TAG:技术文献
两个很COOL的脚本
(1)监视你的IIS,如果Web服务停止工作它还会自动为你重新启动
将以下代码存为MonitorWeb.vbs
strComputer = "."
Set objWMIService = GetObject("winmgmts://" & strComputer & "/root/cimv2")
strWQL = "SELECT * " & _
"FROM __InstanceModificationEvent " & _
"WITHIN 2 " &_
"WHERE TargetInstance ISA ‘Win32_Service‘ " & _
"AND TargetInstance.Name = ‘w3svc‘" & _
"AND TargetInstance.State = ‘Stopped‘"
Set objEventSource = objWMIService.ExecNotificationQuery(strWQL)
WScript.Echo "Monitoring the web service..."
Set objEventObject = objEventSource.NextEvent()
WScript.Echo "Web service just stopped....waiting for a few seconds."
WScript.Sleep(5000)
WScript.Echo "Attempting to restart the web service using the net.exe tool."
Set objShell = CreateObject("WScript.Shell")
objShell.Run "%COMSPEC% /c net start w3svc",,1
WScript.Echo "Restarted the web service"
(2)将下面这个脚本保存成MonitorNotepad.vbs到c:\下,然后使用cscript MonitorNotepad.vbs运行,然后它就会监视你的记事本是否在运行,一旦在你运行了这个脚本后打开一个记事本程序,它就会报告。
strComputer = "."
Set objWMIService = GetObject("winmgmts://" & strComputer & "/root/cimv2")
strWQL = "SELECT * " & _
"FROM __InstanceCreationEvent " & _
"WITHIN 2 " & _
"WHERE TargetInstance ISA ‘Win32_Process‘ " & _
"AND TargetInstance.Name = ‘notepad.exe‘"
WScript.Echo "Waiting for a new instance of Notepad to start..."
Set objEventSource = objWMIService.ExecNotificationQuery(strWQL)
Set objEventObject = objEventSource.NextEvent()
WScript.Echo "A new instance of Notepad was just started."
二.两个关机脚本,一个.bat,一个.vbs,其实一回事哈~~
(1)将以下代码存为 shutdown.bat
@echo off
setlocal
cd/d %temp%
echo Set colOperatingSystems = GetObject("winmgmts:{(Shutdown)}").ExecQuery("Select * from Win32_OperatingSystem") >shutdown.vbs
echo For Each objOperatingSystem in colOperatingSystems >>shutdown.vbs
echo ObjOperatingSystem.Win32Shutdown(1) >>shutdown.vbs
echo Next >>shutdown.vbs
cscript shutdown.vbs
del shutdown.vbs
(2)将以下代码存为shutdown.vbs
Set colOperatingSystems = GetObject("winmgmts:(Shutdown)}").ExecQuery("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
ObjOperatingSystem.Win32Shutdown(1)
Next
另:ObjOperatingSystem.Win32Shutdown (*)的value Meaning
0 Log Off
0 + 4 Forced Log Off
1 Shutdown
1 + 4 Forced Shutdown
2 Reboot
2 + 4 Forced Reboot
8 Power Off
8 + 4 Forced Power Off
三。配置启动选项的脚本:
this script can disables all services configured as manual start. Among other things, this prevents Power Users from being able to start these services.
---------------------------------------------------------------------------------------
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServiceList = objWMIService.ExecQuery _
("Select * from Win32_Service where StartMode = ‘Manual‘")
For Each objService in colServiceList
errReturnCode = objService.Change( , , , , "Disabled")
Next
四.@echo off
setlocal
cd/d %temp%
echo [version] > reboot.inf
set inf=InstallHinfSection DefaultInstall
echo signature=$chicago$ >> reboot.inf
echo [defaultinstall] >> reboot.inf
rundll32 setupapi,%inf% 1 %temp%\reboot.inf
del reboot.inf
五.
@goto star
========================================================
功能:
1、取消admin$及C$等磁盘共享、禁止自动共享
版本:1.0
整理:Netu0
创建日期:2003.09.25
:star
@if {%1}=={} goto Usage
@if "%1"=="/?" goto Usage
@echo.
@Echo 正在删除共享%1$
@net share %1$ /delete
@if {%2}=={} goto StopServer
@Echo 正在删除共享%2$
@net share %2$ /delete
@if {%3}=={} goto StopServer
@Echo 正在删除共享%3$
@net share %3$ /delete
@if {%4}=={} goto StopServer
@Echo 正在删除共享%4$
@net share %4$ /delete
@if {%5}=={} goto StopServer
@Echo 正在删除共享%5$
@net share %5$ /delete
@if {%6}=={} goto StopServer
@Echo 正在删除共享%6$
@net share %6$ /delete
@if {%7}=={} goto StopServer
@Echo 正在删除共享%7$
@net share %7$ /delete
@if {%8}=={} goto StopServer
@Echo 正在删除共享%8$
@net share %8$ /delete
@if {%9}=={} goto StopServer
@Echo 正在删除共享%9$
@net share %9$ /delete
:StopServer
@echo.
@echo 正在更改注册表...
@echo Windows Registry Editor Version 5.00> c:\delshare.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:\delshare.reg
@echo "AutoShareWks"=dword:00000000>> c:\delshare.reg
@echo "AutoShareServer"=dword:00000000>> c:\delshare.reg
@regedit /s c:\delshare.reg
@echo 注册表更改完成
@echo.
@echo 正在清理临时文件
@del c:\delshare.reg
@echo 临时文件清理完成
@echo.
@echo 正在刷新共享...
@net stop Server
@net start Server
@echo 刷新完成
@echo.
@echo 指定共享已经删除
@echo.
@goto end
:Usage
@echo.
@echo 功能:
@echo 1、取消admin$及C$等磁盘共享、禁止自动共享
@echo 版本:1.0
@echo 创建日期:2003.09.25
@echo.
@echo 命令格式
@echo DelShare [C] [d] [e] ... [admin] [print]
@echo 例子
@echo DelShare C d e f admin print
@echo.
@echo 请按任意键继续....
@pause>nul
:end
六.以前写的加固脚本的一部分:
:chkver
::判断语言版本
chcp|find "936" >nul 2>nul
if "%ERRORLEVEL%"=="1" echo 您的操作系统不是中文版 & goto :bacterin
::判断操作系统
ver|find "2000" > nul 2>nul
if "%ERRORLEVEL%"=="0" goto :2000
ver|find "XP" > nul 2>nul
if "%ERRORLEVEL%"=="0" goto :XP
echo 您的操作系统不是Windows 2000或者Windows XP & goto :bacterin
七.
nul的用法。
1、清空一个文件。如,copy nul abc.txt
2、屏蔽一些命令的输出。如,echo abc>nul
3、>nul 2>nul表示把标准输出和标准错误输出都定向到nul。这样才是真正屏蔽了输出
|
