资源描述
@ ECHO OFF
color 1b
title 开通局域网共享
@ ECHO.
@ ECHO. 说 明
@ ECHO --------------------------------------------------------------------
@ ECHO 本批处理执行后,将作以下一些设置:
@ ECHO 1、允许SAM帐户和共享的匿名枚举
@ ECHO 2、本机帐户若空密码,允许其它机访问本机。
@ ECHO 3、Windows防火墙:允许文件和打印机共享。
@ ECHO 4、共享方式:本地用户以来宾身份验证。
@ ECHO 5、来宾帐户:启用。
@ ECHO.
@ ECHO 采用这种共享方式,其它机访问本机都不用输用户名和密码。举例来说,家庭
@ ECHO 局域网,彼此都是可以信任的,请使用这种方式。
@ ECHO.
@ ECHO 无论采用哪一种共享方式,共享只是方便内部使用,在用路由器上网的场合,
@ ECHO 外网不能访问到您的机,无需担心共享了就会被入侵。您只需记住,单机拨号
@ ECHO 上网时,不要打开共享就可以了。
@ ECHO --------------------------------------------------------------------
for /l %%i in (1,1,10000) do @echo %%i>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa /v "restrictanonymous" /t REG_DWORD /d 0x00000000 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v "restrictanonymous" /t REG_DWORD /d 0x00000000 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v "limitblankpassworduse" /t REG_DWORD /d 0x00000000 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa /v "limitblankpassworduse" /t REG_DWORD /d 0x00000000 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "445:TCP" /d "445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "137:UDP" /d "137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "138:UDP" /d "138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "139:TCP" /d "139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch /v "Epoch" /t REG_DWORD /d 0x000001ED /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers /v "LogonTime" /t REG_BINARY /d E8318E4F6495C601 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "445:TCP" /d "445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "137:UDP" /d "137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "138:UDP" /d "138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "139:TCP" /d "139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch /v "Epoch" /t REG_DWORD /d 0x000001ED /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v "forceguest" /t REG_DWORD /d 0x00000001 /F>nul
// HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa /v “forceguest” /t REG_DWORD /d 0x00000001 /F>nul
cls
@ ECHO.
@ ECHO --------------------------------------------------------------------
@ ECHO 操作完成。
@ ECHO 注意:本机要重启后才会生效。
@ ECHO.
@ ECHO --------------------------------------------------------------------
@ ECHO.
@ ECHO 疑难问题补充:
@ ECHO 如果以前的共享方式是“本地用户以自己自己身份验证”时共享了文件夹,
@ ECHO 则现在改为以来宾身份验证后再访问该文件夹,会弹出错误:无法访问,您
@ ECHO 没有权限使用网络资源。解决办法是,把该文件夹原共享属性取消,然后再
@ ECHO 次共享,就行了。
@ ECHO --------------------------------------------------------------------
for /l %%i in (1,1,10000) do @echo %%i>nul
@ ECHO OFF
color 1b
title 开通局域网共享
@ ECHO.
@ ECHO. 说 明
@ ECHO --------------------------------------------------------------------
@ ECHO 本批处理执行后,将作以下一些设置:
@ ECHO 1、允许SAM帐户和共享的匿名枚举
@ ECHO 2、本机帐户若空密码,允许其它机访问本机。
@ ECHO 3、Windows防火墙:允许文件和打印机共享。
@ ECHO 4、共享方式:本地用户以自己的身份验证。
@ ECHO 5、来宾帐户:不启用。
@ ECHO.
@ ECHO 采用这种共享方式,访问本机时必须要输入正确的用户名和密码,才能访问。
@ ECHO.
@ ECHO 无论采用哪一种共享方式,共享只是方便内部使用,在用路由器上网的场合,
@ ECHO 外网不能访问到您的机,无需担心共享了就会被入侵。您只需记住,单机拨号
@ ECHO 上网时,不要打开共享就可以了。
@ ECHO --------------------------------------------------------------------
for /l %%i in (1,1,10000) do @echo %%i>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa /v "restrictanonymous" /t REG_DWORD /d 0x00000000 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v "restrictanonymous" /t REG_DWORD /d 0x00000000 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v "limitblankpassworduse" /t REG_DWORD /d 0x00000000 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa /v "limitblankpassworduse" /t REG_DWORD /d 0x00000000 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "445:TCP" /d "445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "137:UDP" /d "137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "138:UDP" /d "138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "139:TCP" /d "139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch /v "Epoch" /t REG_DWORD /d 0x000001ED /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers /v "LogonTime" /t REG_BINARY /d E8318E4F6495C601 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "445:TCP" /d "445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "137:UDP" /d "137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "138:UDP" /d "138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "139:TCP" /d "139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch /v "Epoch" /t REG_DWORD /d 0x000001ED /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v "forceguest" /t REG_DWORD /d 0x00000000 /F>nul
// HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa /v “forceguest” /t REG_DWORD /d 0x00000000 /F>nul
cls
@ ECHO.
@ ECHO ------------------------------------------------
@ ECHO 操作完成。
@ ECHO 注意:本机要重启后才会生效。
@ ECHO.
@ ECHO -------------------------------------------------------------------
@ ECHO.
@ ECHO 常见疑问:
@ ECHO 如果改后再访问本机,仍不提示输帐号和密码,这是因为其他电脑的帐户
@ ECHO 名称跟本机的一样(比如大家都是administrator),且本机无密码,所以直接
@ ECHO 就进去了。您应该把本机帐户改名,或加密码。未经授权的用户就不能随意
@ ECHO 访问您共享的资源了。
@ ECHO -------------------------------------------------------------------
for /l %%i in (1,1,10000) do @echo %%i>nul
@ ECHO OFF
color 1b
title 关闭局域网共享
@ ECHO.
@ ECHO. 说 明
@ ECHO ----------------------------------------------------------
@ ECHO 本批处理执行后,将作以下一些设置:
@ ECHO 1、不允许SAM帐户和共享的匿名枚举(原版系统默认是允许的)。
@ ECHO 2、本机帐户若空密码,不允许其它机访问本机。
@ ECHO 3、Windows防火墙:不允许文件和打印机共享。
@ ECHO 4、来宾帐户:禁用。
@ ECHO.
@ ECHO 如果您不需要常在局域网内互传文件,可以关闭共享功能以提高
@ ECHO 安全性。尤其是单机拨号上网的用户,更应关闭共享。
@ ECHO ----------------------------------------------------------
for /l %%i in (1,1,5000) do @echo %%i>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa /v restrictanonymous /t REG_DWORD /d 0x00000001 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymous /t REG_DWORD /d 0x00000001 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v limitblankpassworduse /t REG_DWORD /d 0x00000001 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa /v limitblankpassworduse /t REG_DWORD /d 0x00000001 /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "445:TCP" /d "445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "137:UDP" /d "137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "138:UDP" /d "138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "139:TCP" /d "139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch /v Epoch /t REG_DWORD /d 0x000001FC /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "445:TCP" /d "445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "137:UDP" /d "137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "138:UDP" /d "138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v "139:TCP" /d "139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004" /F>nul
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch /v Epoch /t REG_DWORD /d 0x000001FC /F>nul
cls
@ ECHO.
@ ECHO ----------------------------------------------------------
@ ECHO 操作完成。
@ ECHO 不必重启,设置已生效。
@ ECHO ----------------------------------------------------------
for /l %%i in (1,1,10000) do @echo %%i>nul
exit
以上各注册表项含义如下:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]
"restrictanonymous"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]
"restrictanonymous"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000
以上两行在系统中的位置是:本地安全策略-安全选项-网络访问:不允许SAM帐户和共享
的匿名枚举。系统默认值是:已停用。
解说:操作系统默认:利用ipc$通道可以建立空连接,匿名枚举出该机有多少帐户。显然
有一定的安全隐患。本系统已设为不允许空连接了。以此提高单机拨号上网的安全性。
负面影响是局域网不能互访了。要更改一下才可以解决。
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"limitblankpassworduse"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"limitblankpassworduse"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]
"limitblankpassworduse"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]
"limitblankpassworduse"=dword:00000000
以上两行在系统中的位置是:本地安全策略--安全选项--帐户:使用空白密码的本地帐户
只允许进行控制台登录。系统默认值是:已启用。
解说:很多人的帐户是不加密码的。这样,当局域网中别的电脑访问本机时,会弹出错误提示:
登录失败:用户帐户限制………。这是XP系统的一条安全策略造成的,防止别人趁你空密码时
进入你的电脑。如果你觉得无所谓,不必做这些限制,那就把它设为:已停用。
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count]
"HRZR_EHAPCY"=hex:0C,00,00,00,26,00,00,00,F0,FB,E5,52,64,95,C6,01
"HRZR_EHAPCY:"P:\JVAQBJF\flfgrz32\sverjnyy.pcy",Jvaqbjf 防火墙"=hex:0C,00,00,00,08,00,00,00,F0,FB,E5,52,64,95,C6,01
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:000001ED
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers]
"LogonTime"=hex:E8,31,8E,4F,64,95,C6,01
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch]
"Epoch"=dword:000001ED
以上数值对应系统中的位置:控制面板--防火墙--例外--文件和打印机共享。系统默认:不选。
展开阅读全文
浙ICP备2021020529号-1 | 浙B2-20240490 
