3" %%i in ('REG QUERY HKEY_LOCAL_MACHINE\Software\Microsoft\

  网络渗透测试     |      2026-07-02 00:16

1 MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFile AtShutdown=4,开启系统自动更新功能 7.基线排查脚本 windows下的基线检查就是基于注册表表项进行检查,*S-1-5-32-551,进入“服务和应用程序”,-., 基本要求:关闭不必要的系统服务 测试内容:系统服务管理 操作步骤: 进入“控制面板-管理工具-计算机管理”,3" %%i in ('REG QUERY HKEY_LOCAL_MACHINE\Software\Microsoft\Win dows" "NT\CurrentVersion\Winlogon\ /v AutoAdminLogon') do ( if "%%j"=="0" set AutoAdminLogon=True ) if %AutoAdminLogon%==False ( REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows" "NT\CurrentVersion\Winlogon\ /f / v AutoAdminLogon /t REG_SZ /d 0 echo 禁止windows自动登录成功 rem echo 请添加EnableDeadGWDetect=0 ) ::操作系统补丁更新 ::net start wuauserv echo 配置完成 ,1 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,. ,*S-1-5-32-545,1 [System Access] EnableGuestAccount = 0 NewAdministratorName = "Administrator" MinimumPasswordLength = 8 PasswordComplexity = 1 PasswordHistorySize = 60 LockoutBadCount = 5 LockoutDuration = 30 [Privilege Rights] SeRemoteShutdownPrivilege = *S-1-5-32-544 SeTakeOwnershipPrivilege = *S-1-5-32-544 SeNetworkLogonRight = *S-1-5-32-544。

-. .--. echo : ,配置windows安全策略 echo 正在配置中...... secedit /configure /db gp.sdb /cfg security.inf ::管理缺失账户 for /f "skip=4 tokens=1-3" %%i in ('net user') do ( if "%%i"=="Administrator" echo 请修改默认管理员账号:%%i if "%%i"=="Guest" echo 请禁用用户:%%i if "%%j"=="Administrator" echo 请修改默认管理员账号:%%j if "%%j"=="Guest" echo 请禁用用户:%%j if "%%k"=="Administrator" echo 请修改默认管理员账号:%%k if "%%k"=="Guest" echo 请禁用用户:%%k ) ::启用SNMP攻击保护 set EnableDeadGWDetect=False for /f "skip=2 tokens=1-3" %%i in ('REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSe t\Services\Tcpip\Parameters') do if "%%i"=="EnableDeadGWDetect" if "%%k"=="0x0" set Enab leDeadGWDetect=True if %EnableDeadGWDetect%==False ( REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /f /v EnableDeadGWDetect /t REG_DWORD /d 0 echo 启用SNMP攻击保护成功 rem echo 请添加EnableDeadGWDetect=0x0 ) ::启用ICMP攻击保护 set EnableICMPRedirect=False for /f "skip=2 tokens=1-3" %%i in ('REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSe t\Services\Tcpip\Parameters') do ( if "%%i"=="EnableICMPRedirect" if "%%k"=="0x0" set EnableICMPRedirect=True ) if %EnableICMPRedirect%==False ( REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /f /v Enab leICMPRedirect /t REG_DWORD /d 0 echo 启用ICMP攻击保护成功 rem echo 请添加EnableICMPRedirect=0x0 ) ::启用SYN攻击保护 set SynAttackProtect=False for /f "skip=2 tokens=1-3" %%i in ('REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSe t\Services\Tcpip\Parameters') do ( if "%%i"=="SynAttackProtect" if "%%k"=="0x2" set SynAttackProtect=True ) if %SynAttackProtect%==False ( REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /f /v SynA ttackProtect /t REG_DWORD /d 2 REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /f /v TcpM axPortsExhausted /t REG_DWORD /d 5 REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /f /v TcpM axHalfOpen /t REG_DWORD /d 500 REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /f /v TcpM axHalfOpenRetried /t REG_DWORD /d 400 ) ::禁用IP源路由 set DisableIPSourceRouting=Falsefor /f "skip=2 tokens=1-3" %%i in ('REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSe t\Services\Tcpip\Parameters') do ( if "%%i"=="DisableIPSourceRouting" if "%%k"=="0x1" set DisableIPSourceRouting=True ) if %DisableIPSourceRouting%==False ( REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /f /v Disa bleIPSourceRouting /t REG_DWORD /d 1 echo 禁用IP源路由成功 rem echo 请添加DisableIPSourceRouting=0x1 ) ::启用碎片攻击保护 set EnablePMTUDiscovery=False for /f "skip=2 tokens=1-3" %%i in ('REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSe t\Services\Tcpip\Parameters') do ( if "%%i"=="EnablePMTUDiscovery" if "%%k"=="0x0" set EnablePMTUDiscovery=True ) if %EnablePMTUDiscovery%==False ( REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /f /v Enab lePMTUDiscovery /t REG_DWORD /d 0 echo 启用碎片攻击保护成功 rem echo 请添加EnablePMTUDiscovery=0x0 ) ::远程桌面服务端口管理 set tcp_PortNumber=False set rdp-tcp_PortNumber=False for /f "skip=2 tokens=1-3" %%i in ('REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSe t\Control\Terminal" "Server\Wds\rdpwd\Tds\tcp') do ( if "%%i"=="PortNumber" if "%%k"=="0xd3d" set tcp_PortNumber=True ) for /f "skip=2 tokens=1-3" %%i in ('REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSe t\Control\Terminal" "Server\WinStations\RDP-Tcp') do ( if "%%i"=="PortNumber" if "%%k"=="0xd3d" set rdp-tcp_PortNumber=True ) if %tcp_PortNumber%==True if %rdp-tcp_PortNumber%==True ( echo 请修改远程桌面端口不为默认端口3389 ) ::终端服务登录管理 set DontDisplayLastUserName=False for /f "skip=2 tokens=1-3" %%i in ('REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wind ows" "NT\CurrentVersion\Winlogon') do ( if "%%i"=="DontDisplayLastUserName" if "%%k"=="0x1" set DontDisplayLastUserName=True ) if %DontDisplayLastUserName% == False ( REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\Winlogon /f /v DontDisplayLastUserName /t REG_DWORD /d 1rem echo 请禁止显示上次登录名 DontDisplayLastUserName=0x1 ) ::禁止windows自动登录 set AutoAdminLogon=False for /f "skip=2 tokens=1, 就要用到组策略命令行工具secedit inf脚本 security.inf [Unicode] Unicode=yes [Event Audit] AuditLogonEvents = 3 AuditPolicyChange = 3 AuditObjectAccess = 3 AuditDSAccess = 3 AuditPrivilegeUse = 3 AuditSystemEvents = 3AuditAccountManage = 3 AuditProcessTracking = 2 [Registry Values] MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,提高系统安全性 6.系统更新 基本要求:系统自动更新安全补丁 测试内容:系统服务管理 预期结果:应安装关键和重要系统补丁。

-.,打印机和登录到网络 预期结果:关闭不必要的服务,查看所有服务,-.,-. .--. .-. .--. : `-. .-..-. .--. ,1 MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,. :' .; : echo :_;:_;:_;`.__.':_;`.__.':_;:_;`.__.'`.__,*S-1-5-32-547 [Version] signature="$CHICAGO$" Revision=1 bat脚本 build_security_Strategy.bat @echo off echo. echo _ .-. echo :_; : : echo ,_;:_;:_;`._. ; echo .-. : echo 一键执行,。

1 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserNam e=4,如果windows组策略有些不存在于注册表中,. :' '_.': :' ..': .. :: :; :' .; ; : ,建议关闭以下服务: Error Reporting Service、错误报告服务 Computer browser 浏览局域网计算机列表 Print Spooler 打印队列服务 Remote Registry 远程注册表操作 Routing and Remote Access 路由与远程访问 Shell Hardware Detection 为自动播放硬件事件提供通知Telnet 远程管理 TCP/IP NetBIOS Helper 允许客户端共享文件。