named "Administrator", set it to the minimum, do nothing, and add a super complex password of over 10 bits. This would allow those hacker to be busy for a while to discover their invasion attempts. The following figure administrator is no longer an administrator and a trap user.

5. Change the permissions of shared files from Everyone group to authorized users

Do not set the users who share files to the Everyone group, including print sharing, the default attribute is "Everyone" group, must not forget to change.

6. Open User Policy

Using User policy, set the Reset user lockout counter time to 20 minutes, user lockout time is 20 minutes, user lockout threshold is 3 times. (This entry is optional)

7, do not allow the system to display the last logged-on user name

By default, the last Logged-on user name is displayed in the logon dialog box. This makes it easy for others to get some user names for the system and then make password guesses. Modify the registry to not allow the last Logged-on user name to appear in the dialog box. To do this: Open Registry Editor and locate the registry Hklmsoftwaremicrosoft Windows Tcurrentversion
Winlogondont-displaylastusername ", change the key value of REG_SZ to 1.

Password security settings

1, the use of security code

Some corporate administrators often create accounts with the company name, computer name, and then set the password too simple, such as "Welcome" and so on. Therefore, pay attention to the complexity of the password, but also remember to change the password frequently.

2, set the screen protection password

This is a very simple and necessary operation. Setting up a screen saver password is also a barrier to preventing internal personnel from destroying the server.

3. Open Password Policy

Note Applying password policies, such as enabling password complexity requirements, setting a minimum password length of 6 digits, setting the mandatory password history of 5 times, 42 days.

4. Consider using a smart card instead of a password

For passwords, always make the security administrator dilemma, password settings are easy to attack hackers, password settings complex and easy to forget. If conditions permit, it is a good solution to use smart cards instead of complex passwords.

Third, the System permissions settings

1. Disk Permissions (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings)

system disk and all disks only give full control to the Administrators group and system

system disk The documents and Settings directory only gives full control to the Administrators group and system

system disk The documents and Settingsall Users directory only gives full control to the Administrators group and system

System disk WindowsSystem32cacls.exe, Cmd.exe, Net.exe, Net1.exe, Ftp.exe,
Tftp.exe, Telnet.exe, Netstat.exe, Regedit.exe, At.exe, Attrib.exe, Format.com,
Del file only gives full control of the Administrators group and system

Transfer System32cmd.exe, Format.com, Ftp.exe to another directory or rename

Some directories under Documents and settings are set to Adinistrators permissions only. And to view a single directory, including all subdirectories below.

Delete C:inetpub Directory

2. Local Security policy settings

Start Menu-> Administration Tools-> Local Security Policy

A, local policy--> audit policy

Audit policy Change failed successfully

Audit logon event failed successfully

Audit object access failed

Audit process Tracking No audit

Audit directory service access failed

Audit privilege usage failed

Audit system Event failed successfully

Audit account logon event failed successfully

Audit account Management failed successfully

B, local policy--> user Rights Assignment

Shutdown system: Only Administrators group, all other delete.

Allow login via Terminal Services: Only join Administrators,remote Desktop Users group, all others deleted

C, Local policy--> security options

Interactive login: Do not display last user name enabled

Network access: Do not allow anonymous enumeration of SAM accounts and shares to enable

Network access: Enable for network authentication store credentials is not allowed

Network access: All shares that can be accessed anonymously are deleted

Network access: Anonymous access to all of the lives deleted

Network access: Remote access to the registry path all deleted

Network access: Remotely accessible registry paths and subpath Delete all

Account: Rename guest account rename an account

Accounts: Renaming a system administrator account renaming an account

3. Disable unnecessary service start-run-services.msc (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)

Tcp/ipnetbios Helper provides support for NetBIOS and NetBIOS name resolution on clients on the TCP/IP service so that users can share

file, print, and log on to the network

Server supports this computer to share file, print, and named pipes across the network

Computer Browser maintains the latest list of computers on the network and provides this list

Task Scheduler allows a program to run at a specified time

NET SEND and Alarm service messages between the Messenger transport client and the server

Distributed file System: LAN management shared files, no need to disable

Distributed linktracking client: For LAN update connection information, no need to disable

Error Reporting Service: Prohibit sending errors report

Microsoft serch: Provides fast word search without the need to disable

Ntlmsecuritysupportprovide:telnet Service and Microsoft Serch, no need to disable

Printspooler: If there are no printers to disable

Remote Registry: Disable the registry from being modified remotely

Remote Desktop help session Manager: No distance assistance

Remote NET command does not list user group if Workstation is closed

These are disabled in services that are started by default on the Windows Server 2003 system, and the default disabled service does not start if it is not specifically needed.

4. Modify the Registration Form (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)

Modify the registry to make your system stronger

4.1, hidden important files/directories can modify the registry to achieve complete hiding (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Current-versionexploreradvancedfolderhi-ddenshowall ", right mouse click" CheckedValue ", select Modify, change the value from 1 to 0

4.2. Prevent SYN Flood attack (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)

Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters

New DWORD value, named SynAttackProtect, with a value of 2

New EnablePMTUDiscovery REG_DWORD 0

New NoNameReleaseOnDemand REG_DWORD 1

New EnableDeadGWDetect REG_DWORD 0

New KeepAliveTime REG_DWORD 300,000

New PerformRouterDiscovery REG_DWORD 0

New Enableicmpredirects REG_DWORD 0

4.3. Prohibit response to ICMP routing notification packets (as set out below, we have written a cmd script, copy Run as required can be replaced by the following manual settings,)

Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters
Interfacesinterface

Creates a new DWORD value with the name PerformRouterDiscovery value of 0

4.4. Prevent ICMP redirect packets from attacking

Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters

Set the Enableicmpredirects value to 0

4.5. Do not support IGMP protocol (as set out below, we have written a cmd script, copy Run as required can replace the following manual settings,)

Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters

Creates a new DWORD value with the name IGMPLevel value of 0

4.6, prohibit the IPC null connection (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)

Cracker can use the net using command to establish an empty connection, and then intrusion, and net View,nbtstat these are based on the null connection, the prohibition of NULL connection is good.

Local_machinesystemcurrentcontrolsetcontrollsa-restrictanonymous change this value to "1".

4.7. Change TTL value

Cracker can approximate your operating system based on a ping-back TTL value, such as:

ttl=107 (WINNT);

TTL=108 (Win2000);

ttl=127 or 128 (Win9x);

ttl=240 or 241 (Linux);

ttl=252 (Solaris);

ttl=240 (Irix);

In fact, you can change it yourself: hkey_local_machinesystemcurrentcontrolsetservices
Tcpip Parameters:defaultttl REG_DWORD 0-0xff (0-255 decimal, default value 128) into a baffling number, such as 258, at least let those little rookie halo half, this is not necessary to give up the invasion you OH

4.8. Delete the default share (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)

I've been asked to share all the disks when I turn it on, and after that, the reboot has become a shared thing, and this is the default shared by 2K for management, hkey_local_machinesystemcurrentcontrolsetservices
The Lanmanserverparameters:autoshareserver type is REG_DWORD, change the value to 0.

4.9. Prohibit the establishment of a null connection (The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)

By default, any user who connects to the server through an empty connection, then enumerates the account number and guesses the password. We can disable the establishment of a null connection by modifying the registry:

The local_machinesystemcurrentcontrolsetcontrollsa-restrictanonymous value is changed to "1".

4.10. Create a notepad and fill in the following code. Save as *.bat and add to startup Project

NET share C $/del

NET share d$/del

NET share e$/del

NET share f$/del

NET share ipc$/del

NET share admin$/del

5. IIS Site Settings:

5.1, the IIS directory and data and system disk separate, saved in the dedicated disk space.

5.2. Enable Parent Path

5.3. Delete any unmapped mappings that are not required in IIS Manager (keep the necessary mappings such as ASP, aspx HTML htm, etc.)

5.4. HTTP404 Object not found error page is redirected to a custom HTM file via URL in IIS

5.5, Web site permissions settings (recommended)

Read permission

Write not allowed

Script source access is not allowed

Directory browsing recommended shutdown

Log access recommended shutdown

Index Resource recommended shutdown

Perform the recommended selection of "Pure script"

5.6, the proposed use of the WWW expansion log file format, Daily Record of customer IP address, user name, server port, method, Uri Word root, HTTP status, user agent, and every day to review the log. (It is best not to use the default directory, it is recommended to replace a log path, and to set access to the log, allowing only administrators and system for full Control).

5.7. Program Security:

1 involves the user name and password of the program is best encapsulated in the server side, as little as possible in the ASP file, involving the database connection with the user name and password should be given the minimum authority;

2 need to verify the ASP page, you can track the file name of the previous page, only from the previous page to enter the session to read this page.

3 Prevent ASP homepage. inc File leakage problem;

4) to prevent the UE and other editors to generate Some.asp.bak file leakage problem.

6, IIS permissions to set the idea

• Create a system user for each individual person to protect, such as a Web site or a virtual directory, so that the site has the unique ability to set permissions on the system.

• Fill out the user name you just created in the IIS site properties or virtual directory properties → directory security → Anonymous access and validation control → edit → anonymous access → edit.

• Set all partitions to prohibit this user access, and just the site's home directory corresponding to the folder settings to allow this user access (to remove inherited parent rights, and to add the hyper-control group and the System group).

7, uninstall the most unsafe components (note: According to the actual requirements delete, delete after the FSO)

(The following settings, we have written a CMD script, as required to copy the operation can be replaced by the following manual settings,)

The easiest way to do this is to remove the appropriate program files after you uninstall them directly. Save the following code as one. BAT file, (WIN2000 for example, if 2003 is used, the system folder should be C:windows)

Regsvr32/u C:windowssystem32wshom.ocx

Del C:windowssystem32wshom.ocx

Regsvr32/u C:windowssystem32shell32.dll

Del C:winntwindowsshell32.dll

Then run it, Wscript.Shell, Shell.Application, and Wscript.Network will be unloaded. You may be prompted not to delete the file, do not worry about it, restart the server, you will find that all three prompts "x security".

In order to facilitate everyone, and subtraction error, most of the steps can be replaced by the following script, I have changed to the script cmd, a new TXT, the following code, copied to the inside, the extension to. cmd Double-click Run, after running, follow the prompts to backup.

The code is as follows

Copy Code

@echo off ECHO. ECHO. ECHO. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ECHo. ECHo, you are now using the World Network office to organize a "build security" script ECHo. ECHO. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ECHO. ECHO. ECHO. ------------------------------------------------------------------------- ECHo please follow the prompts to back up the registry, otherwise you can not restore after modification, I am not responsible. ECHO. ECHO Yes=next Set No=exit (this time Second default for N) ECHO. ------------------------------------------------------------------------- choice/t 30/c yn/d N if errorlevel 2 goto end if errorlevel 1 goto next : Next If EXIST backup (echo.) Else MD Backup If EXIST temp (rmdir/s/q TEMP|MD temp) Else MD Temp If EXIST backupbackupkey.reg (move Backupbackupkey.reg backupbackupkey_old.reg) Else Goto run : Run regedit/e tempbackup-reg1.key1 "Hkey_local_machinesystemcurrentcontrolset" regedit/e Tempbackup-reg2.key2 "HKEY_CLASSES_ROOT" copy/b/y/v Tempbackup-reg1.key1+tempbackup-reg2.key2 Backupbackupkey.reg If exist Backupwshom.ocx (echo backup already exists) Else copy/v/y%systemroot%system32wshom.ocx Backupwshom.ocx If exist Backupshell32.dll (echo backup already exists) Else copy/v/y%systemroot%system32shell32.dll Backupshell32.dll ECHO Backup is complete ECHO. Goto NEXT2 : Next2 ECHO. ECHO. ------------------------------------------------------------------- ECHo modifies permissions system32 a few of the unsafe EXE files in the directory, Instead, only administrators has permission to run the Echo Yes=next set no=this set Ignore (this time Second default for y) ECHO.--------- ---------------------------------------------------------- choice/t 30/c yn/d y if errorlevel 2 goto NEXT3 if errorlevel 1 goto next21 : next21 Xcacls.exe%systemroot%system32net.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32net1.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32cmd.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32tftp.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32netstat.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32regedit.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32at.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32attrib.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32cacls.exe/t/g administrators:f/y/c Xcacls.exe%systemroot%system32fortmat.com/t/g administrators:f/y/c Xcacls.exe%systemroot%system32secedit.exe/t/g administrators:f/y/c echo "Virtual host C disk permission set" echo "Remove everyone's permissions on C disk" cd/ cacls "%systemdrive%"/R "Everyone"/e cacls "%SystemRoot%"/R "Everyone"/e cacls "%systemroot%/registration"/R "Everyone"/e cacls "%systemdrive%/documents and Settings"/R "Everyone"/e echo "Remove access rights for all users in C disk" cacls "%systemdrive%"/R "users"/e cacls "%systemdrive%/program Files"/r "users"/e cacls "%systemdrive%/documents and Settings"/r "users"/e cacls "%SystemRoot%"/R "users"/e cacls "%systemroot%/addins"/R "users"/e cacls "%syst" Emroot%/apppatch "/r" users/e cacls "%systemroot%/connection Wizard"/r "users"/e cacls "%systemroot%/debug"/R "Users"/e cacls "%systemroot%/driver Cache"/r "users"/e cacls "%systemroot%/help"/R "users"/e cacls "%sy" Stemroot%/iis Temporary Compressed Files "/r" users/e cacls "%systemroot%/java"/R "users"/e cacls "%systemroot" %/msagent "/r" users/e cacls "%systemroot%/mui"/R "users"/e cacls "%systemroot%/repair"/R "users"/e CAcl S "%systemroot%/resources"/R "users"/e cacls "%systemroot%/security"/R "users"/e cacls "%systemroot%/system"/ R "Users"/e cacls "%systemroot%/tapi"/R "users"/e cacls "%systemroot%/temp"/R "users"/e cacls "%systemroo" T%/twain_32 "/R" users "/e cacls"%systemroot%/web "/R" users "/e cacls%systemroot%/system32/3com_dmi "/r" users "/e cacls"%systemroot%/system32/ Administration "/R" users "/e cacls"%systemroot%/system32/cache "/R" users "/e cacls"%systemroot%/system32/ CatRoot2 "/R" users "/e cacls"%systemroot%/system32/com "/R" users "/e cacls"%systemroot%/system32/config "/R" u sers/e cacls "%systemroot%/system32/dhcp"/R "users"/e cacls "%systemroot%/system32/drivers"/R "users"/e cacls "%systemroot%/system32/export"/R "users"/e cacls "%systemroot%/system32/icsxml"/R "users"/e cacls "%sys Temroot%/system32/lls "/R" users "/e cacls"%systemroot%/system32/logfiles "/R" users "/e cacls"%systemroot%/ System32/microsoftpassport "/R" users "/e cacls"%systemroot%/system32/mui "/R" users "/e cacls"%systemroot%/ System32/oobe "/R" users "/e cacls"%systemroot%/system32/shellext "/R" users "/e cacls"%systemroot%/system32/ WBEM "/R" users "/e echo "Add IIS_WPG access rights" cacls "%SystemRoot%"/g iis_wpg:r/e cacls "%systemdrive%/program files/common Files"/g iis_wpg:r/e cacls "%systemroot%/downloaded program Files"/g iis_wpg:c/e cacls "%systemroot%/help"/g iis_wpg:c/e cacls "%systemroot%/iis Temporary compressed Files"/g iis_wpg:c/e cacls "%systemroot%/offline Web Pages"/g iis_wpg:c/e cacls "%systemroot%/system32"/g iis_wpg:c/e cacls "%systemroot%/winsxs"/g iis_wpg:c/e cacls "%systemroot%/winsxs"/R "users"/e cacls "%systemroot%/tasks"/g iis_wpg:c/e cacls "%systemroot%/temp"/g iis_wpg:c/e cacls "%systemroot%/web"/g iis_wpg:c/e echo "Add IIS_WPG access rights [. NET private]" cacls "%systemroot%/assembly"/g iis_wpg:c/e cacls "%systemroot%/microsoft.net"/g iis_wpg:c/e echo "Add IIS_WPG access rights [MacFee software exclusive]" cacls "%systemdrive%/program files/network Associates"/g iis_wpg:r/e echo "Add access rights for users" cacls "%systemroot%/temp"/g users:c/e Goto NEXT3 : NEXT3 ECHO. ECHO. ECHO. ------------------------------------------------------------------------ ECHo prohibits unnecessary services, press CTRL + C if you want to exit ECHO Yes=next Set No=this set Ignore (this time Second default for y) ECHO. ------------------------------------------------------------------------ choice/t 30/c yn/d y if errorlevel 2 goto NEXT4 if errorlevel 1 goto next31 : next31 echo Windows Registry Editor Version 5.00 >tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetserviceslanmanworkstation] >>tempservices.reg echo "Start" =d<a href= "http://www.it165.net/edu/ebg/" target= "_blank" class= "Keylink" >word</a>:0 0000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesalerter] >>tempservices.reg echo "Start" =d<a href= "http://www.it165.net/edu/ebg/" target= "_blank" class= "Keylink" >word</a>:0 0000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesbrowser] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesdfs] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesscheduler] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetserviceslmhosts] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicestlntsvr] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [hkey_local_machinesystemcurrentcontrolsetservicesremoteaccess] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesntmssvc] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesremoteregistry] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicestrkwks] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesersvc] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesmessenger] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesnetlogon] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesnetlogon] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicesnetdde] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg echo [HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESNETDDEDSDM] >>tempservices.reg echo "Start" =dword:00000004 >>tempservices.reg REGEDIT/S Tempservices.reg ECHO. Goto NEXT4 : NEXT4 ECHO. ECHO. ------------------------------------------------------------------------- ECHo prevents human intrusion and attack. If you want to quit, press CTRL + C ECHO Yes=next Set No=this set Ignore (this time Second default for y) ECHO. ------------------------------------------------------------------------- choice/t 30/c yn/d y if errorlevel 2 goto NEXT5 if errorlevel 1 goto next41 : next41 echo Windows Registry Editor Version 5.00 >tempskyddos.reg echo [Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters] &gt;&gt;tempskyddos.reg echo "EnableDeadGWDetect" =dword:00000000 &gt;&gt;tempskyddos.reg echo "Enableicmpredirects" =dword:00000000 &gt;&gt;tempskyddos.reg echo "PerformRouterDiscovery" =dword:00000000 &gt;&gt;tempskyddos.reg echo "NoNameReleaseOnDemand" =dword:00000001 &gt;&gt;tempskyddos.reg echo "KeepAliveTime" =dword:000493e0 &gt;&gt;tempskyddos.reg echo "EnablePMTUDiscovery" =dword:00000000 &gt;&gt;tempskyddos.reg echo "SynAttackProtect" =dword:00000002 &gt;&gt;tempskyddos.reg echo "TcpMaxHalfOpen" =dword:00000064 &gt;&gt;tempskyddos.reg echo "TcpMaxHalfOpenRetried" =dword:00000050 &gt;&gt;tempskyddos.reg echo "TcpMaxConnectResponseRetransmissions" =dword:00000001 &gt;&gt;tempskyddos.reg echo "TcpMaxDataRetransmissions" =dword:00000003 &gt;&gt;tempskyddos.reg echo "TCPMaxPortsExhausted" =dword:00000005 &gt;&gt;tempskyddos.reg echo "DisableIPSourceRouting" =dword:0000002 &gt;&gt;tempskyddos.reg echo "TcpTimedWaitDelay" =dword:0000001e &gt;&gt;tempskyddos.reg echo "EnableSecurityFilters" =dword:00000001 &gt;&gt;tempskyddos.reg echo "TcpNumConnections" =dword:000007d0 &gt;&gt;tempskyddos.reg echo "Tcpmaxsendfree" =dword:000007d0 &gt;&gt;tempskyddos.reg echo "IGMPLevel" =dword:00000000 &gt;&gt;tempskyddos.reg echo "DefaultTTL" =dword:00000016 &gt;&gt;tempskyddos.reg echo Delete ipc$ (Internet Process Connection) is a resource that shares a named pipe echo [Hkey_local_machinesystemcurrentcontrolsetcontrollsa] >>tempskyddos.reg echo "RestrictAnonymous" =dword:00000001 >>tempskyddos.reg Echo [Hkey_local_ Machinesystemcurrentcontrolsetservicestcpipparametersinterfacesinterfaces] >>tempskyddos.reg Echo PerformRouterDiscovery "=dword:00000000 >>tempskyddos.reg Echo [Hkey_local_ Machinesystemcurrentcontrolsetservicesnetbtparameters] >>tempskyddos.reg echo "BacklogIncrement" =dword : 00000003 >>tempskyddos.reg Echo "Maxconnbacklog" =dword:000003e8 >>tempskyddos.reg Echo [HKEY_ Local_machinesystemcurrentcontrolsetservicesafdparameters] >>tempskyddos.reg Echo EnableDynamicBacklog "=dword:00000001 >>tempskyddos.reg Echo" MinimumDynamicBacklog "=dword:00000014 >>tempskyddos.reg echo "MaximumDynamicBacklog" =dword:00002e20 >>tempskyddos.reg Echo "DynamicBacklogGrowthDelta" =dword : 0000000a >>tempskyddos.reg echo [Hkey_local_machinesystemcurrentcontrolsetserviceslanmanserverparameters] >>tempskyddos.reg echo "AutoShareServer" =dword:00000000 >>tempskyddos.reg REGEDIT/S Tempskyddos.reg ECHO. ECHO. Goto NEXT5 : NEXT5 ECHO. ECHO. ------------------------------------------------------------------------ ECHo prevents ASP Trojans from running dismount Wscript.Shell, Shell.Application, wscript.network ECHO Yes=next Set No=this set Ignore (this time Second default for y) ECHO. ----------------------------------------------------------------------- choice/t 30/c yn/d y if errorlevel 2 goto NEXT6 if errorlevel 1 goto next51 : Next51 echo Windows Registry Editor Version 5.00 >tempdel.reg echo [-hkey_classes_rootshell.application] >>tempdel.reg echo [-hkey_classes_rootshell.application.1] >>tempdel.reg echo [-hkey_classes_rootclsid{13709620-c279-11ce-a49e-444553540000}] >>tempdel.reg echo [-hkey_classes_rootadodb.commandclsid] >>tempdel.reg echo [-HKEY_CLASSES_ROOTCLSID{00000566-0000-0010-8000-00AA006D2EA4}] >>tempdel.reg REGEDIT/S Tempdel.reg Regsvr32/u%systemroot%system32wshom.ocx del/f/q%systemroot%system32wshom.ocx Regsvr32/u%systemroot%system32shell32.dll del/f/q%systemroot%system32shell32.dll RMDIR/Q/S Temp ECHO. Goto NEXT6 : Next6 ECHO. ECHO. ECHO. --------------------------------------------------------------------- The ECHo setting has completed a reboot before it can take effect. ECHO yes=reboot Server No=exit (this Second default for y) ECHO. ---------------------------------------------------------------------- choice/t 30/c yn/d y if errorlevel 2 goto end if errorlevel 1 goto reboot : Reboot SHUTDOWN/R/T 0 : End If EXIST temp (rmdir/s/q temp|exit) Else exit