Windows虚拟主机权限设置批处理bat

  这是一个来源于网络上的服务器下的权限配置批处理脚本,脚本在交互上的设计也比较好(当年用的权限配置bat一运行就巴拉巴拉的自个玩去了,都不知道执行到什么地方了)。在这里非常感谢作者们的无私分享。

  这个权限设置仅针对的是Windows下IIS服务器的,并不是放之四海皆能的万能的权限配置,同时需要注意的是,这个文件中使用的权限设置批处理脚本并不一定适合所有人,IIS_WGP就我知道的很多服务器上并没有使用。在切换到自己的生产环境中,需要先进行评估自己服务器上的安全水平之后在酌情修改。千万不要一拿到脚本直接放到生产环境运行,之后就不闻不问了,等回头出现了安全隐患就回来骂娘哦。

@ECHO OFF
SETLOCAL

REM
REM CHANGELOG --
REM by amxku&自在轮回, C.Rufus S.T
REM 2006-12-10

REM add some tips ;)
REM by amxku, C.Rufus S.T
REM 2007-07-10

REM VH_Gh0st For IIS V1.4
REM 鬼仔说被权限弄挂过一次,所以加个还原的 ;)
REM by amxku, C.Rufus S.T
REM 2008-06-23

TITLE VH_Gh0st For IIS V1.4 - 红狼安全小组
ECHO.
ECHO "+++++++++++++++++++++++++++++++++++++"
ECHO "+  VH_Gh0st For IIS V1.4            +"
ECHO "+  虚拟主机C盘权限设置[IIS] V1.4    +" 
ECHO "+                                   +"
ECHO "+  www.wolfexp.net                  +"
ECHO "+  红狼安全小组                     +"
ECHO "+                                   +"
ECHO "+  amxku   自在轮回                 +"
ECHO "+++++++++++++++++++++++++++++++++++++"
:menu
ECHO.
ECHO [1]     删除C盘的everyone的权限
ECHO [2]     删除C盘的所有的users的访问权限
ECHO [3]     添加iis_wpg的访问权限
ECHO [4]     添加iis_wpg的访问权限[.net专用]
ECHO [5]     添加iis_wpg的访问权限[装了MACFEE的软件专用]
ECHO [6]     添加users的访问权限
ECHO [7]     删除C盘Windows下的所有的危险文件夹
ECHO [8]     删除系统危险文件的访问权限,只留管理组成员
ECHO [9]     注册表相关设定
ECHO [10]    将C盘权限还原为默认[需重启]
ECHO [0]     退出
ECHO.
@ECHO 请选择?
@ECHO 输入上面的选项回车
@ECHO off
set /p menu=

if %menu% == 0 GOTO exit
if %menu% == 1 GOTO 1
if %menu% == 2 GOTO 2
if %menu% == 3 GOTO 3
if %menu% == 4 GOTO 4
if %menu% == 5 GOTO 5
if %menu% == 6 GOTO 6
if %menu% == 7 GOTO 7
if %menu% == 8 GOTO 8
if %menu% == 9 GOTO 9
if %menu% == 10 GOTO 10

:1
ECHO 删除C盘的everyone的权限 
CACLS "%SystemDrive%" /R "CREATOR OWNER" /E
CACLS "%SystemDrive%" /R "everyone" /E 
CACLS "%SystemRoot%" /R "everyone" /E 
CACLS "%SystemDrive%/Documents and Settings" /R "everyone" /E 
CACLS "%SystemDrive%/Documents and Settings/All Users" /R "everyone" /E 
CACLS "%SystemDrive%/Documents and Settings/All Users/Documents"  /R "everyone" /E 
ECHO.
ECHO 删除C盘的everyone的权限 ………………ok!
ECHO.
GOTO menu

:2
ECHO 删除C盘的所有的users的访问权限 
CACLS "%SystemDrive%" /R "users" /E 
CACLS "%SystemDrive%/Program Files" /R "users" /E 
CACLS "%SystemDrive%/Documents and Settings" /R "users" /E 
CACLS "%SystemRoot%" /R "users" /E 
CACLS "%SystemRoot%/addins" /R "users" /E 
CACLS "%SystemRoot%/AppPatch" /R "users" /E 
CACLS "%SystemRoot%/Connection Wizard" /R "users" /E 
CACLS "%SystemRoot%/Debug" /R "users" /E 
CACLS "%SystemRoot%/Driver Cache" /R "users" /E 
CACLS "%SystemRoot%/Help" /R "users" /E 
CACLS "%SystemRoot%/IIS Temporary Compressed Files" /R "users" /E 
CACLS "%SystemRoot%/java" /R "users" /E 
CACLS "%SystemRoot%/msagent" /R "users" /E 
CACLS "%SystemRoot%/mui" /R "users" /E 
CACLS "%SystemRoot%/repair" /R "users" /E 
CACLS "%SystemRoot%/Resources" /R "users" /E 
CACLS "%SystemRoot%/security" /R "users" /E 
CACLS "%SystemRoot%/system" /R "users" /E 
CACLS "%SystemRoot%/TAPI" /R "users" /E 
CACLS "%SystemRoot%/Temp" /R "users" /E 
CACLS "%SystemRoot%/twain_32" /R "users" /E 
CACLS "%SystemRoot%/Web" /R "users" /E 
CACLS "%SystemRoot%/WinSxS" /R "users" /E 
CACLS "%SystemRoot%/system32/3com_dmi" /R "users" /E 
CACLS "%SystemRoot%/system32/administration" /R "users" /E 
CACLS "%SystemRoot%/system32/Cache" /R "users" /E 
CACLS "%SystemRoot%/system32/CatRoot2" /R "users" /E 
CACLS "%SystemRoot%/system32/Com" /R "users" /E 
CACLS "%SystemRoot%/system32/config" /R "users" /E 
CACLS "%SystemRoot%/system32/dhcp" /R "users" /E 
CACLS "%SystemRoot%/system32/drivers" /R "users" /E 
CACLS "%SystemRoot%/system32/export" /R "users" /E 
CACLS "%SystemRoot%/system32/icsxml" /R "users" /E 
CACLS "%SystemRoot%/system32/lls" /R "users" /E 
CACLS "%SystemRoot%/system32/LogFiles" /R "users" /E 
CACLS "%SystemRoot%/system32/MicrosoftPassport" /R "users" /E 
CACLS "%SystemRoot%/system32/mui" /R "users" /E 
CACLS "%SystemRoot%/system32/oobe" /R "users" /E 
CACLS "%SystemRoot%/system32/ShellExt" /R "users" /E 
CACLS "%SystemRoot%/system32/wbem" /R "users" /E 
ECHO.
ECHO 删除C盘的所有的users的访问权限  ………………ok!
ECHO.
GOTO menu


:7
ECHO 删除C盘Windows下的所有的危险文件夹 
ATTRIB %SystemRoot%/Web/printers -S -R -H
DEL %SystemRoot%\Web\printers\*.* /S /Q /F
RD %SystemRoot%\Web\printers /S /Q

ATTRIB %SystemRoot%\Help\iisHelp -S -R -H
DEL %SystemRoot%\Help\iisHelp\*.* /S /Q /F
RD %SystemRoot%\Help\iisHelp /S /Q

ATTRIB %SystemRoot%\system32\inetsrv\iisadmpwd -S -R -H
DEL %SystemRoot%\system32\inetsrv\iisadmpwd\*.* /S /Q /F
RD %SystemRoot%\system32\inetsrv\iisadmpwd /S /Q
ECHO.
ECHO 删除C盘Windows下的所有的危险文件夹   ………………ok!
ECHO.
GOTO menu


:8
ECHO 给系统危险文件设置权限设定
CACLS "C:\boot.ini" /T /C /E /G Administrators:F
CACLS "C:\boot.ini" /D Guests:F /E

CACLS "C:\AUTOEXEC.BAT" /T /C /E /G Administrators:F
CACLS "C:\AUTOEXEC.BAT" /D Guests:F /E

CACLS "%SystemRoot%/system32/net.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/net.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/net1.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/net1.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/cmd.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/cmd.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/ftp.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/ftp.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/netstat.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/netstat.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/regedit.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/regedit.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/at.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/at.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/ATTRIB.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/ATTRIB.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/format.com" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/format.com" /D Guests:F /E

CACLS "%SystemRoot%/system32/logoff.exe" /T /C /E /G Administrators:F

CACLS "%SystemRoot%/system32/shutdown.exe" /G Administrators:F
CACLS "%SystemRoot%/system32/shutdown.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/telnet.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/telnet.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/wscript.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/wscript.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/doskey.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/doskey.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/help.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/help.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/ipconfig.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/ipconfig.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/nbtstat.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/nbtstat.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/print.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/print.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/xcopy.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/xcopy.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/edit.com" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/edit.com" /D Guests:F /E

CACLS "%SystemRoot%/system32/regedt32.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/regedt32.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/reg.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/reg.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/register.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/register.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/replace.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/replace.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/nwscript.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/nwscript.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/share.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/share.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/ping.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/ping.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/ipsec6.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/ipsec6.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/netsh.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/netsh.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/debug.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/debug.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/route.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/route.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/tracert.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/tracert.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/powercfg.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/powercfg.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/nslookup.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/nslookup.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/arp.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/arp.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/rsh.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/rsh.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/netdde.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/netdde.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/mshta.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/mshta.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/mountvol.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/mountvol.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/tftp.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/tftp.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/setx.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/setx.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/find.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/find.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/finger.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/finger.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/where.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/where.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/regsvr32.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/regsvr32.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/CACLS.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/CACLS.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/sc.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/sc.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/shadow.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/shadow.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/runas.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/runas.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/wshom.ocx" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/wshom.ocx" /D Guests:F /E

CACLS "%SystemRoot%/system32/wshext.dll" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/wshext.dll" /D Guests:F /E

CACLS "%SystemRoot%/system32/shell32.dll" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/shell32.dll" /D Guests:F /E

CACLS "%SystemRoot%/system32/zipfldr.dll" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/zipfldr.dll" /D Guests:F /E

CACLS "%SystemRoot%/PCHealth/HelpCtr/Binaries/msconfig.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/PCHealth/HelpCtr/Binaries/msconfig.exe" /D Guests:F /E

CACLS "%SystemRoot%/notepad.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/notepad.exe" /D Guests:F /E

CACLS "%SystemRoot%/regedit.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/regedit.exe" /D Guests:F /E

CACLS "%SystemRoot%/winhelp.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/winhelp.exe" /D Guests:F /E

CACLS "%SystemRoot%/winhlp32.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/winhlp32.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/notepad.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/notepad.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/edlin.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/edlin.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/posix.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/posix.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/atsvc.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/atsvc.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/qbasic.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/qbasic.exe" /T /C /E /G Administrators:F

CACLS "%SystemRoot%/system32/runonce.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/runonce.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/syskey.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/syskey.exe" /D Guests:F /E

CACLS "%SystemRoot%/system32/cscript.exe" /T /C /E /G Administrators:F
CACLS "%SystemRoot%/system32/cscript.exe" /D Guests:F /E
ECHO.
ECHO 给系统危险文件设置权限设定   ………………ok!
ECHO.
GOTO menu

:9
ECHO 注册表相关设定
REG DELETE HKEY_CLASSES_ROOT\WScript.Shell /f
REG DELETE HKEY_CLASSES_ROOT\WScript.Shell.1 /f
REG DELETE HKEY_CLASSES_ROOT\Shell.application /f
REG DELETE HKEY_CLASSES_ROOT\Shell.application.1 /f
REG DELETE HKEY_CLASSES_ROOT\WSCRIPT.NETWORK /f
REG DELETE HKEY_CLASSES_ROOT\WSCRIPT.NETWORK.1 /f
regsvr32 /s /u wshom.ocx
regsvr32 /s /u wshext.dll
regsvr32 /s /u shell32.dll
regsvr32 /s /u zipfldr.dll
ECHO.
ECHO 注册表相关设定   ………………ok!
ECHO.
GOTO menu


:3
ECHO 添加iis_wpg的访问权限 
CACLS "%SystemRoot%" /G iis_wpg:R /E 
CACLS "%SystemDrive%/Program Files/Common Files" /G iis_wpg:R /E 

CACLS "%SystemRoot%/Downloaded Program Files" /G iis_wpg:C /E 
CACLS "%SystemRoot%/Help" /G iis_wpg:C /E 
CACLS "%SystemRoot%/IIS Temporary Compressed Files" /G iis_wpg:C /E 
CACLS "%SystemRoot%/Offline Web Pages" /G iis_wpg:C /E 
CACLS "%SystemRoot%/System32" /G iis_wpg:C /E 
CACLS "%SystemRoot%/Tasks" /G iis_wpg:C /E 
CACLS "%SystemRoot%/Temp" /G iis_wpg:C /E 
CACLS "%SystemRoot%/Web" /G iis_wpg:C /E 
ECHO.
ECHO 添加iis_wpg的访问权限   ………………ok!
ECHO.
GOTO menu


:4
ECHO 添加iis_wpg的访问权限[.net专用] 
CACLS "%SystemRoot%/Assembly" /G iis_wpg:C /E 
CACLS "%SystemRoot%/Microsoft.NET" /G iis_wpg:C /E 
ECHO.
ECHO 添加iis_wpg的访问权限[.net专用]   ………………ok!
ECHO.
GOTO menu

:5
ECHO 添加iis_wpg的访问权限[装了MACFEE的软件专用] 
CACLS "%SystemDrive%/Program Files/Network Associates" /G iis_wpg:R /E 
ECHO.
ECHO 添加iis_wpg的访问权限[装了MACFEE的软件专用]   ………………ok!
ECHO.
GOTO menu

:6
ECHO 添加users的访问权限 
CACLS "%SystemRoot%/temp" /G users:C /E 
ECHO.
ECHO 添加users的访问权限   ………………ok!
ECHO.
GOTO menu

:10
ECHO 将C盘权限还原为默认 
Secedit /configure /db %SYSTEMROOT%\security\database\cvtfs.sdb /Cfg "%SYSTEMROOT%\security\templates\setup security.inf" /areas filestore
GOTO menu

:exit

EXIT
Monday, June 17, 2013 | 其他技术

文章评论

No comments posted yet.

发表评论

Please add 5 and 2 and type the answer here:

关于博主

  一枚成分复杂的网络IT分子,属于互联网行业分类中的杂牌军。