热门排行
简介
使启动项失效批处理命令.双击运行即可
[code]
@echo off
cls
rem Copyright (C) 2003-05 Ansgar Wiechers & Torsten Mann
rem Contact: admin@ntsvcfg.de
rem
rem This program is free software; you can redistribute it and/or modify it under
rem the terms of the GNU General Public License as published by the Free Software Foundation;
rem either version 2 of the License, or (at your option) any later version.
rem This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
rem without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rem See the GNU General Public License for more details.
rem
rem You should have received a copy of the GNU General Public License along with this program;
rem if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
rem MA 02111-1307, USA.
echo.
REM Tested on ... WinXP_SP2
REM Always basic XP64 Support
REM Modifications to BITS service (cause of v5 WindowsUpdate) - #discharged#
REM Additional notices corresponding to DHCP issue
REM Variables problems during RESTORE_DEFAULT usage fixed
REM SMBDEVICEENABLED Restore Bug fixed
REM Mod_history-09-27-2005**11-08-2005**11-29-2005**12-07-2005**12-18-2005
setlocal
REM *** INIT_VARS ***
set CHK_SVC=YES
set XPSP2=FALSE
set SERVER=FALSE
set NT_SERVER_CHK=TRUE
:START
echo "svc2kXp.cmd" v2.2_build7b (18.12.2005), published under GNU GPL
echo ================================================================
set find=%SystemRoot%\System32\find.exe
set regedit=%SystemRoot%\regedit.exe
if not exist "%find%" goto :NOFIND
if not exist "%regedit%" goto :NOREGEDIT
if not "%1" == "%*" goto :SYNTAX
if /I "%1"=="/?" goto :HELP
if /I "%1"=="/help" goto :HELP
if /I "%1"=="-h" goto :HELP
if /I "%1"=="--help" goto :HELP
if /I "%1"=="-?" goto :HELP
if /I "%1"=="--?" goto :HELP
if /I "%1"=="/fix" goto :FIX
goto :VERSION
:SYNTAX
echo.
echo.
echo !!Syntax error!!
echo ________________
echo Es kann nur ein oder kein Parameter angegeben werden.
echo.
echo Only one or no parameter allowed.
goto :QUIT
:HELP
echo.
echo -= Hilfe =-
echo Parameter:
echo /lan.......Einige Dienste fuer LAN-Betrieb werden nicht veraendert.
echo /std.......Schliesst alle Ports, einige Dienste bleiben unveraendert.
echo /all.......Setzt alle Vorschlaege nach www.ntsvcfg.de um (hardening).
echo /restore...Nimmt die zuletzt vorgenommenen Aenderungen zurueck.
echo /reLAN.....Reaktiviert Dienste, die fuer LAN-Betrieb benoetigt werden.
echo /default...Setzt alle Diensteinstellungen auf urspr黱gliche Werte zur點k.
echo.
echo Parameters:
echo /lan.......Some services needed for LAN-usage stay unchanged!
echo /std.......Closes all Ports, but some services stay unchanged
echo /all.......Changes all issues recommended by www.ntsvcfg.de ("hardening")
echo /restore...Undo last changes.
echo /reLAN.....Reactivates services required for LAN.
echo /default...Restoring factory service settings (before first time usage)
echo.
echo example: svc2kxp.cmd /all
echo.
set /P CHS= [Press "G" for GNU GPL informations or "Q" for quit]?
if /I "%CHS%"=="G" goto :GNU_GPL
if /I "%CHS%"=="Q" goto :QUIT_EXT
CLS
goto :HELP
:GNU_GPL
CLS
echo Informations about GNU-General Public License for "svc2kxp.cmd"
echo ===============================================================
echo.
echo Copyright (C) 2003-05 Ansgar Wiechers, Torsten Mann
echo Contact: admin@ntsvcfg.de
echo.
echo This program is free software; you can redistribute it and/or modify it under
echo the terms of the GNU General Public License as published by the Free Software
echo Foundation; either version 2 of the License, or (at your option) any later
echo version. This program is distributed in the hope that it will be useful, but
echo WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
echo FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
echo details.
echo.
echo You should have received a copy of the GNU General Public License along with
echo this program; if not, write to the:
echo.
echo Free Software Foundation, Inc.
echo 59 Temple Place, Suite 330
echo Boston, MA 02111-1307, USA.
echo.
set /P CHS= [Press "H" for help or "Q" for quit]?
CLS
if /I "%CHS%"=="H" goto :HELP
if /I "%CHS%"=="Q" goto :QUIT_EXT
goto GNU_GPL
:VERSION
echo Checking system version ...
if /I "%NT_SERVER_CHK%"=="FALSE" goto :SKIP_NT_SERVER_CHK
REM Checking for running server version
"%regedit%" /e "%TEMP%\~svr.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions"
type "%TEMP%\~svr.txt"|"%find%" /i "Server" >NUL
if not errorlevel 1 set SERVER=TRUE
type "%TEMP%\~svr.txt"|"%find%" /i "LanMan" >NUL
if not errorlevel 1 set SERVER=TRUE
if exist "%TEMP%\~svr.txt" del /F /Q "%TEMP%\~svr.txt"
if /I "%SERVER%"=="TRUE" goto :NTSERVER
:SKIP_NT_SERVER_CHK
ver | "%find%" /i "Windows 2000" > nul
if not errorlevel 1 goto :OS2K
ver | "%find%" /i "Windows XP" > nul
if not errorlevel 1 goto :OSXP
ver | "%find%" /i "Microsoft Windows [Version 5.2.3790]" > nul
if not errorlevel 1 goto :OSXP64
echo !!Failed!!
echo __________
echo.
echo Dieses Script ist nur unter Windows 2000 oder XP lauffaehig!
echo.
echo This script works only on Windows 2000/XP machines!
echo.
goto :QUIT
:NOFIND
echo.
echo !!Failed!!
echo __________
echo.
echo Leider konnte folgende Datei nicht gefunden werden:
echo.
echo Sorry, but following file is missing:
echo.
echo.
echo # %SystemRoot%\System32\FIND.EXE
echo.
echo.
goto :QUIT
:NOREGEDIT
echo.
echo !!Failed!!
echo __________
echo.
echo Leider konnte folgende Datei nicht gefunden werden:
echo.
echo Sorry, but following file is missing:
echo.
echo.
echo # %SystemRoot%\REGEDIT.EXE
echo.
echo.
goto :QUIT
:NTSERVER
echo.
echo !!Failed!!
echo __________
echo.
echo Dieses Script unterstuetzt keine NT Server Versionen!
echo.
echo This script doesn't support NT server versions!
echo.
goto :QUIT
:OS2K
rem Specific OS Detection I
set SYSTEM=2k
rem Testing for XP ServicePacks
"%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 4" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 3" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
if errorlevel==1 (
echo !Windows 2000 [no or unknown Service Pack] detected!
goto NO_2KSP
)
echo !Windows 2000 [Service Pack 1] detected!
goto :NO_2KSP
)
echo !Windows 2000 [Service Pack 2] detected!
goto :NO_2KSP
)
echo !Windows 2000 [Service Pack 3] detected!
goto :NO_2KSP
)
echo !Windows 2000 [Service Pack 4] detected!
goto :NO_2KSP
:NO_2kSP
if exist "%TEMP%\~svclist.txt" del /F /Q "%TEMP%\~svclist.txt"
goto :CONTINUE
:OSXP
rem Specific OS detection II
set SYSTEM=xp
rem Testing for XP ServicePack 2
"%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
if errorlevel==1 (
SET XPSP2=FALSE
echo !Windows XP [no or unknown Service Pack] detected!
goto NO_XPSP
)
SET XPSP2=FALSE
echo !Windows XP [Service Pack 1] detected!
goto :NO_XPSP
)
SET XPSP2=TRUE
echo !Windows XP [ServicePack 2] detected!
goto :NO_XPSP
:OSXP64
rem Specific OS detection II
set SYSTEM=xp
rem Testing for XP ServicePack 2
"%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
if errorlevel==1 (
SET XPSP2=FALSE
echo !EXPERIMENTAL! Windows XP64 [no or unknown Service Pack] detected!
goto NO_XPSP
)
SET XPSP2=FALSE
echo !EXPERIMENTAL! Windows XP64 [Service Pack 1] detected!
goto :NO_XPSP
)
SET XPSP2=TRUE
echo !EXPERIMENTAL! Windows XP64 [ServicePack 2] detected!
goto :NO_XPSP
:NO_XPSP
if exist "%TEMP%\~svclist.txt" del /F /Q "%TEMP%\~svclist.txt"
goto :CONTINUE
:CONTINUE
REM Creating subdirectory "ntsvcfg" in userprofile if necessary
if not exist "%USERPROFILE%\ntsvcfg\*.*" mkdir "%USERPROFILE%\ntsvcfg"
REM Moving old script backup files to ...\%USERNAME%\ntsvcfg :
if exist "%USERPROFILE%\dcom.reg" move /Y "%USERPROFILE%\dcom.reg" "%USERPROFILE%\ntsvcfg\dcom.reg"
if exist "%USERPROFILE%\dcomp.reg" move /Y "%USERPROFILE%\dcomp.reg" "%USERPROFILE%\ntsvcfg\dcomp.reg"
if exist "%USERPROFILE%\services.reg" move /Y "%USERPROFILE%\services.reg" "%USERPROFILE%\ntsvcfg\services.reg"
if exist "%USERPROFILE%\current_services_config.reg" move /Y "%USERPROFILE%\current_services_config.reg" "%USERPROFILE%\ntsvcfg\current_services_config.reg"
if exist "%USERPROFILE%\smb.reg" move /Y "%USERPROFILE%\smb.reg" "%USERPROFILE%\ntsvcfg\smb.reg"
if exist "%USERPROFILE%\FPRINT.REF" move /Y "%USERPROFILE%\FPRINT.REF" "%USERPROFILE%\ntsvcfg\FPRINT.REF"
if exist "%USERPROFILE%\handler_aim.reg" move /Y "%USERPROFILE%\handler_aim.reg" "%USERPROFILE%\ntsvcfg\handler_aim.reg"
if exist "%USERPROFILE%\handler_gopher.reg" move /Y "%USERPROFILE%\handler_gopher.reg" "%USERPROFILE%\ntsvcfg\handler_gopher.reg"
if exist "%USERPROFILE%\handler_telnet.reg" move /Y "%USERPROFILE%\handler_telnet.reg" "%USERPROFILE%\ntsvcfg\handler_telnet.reg"
if exist "%USERPROFILE%\services.reg.default" move /Y "%USERPROFILE%\services.reg.default" "%USERPROFILE%\ntsvcfg\services.reg.default"
if exist "%USERPROFILE%\dcom.reg.default" move /Y "%USERPROFILE%\dcom.reg.default" "%USERPROFILE%\ntsvcfg\dcom.reg.default"
if exist "%USERPROFILE%\dcomp.reg.default" move /Y "%USERPROFILE%\dcomp.reg.default" "%USERPROFILE%\ntsvcfg\dcomp.reg.default"
if exist "%USERPROFILE%\smb.reg.default" move /Y "%USERPROFILE%\smb.reg.default" "%USERPROFILE%\ntsvcfg\smb.reg.default"
if exist "%USERPROFILE%\handler_aim.reg.default" move /Y "%USERPROFILE%\handler_aim.reg.default" "%USERPROFILE%\ntsvcfg\handler_aim.reg.default"
if exist "%USERPROFILE%\handler_gopher.reg.default" move /Y "%USERPROFILE%\handler_gopher.reg.default" "%USERPROFILE%\ntsvcfg\handler_gopher.reg.default"
if exist "%USERPROFILE%\handler_telnet.reg.default" move /Y "%USERPROFILE%\handler_telnet.reg.default" "%USERPROFILE%\ntsvcfg\handler_telnet.reg.default"
REM *****Declarations*****
set SELECT="no"
set SVC_BAK=%USERPROFILE%\ntsvcfg\services.reg
set SVC_SAV=%USERPROFILE%\ntsvcfg\current_services_config.reg
set DCOM_BAK=%USERPROFILE%\ntsvcfg\dcom.reg
set DCOMP_BAK=%USERPROFILE%\ntsvcfg\dcomp.reg
set SMB_BAK=%USERPROFILE%\ntsvcfg\smb.reg
set DCOM_TMP=%TEMP%\dcomoff.reg
set DCOMP_TMP=%TEMP%\dcompoff.reg
set SMB_TMP=%TEMP%\smboff.reg
set FPRINT=%USERPROFILE%\ntsvcfg\FPRINT.REF
set HANDLER1=%USERPROFILE%\ntsvcfg\handler_aim.reg
set HANDLER2=%USERPROFILE%\ntsvcfg\handler_gopher.reg
set HANDLER3=%USERPROFILE%\ntsvcfg\handler_telnet.reg
set NB_TMP=%TEMP%\nb_off.vbs
set srctmp=%USERPROFILE%\ntsvcfg\~srcreate.vbs
set DHCP_CHANGES="YES"
REM *****Options*****
set SCHEDULER_ENABLED=NO
set UseXPSysRestore=YES
set RESTORE=NO
set SVC_MOD=NO
set USE_FPRINT=YES
set Deactivate_NetBIOS=YES
set RESTORE_MODE=2
REM *****APP_PATHs******
set NET=%SystemRoot%\system32\net.exe
set SC=%SystemRoot%\system32\sc.exe
set FC=%SystemRoot%\system32\fc.exe
set IPCONFIG=%SystemRoot%\system32\ipconfig.exe
echo Checking available permissions: [local], please wait ...
"%net%" user "%USERNAME%" 2> nul | "%find%" /i "admin" | "%find%" /i /v "name" > nul
if errorlevel 1 (
echo " " " : [domain], please wait ...
"%net%" user "%USERNAME%" /domain 2> nul | "%find%" /i "admin" | "%find%" /i /v "name" > nul
if errorlevel 1 (
echo.
echo Failed!
echo __________
echo Leider verfuegen Sie nicht ueber die erforderlichen Rechte!
echo Melden Sie sich bitte als Administrator an.
echo.
echo Sorry but you don't have the permissions required for this task.
echo Please login as Administrator.
echo.
goto :END
)
)
set IMPORT_OLD_FILES=FALSE
rem searching for sc.exe
if not exist "%FPRINT%" echo Checking for presence of SC.EXE ...
"%sc%" qc > nul 2>&1
if errorlevel 1 (
echo !!Failed!!
echo __________
echo Die notwendige Datei SC.EXE konnte leider nicht unter
echo [%SystemRoot%\SYSTEM32\] gefunden werden.
echo Bitte laden Sie sich diese Datei von der unten genannten Adresse herunter:
echo.
echo SC.EXE couldn't be found in [%SystemRoot%\SYSTEM32\].
echo Please download it from following location:
echo.
echo.
echo -= ftp://ftp.microsoft.com/reskit/win2000/sc.zip =-
echo.
echo Self-installing SC.EXE
echo ======================
echo svx2kxp.cmd kann versuchen, die notwendige Datei selbst zu installieren.
echo Hierzu benoetigen Sie eine bestehende Internetverbindung.
echo.
echo svc2kxp.cmd may try to download the required file SC.EXE itself if an
echo active internet connection exists.
goto :SC_DOWNLOAD
)
if /I "%1"=="/all" (
set SELECT="/all"
goto :SKIP_MENUE
)
if /I "%1"=="/relan" (
set SELECT="/relan"
goto :SKIP_MENUE
)
if /I "%1"=="/std" (
set SELECT="/std"
goto :SKIP_MENUE
)
if /I "%1"=="/default" goto :RESTORE_DEFAULTS
rem checking for modified services
if /I %CHK_SVC%==YES (
if /I %USE_FPRINT%==YES (
if exist "%FPRINT%" (
rem Creating fingerprint of current service settings...
if exist "%USERPROFILE%\ntsvcfg\svc2cmp.sav" del /F /Q "%USERPROFILE%\ntsvcfg\svc2cmp.sav"
"%sc%" query type= service state= all bufsize= 8192 | %FIND% "SERVICE_NAME" >%TEMP%\~svclist.txt
for /F "tokens=1*" %%a in (%TEMP%\~svclist.txt) do (
echo %%b >>"%USERPROFILE%\ntsvcfg\svc2cmp.sav"
"%sc%" query "%%b" | %FIND% "STATE" >>"%USERPROFILE%\ntsvcfg\svc2cmp.sav"
"%sc%" qc "%%b" | %FIND% "DISPLAY_NAME" >>"%USERPROFILE%\ntsvcfg\svc2cmp.sav"
"%SC%" qc "%%b" | %FIND% "START_TYPE" >>"%USERPROFILE%\ntsvcfg\svc2cmp.sav"
echo. >> "%USERPROFILE%\ntsvcfg\svc2cmp.sav"
)
del "%TEMP%\~svclist.txt"
"%FC%" "%FPRINT%" "%USERPROFILE%\ntsvcfg\svc2cmp.sav" >NUL
if errorlevel 1 goto :DIFF
goto OK
:DIFF
echo Checking for modified services ... failed-services maybe modified! [E]valuate
set SVC_MOD=YES
goto :MOD_END
:OK
echo Checking for modified services ... OK
set SVC_MOD=NO
if exist "%USERPROFILE%\ntsvcfg\svc2cmp.sav" del /F /Q "%USERPROFILE%\ntsvcfg\svc2cmp.sav"
goto :MOD_END
:MOD_END
REM
)
)
)
set CHK_SVC=NO
if /I "%1"=="/restore" goto :RESTORE
:MENUE
if /I "%1"=="/lan" goto :SKIP_MENUE
echo.
echo -= Auswahl / Overview =-
echo.
echo Bitte waehlen sie einen Punkt aus, den sie ausfuehren moechten:
echo.
echo (1) LAN: Einige Dienste fuer LAN-Betrieb werden nicht veraendert.
echo (2) Standard: Schliesst alle Ports, aber einige Dienste bleiben unveraendert.
echo (3) ALL: Setzt alle Vorschlaege nach www.ntsvcfg.de um (hardening).
echo (4) Restore: Nimmt die zuletzt vorgenommenen Aenderungen zurueck.
echo ______________________________________________________________________________
echo.
echo Please choose one task you want to do:
echo.
echo (1) LAN: Some services needed for LAN-usage stay unchanged
echo (2) Standard: Close ports but some services stay unchanged
echo (3) ALL: Making all changes described at www.ntsvcfg.de (hardening)
echo (4) restore: Restores last changes made.
echo.
set /P CHS= Bitte waehlen Sie/Please choose: [1],[2],[3],[4], [M]ore options or [Q]uit?
if /I "%CHS%"=="1" (
set SELECT="/lan"
goto :SKIP_MENUE
)
if /I "%CHS%"=="2" (
set SELECT="/std"
goto :SKIP_MENUE
)
if /I "%CHS%"=="3" (
set SELECT="/all"
goto :SKIP_MENUE
)
if /I "%CHS%"=="4" goto :RESTORE
if /I "%CHS%"=="R" goto :RESTORE
if /I "%CHS%"=="M" goto :MORE_OPTIONS
if /I "%SVC_MOD%"=="YES" if /I "%CHS%"=="E" goto :EVALUATE_SERVICES
if /I "%CHS%"=="G" goto :CREATING_NEW_FINGERPRINT
if /I "%CHS%"=="Q" goto :QUIT
cls
goto :START
:SKIP_MENUE
rem Checking if old restorefiles exists.
rem if it is so old files will be restored before new changes
if not exist "%SVC_BAK%" goto :NO_RESTORE
if /I %RESTORE_MODE%==3 goto :NO_RESTORE
if /I %RESTORE_MODE%==4 goto :NO_RESTORE
set RESTORE=YES
echo.
echo _______________________________________________________________________
echo.
echo [Selected Restore Mode: %RESTORE_MODE%]
echo.
echo # Achtung: Alte Sicherungsdateien gefunden!
echo.
echo "Svc2kXp.cmd" wurde schon einmal ausgefuehrt. Damit neue Aenderungen
echo korrekt durchgefuehrt werden koennen, werden die Sicherungsdateien
echo eingespielt.
echo.
echo.
echo Attention: old restore-files found!
echo.
echo This program runs not for the first time. To apply all new changes
echo correctly old restore files will used to get an definite state.
echo.
echo.
echo # Starting restore ...
goto RESTORE_EXT
:NO_RESTORE
rem query if taskplaner should run
if /I "%SYSTEM%"=="2k" goto :SKIP_SQUERY
if /I "%SYSTEM%"=="xp" (
if /I %SELECT%=="" goto :SKIP_SQUERY
if /I %SELECT%=="/all" goto :SKIP_SQUERY
if /I %XPSP2%==True (
set SCHEDULER_ENABLED=YES
goto :SKIP_SQUERY
)
)
echo.
echo.
echo Rueckfrage / Query
echo ==================
echo.
echo Soll der Dienst "Taskplaner" beendet werden?
echo.
echo Wenn sie zeitgesteuerten Aufgaben [z.B. Antiviren-Updates] oder die automati-
echo sche Erstellung von Systemwiederherstellungspunkten nicht benoetigen, druecken
echo Sie eine BELIEBIGE TASTE, um auch Port 135 [RPC] sowie Port 1025 [Taskplaner]
echo zu schliessen [empfohlen!]. Andernfalls druecken Sie "N"!
echo.
echo.
echo Should the "scheduler service" be disabled?
echo.
echo If you have time-controlled tasks [i.e. AV-Updates] or you will not set
echo automatic system restore points press ANY KEY TO CONTINUE to close port 135
echo [RPC] and port 1025 [scheduler] instantly. Otherwise press "N"
echo ___________________________________________
echo.
set /P UNDO= Taskplaner beenden - Close scheduler [y/n]?
if /I "%UNDO%"=="n" set SCHEDULER_ENABLED=YES
:SKIP_SQUERY
if not exist "%SVC_BAK%.default" (
echo.
echo Creating backup of defaults ...
"%regedit%" /e "%SVC_BAK%.default" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
"%regedit%" /e "%DCOM_BAK%.default" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
"%regedit%" /e "%DCOMP_BAK%.default" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
"%regedit%" /e "%SMB_BAK%.default" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
"%regedit%" /e "%HANDLER1%.default" HKEY_CLASSES_ROOT\AIM
"%regedit%" /e "%HANDLER2%.default" HKEY_CLASSES_ROOT\gopher
"%regedit%" /e "%HANDLER3%.default" HKEY_CLASSES_ROOT\telnet
echo ... done.
)
if exist "%SVC_BAK%" (
if /I %RESTORE_MODE%==2 goto :SKIP_SAVING
if /I %RESTORE_MODE%==4 goto :SKIP_SAVING
)
rem saving registry settings
echo _________________________________________________________________________
echo.
echo [Selected Restore Mode: %RESTORE_MODE%]
echo.
echo Saving services settings to
echo %SVC_BAK% ...
"%regedit%" /e "%SVC_BAK%" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
echo Saving DCOM settings to
echo %DCOM_BAK% ...
"%regedit%" /e "%DCOM_BAK%" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
echo Saving DCOM standard protocols settings to
echo %DCOMP_BAK% ...
"%regedit%" /e "%DCOMP_BAK%" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
echo Saving SMB settings to
echo %SMB_BAK%
"%regedit%" /e "%SMB_BAK%" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
echo Saving URL-Handler [AIM, GOPHER, TELNET] to
echo %HANDLER1%
"%regedit%" /e "%HANDLER1%" HKEY_CLASSES_ROOT\AIM
echo %HANDLER2%
"%regedit%" /e "%HANDLER2%" HKEY_CLASSES_ROOT\gopher
echo %HANDLER3%
"%regedit%" /e "%HANDLER3%" HKEY_CLASSES_ROOT\telnet
echo.
echo All done.
echo ___________________________________________
echo.
:SKIP_SAVING
if /I "%SYSTEM%"=="xp" (
if /I %UseXPSysRestore%==YES (
goto :XPSYSRESTORE
)
)
:XPSYSRESTORE_DONE
rem reconfigure services
rem startup: demand
echo.
echo Setting services to "demand" ...
echo ___________________________________________
echo.
echo # Checking DHCP ...
"%ipconfig%" -all | "%find%" /i "Lease" > nul
if errorlevel 1 (
rem trying other method for DHCP
"%ipconfig%" -all | "%find%" /i "DHCP-Server" > nul
if errorlevel 1 (
echo ... no active DHCP found.
echo.
echo Hinweis
echo =======
echo Ihre Konfiguration deutet an, das kein DHCP benoetigt wird. Falls
echo Sie dennoch einen DSL-Internetzugang besitzen und DHCP irrtuemlich
echo deaktivert wurde, kann es nach einem Neustart zu Problemen mit der
echo Internetverbindung kommen. Starten sie zur Problembehebung den
echo DHCP-Dienst manuell neu.
echo.
echo Notice
echo ======
echo Your configuration indicates that DHCP no longer will be required.
echo But if you use a DSL internet connection this choice probably
echo might be wrong. If you experiences problems during accessing the
echo internet please re-activate the "DHCP Service" manually.
echo.
echo ___________________________________________
echo.
"%sc%" config DHCP start= demand
goto :SKIP_DHCP
)
)
set DHCP_CHANGES="NO"
echo ... DHCP active, status of service will NOT be changed!
echo.
:SKIP_DHCP
"%sc%" config dmadmin start= demand
"%sc%" config DNSCache start= demand
"%sc%" config mnmsrvc start= demand
"%sc%" config MSIServer start= demand
"%sc%" config NetDDE start= demand
"%sc%" config NetDDEdsdm start= demand
"%sc%" config Netman start= demand
"%sc%" config NTLMSsp start= demand
"%sc%" config NtmsSvc start= demand
"%sc%" config PolicyAgent start= demand
"%sc%" config RASAuto start= demand
"%sc%" config RASMan start= demand
"%sc%" config RSVP start= demand
"%sc%" config Scardsvr start= demand
"%sc%" query ScardDrv | "%find%" /i "OpenService FAILED" >NUL
if errorlevel 1 "%sc%" config ScardDrv start= demand
if /I %XPSP2%==True (
rem If XP SP2 is installed there are less changes to XP-ICF
if /I %SELECT%=="/std" goto :SKIP_FIREWALL
)
"%sc%" config SharedAccess start= demand
:SKIP_FIREWALL
"%sc%" config Sysmonlog start= demand
"%sc%" config TAPISrv start= demand
"%sc%" config TrkWks start= demand
"%sc%" config UPS start= demand
"%sc%" config W32Time start= demand
"%sc%" config WMI start= demand
if /I %SELECT%=="/all" (
"%sc%" config SamSs start= demand
"%sc%" config LmHosts start= demand
"%sc%" config Winmgmt start= demand
)
if /I "%SYSTEM%"=="2k" (
"%sc%" config AppMgmt start= demand
"%sc%" config Browser start= demand
"%sc%" config clipsrv start= demand
"%sc%" config EventSystem start= demand
"%sc%" config Fax start= demand
"%sc%" config netlogon start= demand
"%sc%" config RPCLocator start= demand
"%sc%" config Utilman start= demand
if /I %SELECT%=="/all" (
"%sc%" config seclogon start= demand
"%sc%" config RPCSs start= demand
"%sc%" config lanmanServer start= demand
)
)
if /I "%SYSTEM%"=="xp" (
"%sc%" config ALG start= demand
"%sc%" config FastUserSwitchingCompatibility start= demand
"%sc%" config helpsvc start= demand
"%sc%" config ImapiService start= demand
"%sc%" config Nla start= demand
"%sc%" config RdSessMgr start= demand
"%sc%" config seclogon start= demand
"%sc%" config stisvc start= demand
"%sc%" config SwPrv start= demand
"%sc%" config TermService start= demand
"%sc%" config upnphost start= demand
"%sc%" config VSS start= demand
"%sc%" query WmdmPmSp | "%find%" /i "OpenService FAILED" >NUL
if errorlevel 1 "%sc%" config WmdmPmSp start= demand
"%sc%" config WmiApSrv start= demand
rem Wireless Zero Configuration - fuer WLAN-Verbindungen notwendig.
rem Falls erforderlich auf AUTO stellen.
rem "%sc%" config WZCSVC start= demand
)
echo.
rem startup: auto
echo Setting services to "auto" ...
"%sc%" config dmserver start= auto
"%sc%" config eventlog start= auto
"%sc%" config PlugPlay start= auto
"%sc%" config ProtectedStorage start= auto
"%sc%" config sens start= auto
"%sc%" config spooler start= auto
if /I "%SYSTEM%"=="2k" (
"%sc%" config lanmanworkstation start= auto
"%sc%" config alerter start= auto
)
if /I "%SYSTEM%"=="xp" (
"%sc%" query InteractiveLogon | "%find%" /i "OpenService FAILED" >NUL
if errorlevel 1 "%sc%" config InteractiveLogon start= auto
"%sc%" config Audiosrv start= auto
"%sc%" config CryptSvc start= auto
"%sc%" config RPCSs start= auto
"%sc%" config ShellHWDetection start= auto
"%sc%" config srservice start= auto
"%sc%" query uploadmgr | "%find%" /i "OpenService FAILED" >NUL
if errorlevel 1 "%sc%" config uploadmgr start= auto
"%sc%" config WebClient start= auto
)
echo.
rem startup: disabled
echo Setting services to "disabled" ...
"%sc%" config cisvc start= disabled
"%sc%" config MSDTC start= disabled
"%sc%" config RemoteAccess start= disabled
"%sc%" config TlntSvr start= disabled
"%sc%" config messenger start= disabled
if /I %SELECT%=="/all" (
"%sc%" query BITS | "%find%" /i "SERVICE_NAME" >NUL
if not errorlevel 1 "%sc%" config BITS start= disabled
"%sc%" query wuauserv | "%find%" /i "SERVICE_NAME" >NUL
if not errorlevel 1 "%sc%" config wuauserv start= disabled
"%sc%" config schedule start= disabled
"%sc%" config RemoteRegistry start= disabled
)
if /I "%SYSTEM%"=="xp" (
"%sc%" config ERSvc start= disabled
"%sc%" config HidServ start= disabled
"%sc%" config SSDPSRV start= disabled
if /I %SELECT%=="/lan" (
if /I %SCHEDULER_ENABLED%==NO "%sc%" config schedule start= disabled
)
if /I %SELECT%=="/std" (
if /I %SCHEDULER_ENABLED%==NO "%sc%" config schedule start= disabled
)
if /I %XPSP2%==True (
echo.
echo XPSP2: Disabling Security Center ...
"%sc%" config wscsvc start= disabled
)
)
echo.
echo ------------------
echo # Checking and stopping unnecessary system services ...
echo.
"%sc%" query cisvc | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop cisvc
"%sc%" query RemoteAccess | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop RemoteAccess
"%sc%" query TlntSvr | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop TlntSvr
"%sc%" query MSDTC | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop MSDTC
"%sc%" query messenger | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop messenger
if /I %SELECT%=="/all" (
"%sc%" query BITS | "%find%" /i "SERVICE_NAME" >NUL
if not errorlevel 1 (
"%sc%" query BITS | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop BITS
)
"%sc%" query wuauserv | "%find%" /i "SERVICE_NAME" >NUL
if not errorlevel 1 (
"%sc%" query wuauserv | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop wuauserv
)
"%sc%" query schedule | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop schedule
)
if /I "%SYSTEM%"=="xp" (
if /I %SELECT%=="/lan" (
if /I %SCHEDULER_ENABLED%==NO "%net%" (
"%sc%" query schedule | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop schedule
)
)
if /I %SELECT%=="/std" (
if /I %SCHEDULER_ENABLED%==NO "%net%" (
"%sc%" query schedule | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop schedule
)
if /I %XPSP2%==True (
"%sc%" query wscsvc | "%find%" /i "4 RUNNING" >NUL
if not errorlevel 1 "%net%" stop wscsvc
)
)
echo ------------------
echo Disabling DCOM ...
echo REGEDIT4 > "%DCOM_TMP%"
echo. >> "%DCOM_TMP%"
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] >> "%DCOM_TMP%"
echo "EnableDCOM"="N" >> "%DCOM_TMP%"
echo "EnableDCOMHTTP"="N" >> "%DCOM_TMP%"
echo. >> "%DCOM_TMP%"
echo. >> "%DCOM_TMP%"
"%regedit%" /s "%DCOM_TMP%"
del /F /Q "%DCOM_TMP%"
echo Disabling DCOM standard protocols ...
echo REGEDIT4 > "%DCOMP_TMP%"
echo. >> "%DCOMP_TMP%"
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc] >> "%DCOMP_TMP%"
echo "DCOM Protocols"=hex(7):00,00,00,00 >> "%DCOMP_TMP%"
echo. >> "%DCOMP_TMP%"
echo. >> "%DCOMP_TMP%"
"%regedit%" /s "%DCOMP_TMP%"
del /F /Q "%DCOMP_TMP%"
echo Disabling port 135 (maybe 1025 too) ...
echo - Removing RPC Client Protocols
echo REGEDIT4 > "%SMB_TMP%"
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols] >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
if /I %SCHEDULER_ENABLED%==NO (
echo - Advanced RPC Configuration
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet] >> "%SMB_TMP%"
echo "PortsInternetAvailable"="N" >> "%SMB_TMP%"
echo "UseInternetPorts"="N" >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
)
if /I %XPSP2%==TRUE (
echo - Advanced RPC Configuration
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet] >> "%SMB_TMP%"
echo "PortsInternetAvailable"="N" >> "%SMB_TMP%"
echo "UseInternetPorts"="N" >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
)
echo - Removing needless URL Handler [AIM,gopher,telnet]
echo [-HKEY_CLASSES_ROOT\AIM] >> "%SMB_TMP%"
echo [-HKEY_CLASSES_ROOT\gopher] >> "%SMB_TMP%"
echo [-HKEY_CLASSES_ROOT\telnet] >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
"%regedit%" /s "%SMB_TMP%"
del /F /Q "%SMB_TMP%"
if /I %SELECT%=="/all" (
echo.
echo Disabling SMB port 445 ...
echo REGEDIT4 > "%SMB_TMP%"
echo. >> "%SMB_TMP%"
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] >> "%SMB_TMP%"
echo "SMBDeviceEnabled"=dword:00000000 >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
"%regedit%" /s "%SMB_TMP%"
del /F /Q "%SMB_TMP%"
set REBOOT_REQUIRED=ye