windows server2008加固

::启用防火墙
netsh advfirewall set allprofiles state on
:添加阻止和允许规则
netsh advfirewall firewall add rule name="zhuzhi-changyongduank" protocol=TCP dir=in localport=135,137,139,445 action=block
netsh advfirewall firewall add rule name="zhuzhi-changyongduank2" protocol=UDP dir=in localport=135,137,139,445 action=block
netsh advfirewall firewall add rule name="remot desktop" protocol=TCP dir=in localport=43389 action=allow

:修改注册表的远程端口
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal" "Server\wds\rdpwd\tds\tcp /v portnumber /t REG_DWORD /d 43389 /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal" "Server\winstations\RDP-Tcp /v portnumber /t REG_DWORD /d 43389 /f

:重启远程桌面服务

net stop "Remote Desktop Services" /y
net start "Remote Desktop Services"

:先启用icmp
netsh firewall set icmpsetting type=ALL mode=enable
:禁ping
netsh firewall set icmpsetting type=ALL mode=DISABLE

echo 'success'
pause