网站运营
搜索
分类

Windows2003服务器安装及设置教程——注册表篇

作者:含笑 来源:聚友 时间:2010-02-08 12:59:00 

Windows2003服务器安装及设置教程——注册表

  1.  防DDOS洪水攻击处理
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_BINARY /d "01 00 00 00" /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsHistory /t REG_BINARY /d "01 00 00 00" /f
    reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DontDisplayLastUserName /t REG_SZ /d 1 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD /d "00000001" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareServer /t REG_DWORD /d "00000000" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareWks /t REG_DWORD /d "00000000" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirect /t REG_DWORD /d "00000000" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v KeepAliveTime /t REG_DWORD /d "0x000927c0" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SynAttackProtect /t REG_DWORD /d "00000002" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpen /t REG_DWORD /d "0x000001f4" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpenRetried /t REG_DWORD /d "00000190" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxConnectResponseRetransmissions /t REG_DWORD /d "00000001" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxDataRetransmissions /t REG_DWORD /d "00000003" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TCPMaxPortsExhausted /t REG_DWORD /d "00000005" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v DisableIPSourceRouting /t REG_DWORD /d "00000002" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpTimedWaitDelay /t REG_DWORD /d "0x0000001e" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpNumConnections /t REG_DWORD /d "0x00004e20" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnablePMTUDiscovery /t REG_DWORD /d "00000000" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v NoNameReleaseOnDemand /t REG_DWORD /d "00000001" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableDeadGWDetect /t REG_DWORD /d "00000000" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v PerformRouterDiscovery /t REG_DWORD /d "00000000" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirects /t REG_DWORD /d "00000000" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v BacklogIncrement /t REG_DWORD /d "00000005" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v MaxConnBackLog /t REG_DWORD /d "0x000007d0" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v EnableDynamicBacklog /t REG_DWORD /d "00000001" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MinimumDynamicBacklog /t REG_DWORD /d "00000014" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MaximumDynamicBacklog /t REG_DWORD /d "00007530" /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v DynamicBacklogGrowthDelta /t REG_DWORD /d "0x0000000a" /f

  2. 防止 Windows 运行您在这个设置中指定的程序
    REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v DisallowRun /t REG_DWORD /d "00000001" /f
    REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v login.scr /t REG_SZ /d login.scr /f
    REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v xsiff.exe /t REG_SZ /d xsiff.exe /f
    REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v xsniff.exe /t REG_SZ /d xsniff.exe /f
    REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v sethc.exe /t REG_SZ /d sethc.exe /f
    REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v WinPcap.exe /t REG_SZ /d WinPcap.exe /f
    REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v nc.exe /t REG_SZ /d nc.exe /f
    REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v sql.exe /t REG_SZ /d sql.exe /f
    REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v su.exe /t REG_SZ /d su.exe /f
     

  3. 关闭445端口
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v SMBDeviceEnabled /t REG_DWORD /d "00000000" /f

  4. 关闭135端口
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole" /v EnableDCOM /t REG_SZ /d "N" /f
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc" /v "DCOM Protocols" /t REG_MULTI_SZ /d "" /f
     

  5. 禁止dump file的产生和删除现有MEMORY.DMP文件(dump文件在系统崩溃和蓝屏的时候是一份很有用的查找问题的资料。然而,它也能够给黑客提供一些敏感信息比如一些应用程序的密码等。)
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD  /d 00000000 /f
    attrib %SystemRoot%\MEMORY.DMP -s -r -h
    del %SystemRoot%\MEMORY.DMP /s /q /f

  6. 去除HappyTime(欢乐时光)威胁
    reg delete HKCR\CLSID\{06290BD5-48AA-11D2-8432-006008C3FBFC} /f
    reg delete HKCR\Scriptlet.TypeLib /f

  7. 禁用通过重启重命名方式加载启动项
    重启重命名的执行优先级比传统的自启动(一般指HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run)要高, 启动完成后又将自己删除或改名回去. 这种方式自启动极为隐蔽,现有的安全工具都无法检测的出来。病毒通过重启重命名方式加载,位于注册表HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ BackupRestore\KeysNotToRestore下的Pending Rename Operations字串。
    reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v PendingFileRenameOperations /f

  8. 关闭事件跟踪程序
    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /v ShutdownReasonOn /t REG_DWORD /d "00000000" /f

标签:DDOS,windows2003,设置,注册表
0
投稿

猜你喜欢

  • 用ubuntu server8.10做php-web服务器

    2008-12-16 11:31:00

  • IIS7.0在Vista系统下安装注意事项

    2008-10-03 12:23:00

  • Windows操作系统组策略应用全攻略(1)

    2010-05-31 19:09:00

  • Alexa的爱、恨、情、仇

    2008-03-14 07:41:00

  • Google的Android模拟器及一些移动版产品

    2007-11-15 06:48:00

  • Discuz!7.0道具中心功能详解

    2009-02-27 18:30:00

  • 56网启动广告分成系统 内容方分享广告收益

    2009-12-03 16:47:00

  • 巧用Manyou开放平台 你的SNS应用排序你做主

    2009-02-15 09:53:00

  • 抵御黑客入侵防护服务器安全的七个技巧

    2009-01-13 17:23:00

  • 阿里巴巴投资建教育公司 夸口三年培训百万人

    2009-10-30 16:51:00

  • 使用Windows Server 2003搭建安全文件服务器

    2010-05-31 18:53:00

  • JSP服务器的安装与配置

    2010-04-23 18:01:00

  • 居心叵测的Chrome浏览器

    2008-09-10 12:33:00

  • 博客文章间互相链接的考虑

    2007-11-22 21:27:00

  • 谷歌发布内部数据语言 比XML快近100倍

    2008-07-09 19:01:00

  • 免费架设自己的DNS服务器

    2009-01-23 17:10:00

  • Google Adsense 广告提示100条

    2008-09-11 13:17:00

  • 值得我们重视 超一半网民对政府网站不满意

    2008-12-20 12:05:00

  • Yahoo $1.99美元 .com域名注册图文教程

    2010-03-11 14:40:00

  • Webmail攻防实战(5)

    2007-10-30 14:05:00
    • asp之家 网站运营 m.aspxhome.com