安全防毒

关注公众号 jb51net

关闭
XP安全设置补丁的批处理命令 XP安全设置补丁bat

XP安全设置补丁的批处理命令 XP安全设置补丁bat

热门排行

简介

XP安全设置补丁的批处理命令,双击即可
[code]
@echo off
cls
rem Copyright (C) 2003-05 Ansgar Wiechers & Torsten Mann
rem Contact: admin@ntsvcfg.de
rem 深山红叶汉化
rem
rem 免费程序,可在 GNU 框架下自由分发或/和修改。
rem You can redistribute it and/or modify it under
rem the terms of the GNU General Public License as published by the Free Software Foundation;
rem either version 2 of the License, or (at your option) any later version.
rem This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
rem without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rem See the GNU General Public License for more details.
rem
rem You should have received a copy of the GNU General Public License along with this program;
rem if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
rem MA 02111-1307, USA.
echo.
REM Tested on ... WinXP_SP2
REM Always basic XP64 Support
REM Modifications to BITS service (cause of v5 WindowsUpdate) - #discharged#
REM Additional notices corresponding to DHCP issue
REM Variables problems during RESTORE_DEFAULT usage fixed
REM SMBDEVICEENABLED Restore Bug fixed
REM Mod_history-09-27-2005**11-08-2005**11-29-2005**12-07-2005**12-18-2005

setlocal

REM *** INIT_VARS ***
set CHK_SVC=YES
set XPSP2=FALSE
set SERVER=FALSE
set NT_SERVER_CHK=TRUE


:START
echo  "svc2kXp.cmd" v2.2_build7b (18.12.2005), 基于 GNU GPL 发布
echo  ================================================================
set find=%SystemRoot%\System32\find.exe
set regedit=%SystemRoot%\regedit.exe
if not exist "%find%" goto :NOFIND
if not exist "%regedit%" goto :NOREGEDIT
if not "%1" == "%*" goto :SYNTAX
if /I "%1"=="/?" goto :HELP
if /I "%1"=="/help" goto :HELP
if /I "%1"=="-h" goto :HELP
if /I "%1"=="--help" goto :HELP
if /I "%1"=="-?" goto :HELP
if /I "%1"=="--?" goto :HELP
if /I "%1"=="/fix" goto :FIX
goto :VERSION

:SYNTAX
echo.
echo.
echo  !!语法错误!!
echo  ________________
echo  只允许一个或没有参数。
goto :QUIT

:HELP
echo.
echo                                 -= 帮助 =-
echo  参数:
echo  /lan.......一些 LAN 所需的服务保持不更改!
echo  /std.......关闭所有端口,但部分保持不更改
echo  /all.......更改所有被 www.ntsvcfg.de ("hardening") 推荐有问题的服务
echo  /restore...撤消上次更改
echo  /reLAN.....恢复 LAN 所需的服务
echo  /default...恢复默认出厂服务设置 (在首次使用前)
echo.
echo  例如: svc2kxp.cmd /all
echo.
set /P CHS= [Press "G" 查看 GNU GPL 信息,或 "Q" 退出]?
if /I "%CHS%"=="G" goto :GNU_GPL
if /I "%CHS%"=="Q" goto :QUIT_EXT
CLS
goto :HELP

:GNU_GPL
CLS
echo  Informations about GNU-General Public License for "svc2kxp.cmd"
echo  ===============================================================
echo.
echo  Copyright (C) 2003-05 Ansgar Wiechers, Torsten Mann
echo  Contact: admin@ntsvcfg.de
echo.
echo  This program is free software; you can redistribute it and/or modify it under
echo  the terms of the GNU General Public License as published by the Free Software
echo  Foundation; either version 2 of the License, or (at your option) any later
echo  version. This program is distributed in the hope that it will be useful, but
echo  WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
echo  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
echo  details.
echo.
echo  You should have received a copy of the GNU General Public License along with
echo  this program; if not, write to the:
echo.
echo  Free Software Foundation, Inc.
echo  59 Temple Place, Suite 330
echo  Boston, MA 02111-1307, USA.
echo.
set /P CHS= [Press "H" for help or "Q" for quit]?
CLS
if /I "%CHS%"=="H" goto :HELP
if /I "%CHS%"=="Q" goto :QUIT_EXT
goto GNU_GPL

:VERSION
echo  正在检查系统版本 ...


if /I "%NT_SERVER_CHK%"=="FALSE" goto :SKIP_NT_SERVER_CHK
REM Checking for running server version
        "%regedit%" /e "%TEMP%\~svr.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions"
                 type "%TEMP%\~svr.txt"|"%find%" /i "Server" >NUL
                if not errorlevel 1 set SERVER=TRUE
                 type "%TEMP%\~svr.txt"|"%find%" /i "LanMan" >NUL
                if not errorlevel 1 set SERVER=TRUE
                if exist "%TEMP%\~svr.txt" del /F /Q "%TEMP%\~svr.txt"
                if /I "%SERVER%"=="TRUE" goto :NTSERVER


:SKIP_NT_SERVER_CHK

ver | "%find%"  /i "Windows 2000" > nul
if not errorlevel 1 goto :OS2K

ver | "%find%"  /i "Windows XP" > nul
if not errorlevel 1 goto :OSXP

ver | "%find%"  /i "Microsoft Windows [Version 5.2.3790]" > nul
if not errorlevel 1 goto :OSXP64

echo  !!失败!!
echo  __________
echo.
echo  此脚本只能工作于 Windows 2000/XP 系统的机器!
echo.
goto :QUIT

:NOFIND
echo.
echo  !!失败!!
echo  __________
echo.
echo  对不起,以下文件丢失:
echo.
echo.
echo  # %SystemRoot%\System32\FIND.EXE
echo.
echo.
goto :QUIT

:NOREGEDIT
echo.
echo  !!失败!!
echo  __________
echo.
echo  对不起以下文件丢失:
echo.
echo.
echo  # %SystemRoot%\REGEDIT.EXE
echo.
echo.
goto :QUIT

:NTSERVER
echo.
echo  !!失败!!
echo  __________
echo.
echo  此脚本不支持 NT server 版本!
echo.
goto :QUIT


:OS2K
rem Specific OS Detection I
set SYSTEM=2k

rem Testing for XP ServicePacks

        "%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
        type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 4" >NUL
        if errorlevel==1 (

                  type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 3" >NUL
                  if errorlevel==1 (

                        type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
                          if errorlevel==1 (

                                type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
                                if errorlevel==1 (

                                        echo  !Windows 2000 [无或没有 Service Pack] 被检测到!
                                        goto NO_2KSP
                                        )

                                echo  !Windows 2000 [Service Pack 1] 被检测到!
                                  goto :NO_2KSP
                                )


                        echo  !Windows 2000 [Service Pack 2] 被检测到!
                          goto :NO_2KSP
                        )


                echo  !Windows 2000 [Service Pack 3] 被检测到!
                goto :NO_2KSP
                )


        echo  !Windows 2000 [Service Pack 4] 被检测到!
        goto :NO_2KSP

:NO_2kSP
if exist "%TEMP%\~svclist.txt" del /F /Q "%TEMP%\~svclist.txt"
goto :CONTINUE


:OSXP
rem Specific OS detection II
set SYSTEM=xp
rem Testing for XP ServicePack 2

        "%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
        type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
        if errorlevel==1 (

                  type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
                  if errorlevel==1 (

                        SET XPSP2=FALSE
                        echo  !Windows XP [no or unknown Service Pack] 被检测到!
                        goto NO_XPSP
                        )

                SET XPSP2=FALSE
                  echo  !Windows XP [Service Pack 1] 被检测到!
                  goto :NO_XPSP
                )

        SET XPSP2=TRUE
        echo  !Windows XP [ServicePack 2] 被检测到!
        goto :NO_XPSP

:OSXP64
rem Specific OS detection II
set SYSTEM=xp
rem Testing for XP ServicePack 2

        "%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
        type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
        if errorlevel==1 (

                  type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
                  if errorlevel==1 (

                        SET XPSP2=FALSE
                        echo  !EXPERIMENTAL! Windows XP64 [无或未知 Service Pack] 被检测到!
                        goto NO_XPSP
                        )

                SET XPSP2=FALSE
                  echo  !EXPERIMENTAL! Windows XP64 [Service Pack 1] 被检测到!
                  goto :NO_XPSP
                )

        SET XPSP2=TRUE
        echo  !EXPERIMENTAL! Windows XP64 [ServicePack 2] 被检测到!
        goto :NO_XPSP


:NO_XPSP
if exist "%TEMP%\~svclist.txt" del /F /Q "%TEMP%\~svclist.txt"
goto :CONTINUE


:CONTINUE

REM Creating subdirectory "ntsvcfg" in userprofile if necessary
if not exist "%USERPROFILE%\ntsvcfg\*.*" mkdir "%USERPROFILE%\ntsvcfg"

REM Moving old script backup files to ...\%USERNAME%\ntsvcfg :
        if exist "%USERPROFILE%\dcom.reg" move /Y "%USERPROFILE%\dcom.reg" "%USERPROFILE%\ntsvcfg\dcom.reg"
        if exist "%USERPROFILE%\dcomp.reg" move /Y "%USERPROFILE%\dcomp.reg" "%USERPROFILE%\ntsvcfg\dcomp.reg"
        if exist "%USERPROFILE%\services.reg" move /Y "%USERPROFILE%\services.reg" "%USERPROFILE%\ntsvcfg\services.reg"
        if exist "%USERPROFILE%\current_services_config.reg" move /Y "%USERPROFILE%\current_services_config.reg" "%USERPROFILE%\ntsvcfg\current_services_config.reg"
        if exist "%USERPROFILE%\smb.reg" move /Y "%USERPROFILE%\smb.reg" "%USERPROFILE%\ntsvcfg\smb.reg"
        if exist "%USERPROFILE%\FPRINT.REF" move /Y "%USERPROFILE%\FPRINT.REF" "%USERPROFILE%\ntsvcfg\FPRINT.REF"
        if exist "%USERPROFILE%\handler_aim.reg" move /Y "%USERPROFILE%\handler_aim.reg" "%USERPROFILE%\ntsvcfg\handler_aim.reg"
        if exist "%USERPROFILE%\handler_gopher.reg" move /Y "%USERPROFILE%\handler_gopher.reg" "%USERPROFILE%\ntsvcfg\handler_gopher.reg"
        if exist "%USERPROFILE%\handler_telnet.reg" move /Y "%USERPROFILE%\handler_telnet.reg" "%USERPROFILE%\ntsvcfg\handler_telnet.reg"
        if exist "%USERPROFILE%\services.reg.default" move /Y "%USERPROFILE%\services.reg.default" "%USERPROFILE%\ntsvcfg\services.reg.default"
        if exist "%USERPROFILE%\dcom.reg.default" move /Y "%USERPROFILE%\dcom.reg.default" "%USERPROFILE%\ntsvcfg\dcom.reg.default"
        if exist "%USERPROFILE%\dcomp.reg.default" move /Y "%USERPROFILE%\dcomp.reg.default" "%USERPROFILE%\ntsvcfg\dcomp.reg.default"
        if exist "%USERPROFILE%\smb.reg.default" move /Y "%USERPROFILE%\smb.reg.default" "%USERPROFILE%\ntsvcfg\smb.reg.default"
        if exist "%USERPROFILE%\handler_aim.reg.default" move /Y "%USERPROFILE%\handler_aim.reg.default" "%USERPROFILE%\ntsvcfg\handler_aim.reg.default"
        if exist "%USERPROFILE%\handler_gopher.reg.default" move /Y "%USERPROFILE%\handler_gopher.reg.default" "%USERPROFILE%\ntsvcfg\handler_gopher.reg.default"
        if exist "%USERPROFILE%\handler_telnet.reg.default" move /Y "%USERPROFILE%\handler_telnet.reg.default" "%USERPROFILE%\ntsvcfg\handler_telnet.reg.default"


REM *****Declarations*****
set SELECT="no"
set SVC_BAK=%USERPROFILE%\ntsvcfg\services.reg
set SVC_SAV=%USERPROFILE%\ntsvcfg\current_services_config.reg
set DCOM_BAK=%USERPROFILE%\ntsvcfg\dcom.reg
set DCOMP_BAK=%USERPROFILE%\ntsvcfg\dcomp.reg
set SMB_BAK=%USERPROFILE%\ntsvcfg\smb.reg
set DCOM_TMP=%TEMP%\dcomoff.reg
set DCOMP_TMP=%TEMP%\dcompoff.reg
set SMB_TMP=%TEMP%\smboff.reg
set FPRINT=%USERPROFILE%\ntsvcfg\FPRINT.REF
set HANDLER1=%USERPROFILE%\ntsvcfg\handler_aim.reg
set HANDLER2=%USERPROFILE%\ntsvcfg\handler_gopher.reg
set HANDLER3=%USERPROFILE%\ntsvcfg\handler_telnet.reg
set NB_TMP=%TEMP%\nb_off.vbs
set srctmp=%USERPROFILE%\ntsvcfg\~srcreate.vbs
set DHCP_CHANGES="YES"

REM *****Options*****
set SCHEDULER_ENABLED=NO
set UseXPSysRestore=YES
set RESTORE=NO
set SVC_MOD=NO
set USE_FPRINT=YES
set Deactivate_NetBIOS=YES
set RESTORE_MODE=2

REM *****APP_PATHs******
set NET=%SystemRoot%\system32\net.exe
set SC=%SystemRoot%\system32\sc.exe
set FC=%SystemRoot%\system32\fc.exe
set IPCONFIG=%SystemRoot%\system32\ipconfig.exe


echo  正在检查可用权限: [local], 请稍候 ...
"%net%" user "%USERNAME%" 2> nul | "%find%"  /i "admin" | "%find%"  /i /v "name" > nul
if errorlevel 1 (
        echo     "         "          "     : [domain], 请稍候 ...
        "%net%" user "%USERNAME%" /domain 2> nul | "%find%"  /i "admin" | "%find%"  /i /v "name" > nul
        if errorlevel 1 (
                echo.
                echo  失败!
                echo  __________
                echo  对不起,没有执行此任务的权限。
                echo  请以 Administrator 登录。
                echo.
                goto :END
                )
        )

set IMPORT_OLD_FILES=FALSE
rem searching for sc.exe
if not exist "%FPRINT%" echo  检查 SC.EXE 是否存在...
"%sc%" qc > nul 2>&1
if errorlevel 1 (
        echo  !!失败!!
        echo  __________
        echo.
        echo  SC.EXE 在系统目录没有找到: [%SystemRoot%\SYSTEM32\]
        echo  请从此下载:
        echo.
        echo.
        echo            -= ftp://ftp.microsoft.com/reskit/win2000/sc.zip =-
        echo.
        echo                                自解压安装 SC.EXE
        echo                                ======================
         echo.
        echo  如果网络连接可用,svc2kxp.cmd 可以试图自动下载 SC.EXE。
        goto :SC_DOWNLOAD
        )


if /I "%1"=="/all" (
        set SELECT="/all"
        goto :SKIP_MENUE
        )

if /I "%1"=="/relan" (
        set SELECT="/relan"
        goto :SKIP_MENUE
        )

if /I "%1"=="/std" (
        set SELECT="/std"
        goto :SKIP_MENUE
        )

if /I "%1"=="/default" goto :RESTORE_DEFAULTS


rem checking for modified services
if /I %CHK_SVC%==YES (
        if /I %USE_FPRINT%==YES (
                if exist "%FPRINT%" (
                        rem Creating fingerprint of current service settings...
                        if exist "%USERPROFILE%\ntsvcfg\svc2cmp.sav" del /F /Q "%USERPROFILE%\ntsvcfg\svc2cmp.sav"
                        "%sc%" query type= service state= all bufsize= 8192 | %FIND% "SERVICE_NAME" >%TEMP%\~svclist.txt
                        for /F "tokens=1*" %%a in (%TEMP%\~svclist.txt) do (
                                echo %%b >>"%USERPROFILE%\ntsvcfg\svc2cmp.sav"
                                "%sc%" query "%%b" | %FIND% "STATE" >>"%USERPROFILE%\ntsvcfg\svc2cmp.sav"
                                "%sc%" qc "%%b" | %FIND% "DISPLAY_NAME" >>"%USERPROFILE%\ntsvcfg\svc2cmp.sav"
                                "%SC%" qc "%%b" | %FIND% "START_TYPE" >>"%USERPROFILE%\ntsvcfg\svc2cmp.sav"
                                echo. >> "%USERPROFILE%\ntsvcfg\svc2cmp.sav"
                                )
                        del "%TEMP%\~svclist.txt"


                        "%FC%" "%FPRINT%" "%USERPROFILE%\ntsvcfg\svc2cmp.sav" >NUL
                        if errorlevel 1 goto :DIFF
                        goto OK

                        :DIFF
                        echo  正在检查被修改的服务 ... 失败的服务可能被修改! [E]valuate
                        set SVC_MOD=YES
                        goto :MOD_END

                        :OK
                        echo  正在检查被修改的服务 ... OK
                        set SVC_MOD=NO
                        if exist "%USERPROFILE%\ntsvcfg\svc2cmp.sav" del /F /Q "%USERPROFILE%\ntsvcfg\svc2cmp.sav"
                        goto :MOD_END

                        :MOD_END
                        REM
                        )
                )
        )
set CHK_SVC=NO


if /I "%1"=="/restore" goto :RESTORE


:MENUE
if /I "%1"=="/lan" goto :SKIP_MENUE
echo.
echo  请选择一个要执行的任务:
echo.
echo  (1) LAN:       一些 LAN 所需的服务保持不更改!
echo  (2) Standard:  关闭所有端口,但部分保持不更改
echo  (3) ALL:       更改所有被 www.ntsvcfg.de ("hardening") 推荐有问题的服务
echo  (4) restore:   恢复上次的更改
echo.
set /P CHS= 请选择: [1],[2],[3],[4], [M]更多选项,或 [Q]退出?

if /I "%CHS%"=="1" (
        set SELECT="/lan"
        goto :SKIP_MENUE
        )

if /I "%CHS%"=="2" (
        set SELECT="/std"
        goto :SKIP_MENUE
        )

if /I "%CHS%"=="3" (
        set SELECT="/all"
        goto :SKIP_MENUE
        )

if /I "%CHS%"=="4" goto :RESTORE
if /I "%CHS%"=="R" goto :RESTORE
if /I "%CHS%"=="M" goto :MORE_OPTIONS
if /I "%SVC_MOD%"=="YES" if /I "%CHS%"=="E" goto :EVALUATE_SERVICES
if /I "%CHS%"=="G" goto :CREATING_NEW_FINGERPRINT
if /I "%CHS%"=="Q" goto :QUIT
cls
goto :START


:SKIP_MENUE

rem Checking if old restorefiles exists.
rem if it is so old files will be restored before new changes
if not exist "%SVC_BAK%" goto :NO_RESTORE
if /I %RESTORE_MODE%==3 goto :NO_RESTORE
if /I %RESTORE_MODE%==4 goto :NO_RESTORE
set RESTORE=YES
echo.
echo  _______________________________________________________________________
echo.
echo  [选择恢复模式: %RESTORE_MODE%]
echo.
echo.
echo    注意: 找到了旧的恢复文件!
echo.
echo     本程序不是第一次运行。要应用所有新的更改,
echo     需要适当的旧恢复文件以获取一个确定的状态。
echo.
echo.
echo  # 正在开始恢复 ...
goto RESTORE_EXT

:NO_RESTORE
rem query if taskplaner should run
if /I "%SYSTEM%"=="2k" goto :SKIP_SQUERY
if /I "%SYSTEM%"=="xp" (
        if /I %SELECT%=="" goto :SKIP_SQUERY
        if /I %SELECT%=="/all" goto :SKIP_SQUERY
        if /I %XPSP2%==True (
                set SCHEDULER_ENABLED=YES
                goto :SKIP_SQUERY
                )

        )


echo.
echo.
echo  Query
echo  ==================
echo.
echo.
echo  Should the "scheduler service" be disabled?
echo.
echo  If you have time-controlled tasks [i.e. AV-Updates] or you will not set
echo  automatic system restore points press ANY KEY TO CONTINUE to close port 135
echo  [RPC] and port 1025 [scheduler] instantly. Otherwise press "N"
echo  ___________________________________________
echo.
set /P UNDO= Close scheduler [y/n]?
if /I "%UNDO%"=="n" set SCHEDULER_ENABLED=YES

:SKIP_SQUERY

if not exist "%SVC_BAK%.default" (
        echo.
        echo  Creating backup of defaults ...
        "%regedit%" /e "%SVC_BAK%.default" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
        "%regedit%" /e "%DCOM_BAK%.default" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
        "%regedit%" /e "%DCOMP_BAK%.default" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
        "%regedit%" /e "%SMB_BAK%.default" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
        "%regedit%" /e "%HANDLER1%.default" HKEY_CLASSES_ROOT\AIM
        "%regedit%" /e "%HANDLER2%.default" HKEY_CLASSES_ROOT\gopher
        "%regedit%" /e "%HANDLER3%.default" HKEY_CLASSES_ROOT\telnet
        echo                             ... done.
        )

if exist "%SVC_BAK%" (
        if /I %RESTORE_MODE%==2 goto :SKIP_SAVING
        if /I %RESTORE_MODE%==4 goto :SKIP_SAVING
        )

rem saving registry settings
echo  _________________________________________________________________________
echo.
echo  [Selected Restore Mode: %RESTORE_MODE%]
echo.
echo     Saving services settings to
echo       %SVC_BAK% ...
"%regedit%" /e "%SVC_BAK%" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
echo     Saving DCOM settings to
echo       %DCOM_BAK% ...
"%regedit%" /e "%DCOM_BAK%" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
echo     Saving DCOM standard protocols settings to
echo       %DCOMP_BAK% ...
"%regedit%" /e "%DCOMP_BAK%" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
echo     Saving SMB settings to
echo       %SMB_BAK%
"%regedit%" /e "%SMB_BAK%" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
echo     Saving URL-Handler [AIM, GOPHER, TELNET] to
echo       %HANDLER1%
"%regedit%" /e "%HANDLER1%" HKEY_CLASSES_ROOT\AIM
echo       %HANDLER2%
"%regedit%" /e "%HANDLER2%" HKEY_CLASSES_ROOT\gopher
echo       %HANDLER3%
"%regedit%" /e "%HANDLER3%" HKEY_CLASSES_ROOT\telnet
echo.

echo  All done.
echo  ___________________________________________
echo.


:SKIP_SAVING

if /I "%SYSTEM%"=="xp" (
        if /I %UseXPSysRestore%==YES (
                goto :XPSYSRESTORE
                )
        )
:XPSYSRESTORE_DONE

rem reconfigure services
rem startup: demand
echo.
echo  Setting services to "demand" ...

echo  ___________________________________________
echo.
echo  # Checking DHCP ...
"%ipconfig%" -all | "%find%"  /i "Lease" > nul
if errorlevel 1 (
        rem trying other method for DHCP
        "%ipconfig%" -all | "%find%"  /i "DHCP-Server" > nul
        if errorlevel 1 (
          echo                ... no active DHCP found.
          echo.
   echo  Notice
   echo  ======
   echo  Your configuration indicates that DHCP no longer will be required.
   echo  But if you use a DSL internet connection this choice probably
          echo  might be wrong. If you experiences problems during accessing the
   echo  internet please re-activate the "DHCP Service" manually.
   echo.
   echo  ___________________________________________
   echo.
          "%sc%" config DHCP start= demand
          goto :SKIP_DHCP
        )
)
set DHCP_CHANGES="NO"
echo  ... DHCP active, status of service will NOT be changed!
echo.

:SKIP_DHCP
"%sc%" config dmadmin start= demand
"%sc%" config DNSCache start= demand
"%sc%" config mnmsrvc start= demand
"%sc%" config MSIServer start= demand
"%sc%" config NetDDE start= demand
"%sc%" config NetDDEdsdm start= demand
"%sc%" config Netman start= demand
"%sc%" config NTLMSsp start= demand
"%sc%" config NtmsSvc start= demand
"%sc%" config PolicyAgent start= demand
"%sc%" config RASAuto start= demand
"%sc%" config RASMan start= demand
"%sc%" config RSVP start= demand
"%sc%" config Scardsvr start= demand

"%sc%" query ScardDrv | "%find%"  /i "OpenService FAILED" >NUL
if errorlevel 1 "%sc%" config ScardDrv start= demand

if /I %XPSP2%==True (
        rem If XP SP2 is installed there are less changes to XP-ICF
        if /I %SELECT%=="/std" goto :SKIP_FIREWALL
        )
"%sc%" config SharedAccess start= demand

:SKIP_FIREWALL
"%sc%" config Sysmonlog start= demand
"%sc%" config TAPISrv start= demand
"%sc%" config TrkWks start= demand
"%sc%" config UPS start= demand
"%sc%" config W32Time start= demand
"%sc%" config WMI start= demand

if /I %SELECT%=="/all" (
        "%sc%" config SamSs start= demand
        "%sc%" config LmHosts start= demand
        "%sc%" config Winmgmt start= demand
        )

if /I "%SYSTEM%"=="2k" (
        "%sc%" config AppMgmt start= demand
        "%sc%" config Browser start= demand
        "%sc%" config clipsrv start= demand
        "%sc%" config EventSystem start= demand
        "%sc%" config Fax start= demand
        "%sc%" config netlogon start= demand
        "%sc%" config RPCLocator start= demand
        "%sc%" config Utilman start= demand
        if /I %SELECT%=="/all" (
                "%sc%" config seclogon start= demand
                "%sc%" config RPCSs start= demand
                "%sc%" config lanmanServer start= demand
                )
        )


if /I "%SYSTEM%"=="xp" (
        "%sc%" config ALG start= demand
        "%sc%" config FastUserSwitchingCompatibility start= demand
        "%sc%" config helpsvc start= demand
        "%sc%" config ImapiService start= demand
        "%sc%" config Nla start= demand
        "%sc%" config RdSessMgr start= demand
        "%sc%" config seclogon start= demand
        "%sc%" config stisvc start= demand
        "%sc%" config SwPrv start= demand
        "%sc%" config TermService start= demand
        "%sc%" config upnphost start= demand
        "%sc%" config VSS start= demand

        "%sc%" query WmdmPmSp | "%find%"  /i "OpenService FAILED" >NUL
        if errorlevel 1 "%sc%" config WmdmPmSp start= demand

        "%sc%" config WmiApSrv start= demand
        rem Wireless Zero Configuration - fuer WLAN-Verbindungen notwendig.
        rem Falls erforderlich auf AUTO stellen.
        rem "%sc%" config WZCSVC start= demand
        )
echo.


rem startup: auto
echo  Setting services to "auto" ...
"%sc%" config dmserver start= auto
"%sc%" config eventlog start= auto
"%sc%" config PlugPlay start= auto
"%sc%" config ProtectedStorage start= auto
"%sc%" config sens start= auto
"%sc%" config spooler start= auto

if /I "%SYSTEM%"=="2k" (
        "%sc%" config lanmanworkstation start= auto
        "%sc%" config alerter start= auto
        )

if /I "%SYSTEM%"=="xp" (
        "%sc%" query InteractiveLogon | "%find%"  /i "OpenService FAILED" >NUL
        if errorlevel 1 "%sc%" config InteractiveLogon start= auto
        "%sc%" config Audiosrv start= auto
        "%sc%" config CryptSvc start= auto
        "%sc%" config RPCSs start= auto
        "%sc%" config ShellHWDetection start= auto
        "%sc%" config srservice start= auto
        "%sc%" query uploadmgr | "%find%"  /i "OpenService FAILED" >NUL
        if errorlevel 1 "%sc%" config uploadmgr start= auto
        "%sc%" config WebClient start= auto
        )
echo.

rem startup: disabled
echo  Setting services to "disabled" ...
"%sc%" config cisvc start= disabled
"%sc%" config MSDTC start= disabled
"%sc%" config RemoteAccess start= disabled
"%sc%" config TlntSvr start= disabled
"%sc%" config messenger start= disabled


if /I %SELECT%=="/all" (
        "%sc%" query BITS | "%find%"  /i "SERVICE_NAME" >NUL
        if not errorlevel 1 "%sc%" config BITS start= disabled
        "%sc%" query wuauserv | "%find%"  /i "SERVICE_NAME" >NUL
        if not errorlevel 1 "%sc%" config wuauserv start= disabled
        "%sc%" config schedule start= disabled
        "%sc%" config RemoteRegistry start= disabled
        )

if /I "%SYSTEM%"=="xp" (
        "%sc%" config ERSvc start= disabled
        "%sc%" config HidServ start= disabled
        "%sc%" config SSDPSRV start= disabled

        if /I %SELECT%=="/lan" (
                if /I %SCHEDULER_ENABLED%==NO "%sc%" config schedule start= disabled
                )

        if /I %SELECT%=="/std" (
                if /I %SCHEDULER_ENABLED%==NO "%sc%" config schedule start= disabled
                )

        if /I %XPSP2%==True (
                echo.
                echo  XPSP2: 正在禁用安全中心 ...
                "%sc%" config wscsvc start= disabled
                )
        )


echo.
echo  ------------------
echo  # Checking and stopping unnecessary system services ...
echo.
"%sc%" query cisvc | "%find%"  /i "4  RUNNING" >NUL
        if not errorlevel 1 "%net%" stop cisvc
"%sc%" query RemoteAccess | "%find%"  /i "4  RUNNING" >NUL
        if not errorlevel 1 "%net%" stop RemoteAccess
"%sc%" query TlntSvr | "%find%"  /i "4  RUNNING" >NUL
        if not errorlevel 1 "%net%" stop TlntSvr
"%sc%" query MSDTC | "%find%"  /i "4  RUNNING" >NUL
        if not errorlevel 1 "%net%" stop MSDTC
"%sc%" query messenger | "%find%"  /i "4  RUNNING" >NUL
        if not errorlevel 1 "%net%" stop messenger

if /I %SELECT%=="/all" (
        "%sc%" query BITS | "%find%"  /i "SERVICE_NAME" >NUL
        if not errorlevel 1 (
                "%sc%" query BITS | "%find%"  /i "4  RUNNING" >NUL
                if not errorlevel 1 "%net%" stop BITS
                )
        "%sc%" query wuauserv | "%find%"  /i "SERVICE_NAME" >NUL
        if not errorlevel 1 (
                "%sc%" query wuauserv | "%find%"  /i "4  RUNNING" >NUL
                if not errorlevel 1 "%net%" stop wuauserv
                )
        "%sc%" query schedule | "%find%"  /i "4  RUNNING" >NUL
        if not errorlevel 1 "%net%" stop schedule
        )

if /I "%SYSTEM%"=="xp" (
        if /I %SELECT%=="/lan" (
                if /I %SCHEDULER_ENABLED%==NO "%net%" (
                        "%sc%" query schedule | "%find%"  /i "4  RUNNING" >NUL
                        if not errorlevel 1 "%net%" stop schedule
                        )
                )

        if /I %SELECT%=="/std" (
                if /I %SCHEDULER_ENABLED%==NO "%net%" (
                        "%sc%" query schedule | "%find%"  /i "4  RUNNING" >NUL
                        if not errorlevel 1 "%net%" stop schedule
                )

        if /I %XPSP2%==True (
                "%sc%" query wscsvc | "%find%"  /i "4  RUNNING" >NUL
                if not errorlevel 1 "%net%" stop wscsvc
                )

        )

echo  ------------------
echo  Disabling DCOM ...
echo REGEDIT4 > "%DCOM_TMP%"
echo. >> "%DCOM_TMP%"
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] >> "%DCOM_TMP%"
echo "EnableDCOM"="N" >> "%DCOM_TMP%"
echo "EnableDCOMHTTP"="N" >> "%DCOM_TMP%"
echo. >> "%DCOM_TMP%"
echo. >> "%DCOM_TMP%"
"%regedit%" /s "%DCOM_TMP%"
del /F /Q "%DCOM_TMP%"

echo  Disabling DCOM standard protocols ...
echo REGEDIT4 > "%DCOMP_TMP%"
echo. >> "%DCOMP_TMP%"
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc] >> "%DCOMP_TMP%"
echo "DCOM Protocols"=hex(7):00,00,00,00 >> "%DCOMP_TMP%"
echo. >> "%DCOMP_TMP%"
echo. >> "%DCOMP_TMP%"
"%regedit%" /s "%DCOMP_TMP%"
del /F /Q "%DCOMP_TMP%"

   echo  Disabling port 135 (maybe 1025 too) ...
   echo    - Removing RPC Client Protocols
   echo REGEDIT4 > "%SMB_TMP%"
   echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols] >> "%SMB_TMP%"
   echo. >> "%SMB_TMP%"

   if /I %SCHEDULER_ENABLED%==NO (
    echo    - Advanced RPC Configuration
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet] >> "%SMB_TMP%"
    echo "PortsInternetAvailable"="N" >> "%SMB_TMP%"
    echo "UseInternetPorts"="N" >> "%SMB_TMP%"
    echo. >> "%SMB_TMP%"
    )

   if /I %XPSP2%==TRUE (
    echo    - Advanced RPC Configuration
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet] >> "%SMB_TMP%"
    echo "PortsInternetAvailable"="N" >> "%SMB_TMP%"
    echo "UseInternetPorts"="N" >> "%SMB_TMP%"
    echo. >> "%SMB_TMP%"
    )

   echo    - Removing needless URL Handler [AIM,gopher,telnet]
   echo [-HKEY_CLASSES_ROOT\AIM] >> "%SMB_TMP%"
   echo [-HKEY_CLASSES_ROOT\gopher] >> "%SMB_TMP%"
   echo [-HKEY_CLASSES_ROOT\telnet] >> "%SMB_TMP%"
   echo. >> "%SMB_TMP%"
   echo. >> "%SMB_TMP%"
  "%regedit%" /s "%SMB_TMP%"
  del /F /Q "%SMB_TMP%"

if /I %SELECT%=="/all" (
        echo.
        echo  Disabling SMB port 445 ...
        echo REGEDIT4 > "%SMB_TMP%"
        echo. >> "%SMB_TMP%"
        echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] >> "%SMB_TMP%"
        echo "SMBDeviceEnabled"=dword:00000000 >> "%SMB_TMP%"
        echo. >> "%SMB_TMP%"
        echo. >> "%SMB_TMP%"
        "%regedit%" /s "%SMB_TMP%"
        del /F /Q "%SMB_TMP%"
        set REBOOT_REQUIRED=yes
        )

if /I %SELECT%=="/std" (
        echo.
        echo  Disabling SMB port 445 ...
        echo REGEDIT4 > "%SMB_TMP%"
        echo. >> "%SMB_TMP%"
        echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] >> "%SMB_TMP%"
        echo "SMBDeviceEnabled"=dword:00000000 >> "%SMB_TMP%"
        echo. >> "%SMB_TMP%"
        echo. >> "%SMB_TMP%"
        "%regedit%" /s "%SMB_TMP%"
        del /F /Q "%SMB_TMP%"
        set REBOOT_REQUIRED=yes
        )

if /I %SELECT%=="/std" goto :NB_DISABLE
if /I %SELECT%=="/all" goto :NB_DISABLE
goto :SKIP_NB_DISABLE

:NB_DISABLE
  if /I %DEACTIVATE_NETBIOS%==NO (
                echo.
                echo.  Due problems with SP2 and deactivating NetBIOS this option
                echo   will be skipped.
                echo.
                goto :SKIP_NB_DISABLE
                )

  rem Because of problems with SP2 Netbios:
  if /I %XPSP2%==True (
                echo.
                echo  Note:
                echo  -----
                echo  If you experiencing problems after updating Windows XP with
                echo  Service Pack 2 please do following:
                echo.
                echo                          set Deactivate_NetBIOS=NO
                echo.
                )
  rem *** Thx2 Johannes Lichtenberger for the following lines using VBScript***
  echo  Disable NetBios on all local interfaces ...
  echo.
  echo On Error Resume Next>> "%nb_tmp%"
  echo.>> "%nb_tmp%"
  echo TcpipoverNetbios = 2 '0=NetbiosfromDHCP 1=EnableNetbios 2=DisableNetbios>> "%nb_tmp%"
  echo.>> "%nb_tmp%"
  echo strComputer = ".">> "%nb_tmp%"
  echo Set objWMIService = GetObject("winmgmts:\\" ^& strComputer ^& "\root\cimv2")>> "%nb_tmp%"
  echo Set objNICs = objWMIService.ExecQuery _>> "%nb_tmp%"
  echo    ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")>> "%nb_tmp%"
  echo For Each objNic In objNICs>> "%nb_tmp%"
  echo    errTcpipNetbios = objNic.SetTCPIPNetBIOS(TcpipoverNetbios)>> "%nb_tmp%"
  echo Next>> "%nb_tmp%"
  "%SYSTEMROOT%\SYSTEM32\CSCRIPT.EXE" "%nb_tmp%"
  del /F /Q "%nb_tmp%"
  set REBOOT_REQUIRED=yes

:SKIP_NB_DISABLE
rem Skip Billboard because /all is used
if /I %SELECT%=="/all" goto :SW_ALL
if /I %SELECT%=="/std" goto :S

大家还下载了