windows自定义配置
[TOC]
个人电脑
自定义的编排
::1.将计算机图标添加到桌面
rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,0
::2.创建cmd快捷方式到桌面
set path=%WINDIR%\System32\cmd.exe
set topath="%USERPROFILE%\Desktop\cmd.url"
echo [InternetShortcut] > %topath%
echo URL="%path%" >> %topath%
echo IconIndex=0 >> %topath%
echo IconFile=%path% >> %topath%
::3.禁用windows自动更新
net stop wuauserv
sc config wuauserv start= disabled
windows 7
::1.修改机器信息
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" /v "Manufacturer" /t REG_SZ /d "你把账结了" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" /v "Model" /t REG_SZ /d "Windows 7 旗舰版" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" /v "SupportHours" /t REG_SZ /d "09:00-18:00" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" /v "SupportPhone" /t REG_SZ /d "15212345678" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" /v "SupportUrl" /t REG_SZ /d "https://user.qzone.qq.com/78667417" /f
windows 10
::1.移除资源管理器中的 OneDrive
cmd /k reg add "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v "System.IsPinnedToNameSpaceTree" /d "0" /f
::2.依次移除资源管理器中 3D对象、视频、音乐、图片
cmd /k reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" /f
cmd /k reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" /f
cmd /k reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" /f
cmd /k reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" /f
服务器配置
Windows Server 2008
echo ## Enable role and feature ##
ServerManagerCmd.exe -install NET-Framework-Core
ServerManagerCmd.exe -install Telnet-Client
:: 通过 ServerManagerCmd 启用 .NET Framework 3.5 功能
ServerManagerCmd.exe -install NET-Framework-Core
:: 通过 ServerManagerCmd 移除 .NET Framework 3.5 功能
ServerManagerCmd.exe -remove NET-Framework-Core
Windows Server 2012 R2
::1.win2012下载sources.rar
cd /d d:\tools
wget -c http://iso.sqlfans.cn/windows/win2012r2/sources.rar
rar x -ep2 d:\tools\sources.rar
::2.通过 dism 启用 .NET Framework 3.5 功能(不再用ServerManagerCmd来安装)
dism /online /enable-feature /featurename:NetFX3 /All /Source:D:\tools\sources\sxs /LimitAccess
echo ## Enable role and feature ##
dism /online /Enable-Feature /FeatureName:TelnetClient
Windows Server 2019
::1.win2019下载sources.rar
cd /d d:\tools
wget -c http://iso.sqlfans.cn/windows/win2019/sources.rar
rar x -ep2 d:\tools\sources.rar
::2.通过 dism 启用 .NET Framework 3.5 功能(不再用ServerManagerCmd来安装)
dism /online /enable-feature /featurename:NetFX3 /All /Source:D:\tools\sources\sxs /LimitAccess
定时任务
::1.删除7天前的日志文件
forfiles /p "%systemdrive%\inetpub\logs\LogFiles" /s /m *.log /d -7 /c "cmd /c del @path"
forfiles /p "%windir%\Logs\CBS" /s /m *.log /d -7 /c "cmd /c del @path"
forfiles /p "%windir%\system32\LogFiles\HTTPERR" /s /m *.log /d -7 /c "cmd /c del @path"
配置防火墙
echo ## Set windows advfirewall ##
netsh advfirewall set allprofiles state off
netsh advfirewall firewall set rule name=all dir=in new enable=no
netsh advfirewall firewall set rule name=all dir=out new enable=no
netsh advfirewall firewall add rule name="permit_ping_echo_request" protocol=ICMPv4 dir=in action=allow
netsh advfirewall firewall add rule name="permit_mstsc_tcp_3389" protocol=TCP dir=in remoteip=192.168.0.0/255.255.0.0,47.100.228.234 localport=3389 action=allow
netsh advfirewall firewall add rule name="permit_http_tcp_80" protocol=TCP dir=in localport=80 action=allow
netsh advfirewall firewall add rule name="permit_https_tcp_443" protocol=TCP dir=in localport=443 action=allow
netsh advfirewall firewall add rule name="permit_ftp_tcp_10021" protocol=TCP dir=in remoteip=47.100.228.234 localport=10021 action=allow
netsh advfirewall firewall add rule name="permit_ftp_passive_tcp" protocol=TCP dir=in remoteip=47.100.228.234 localport=65500-65535 action=allow
netsh advfirewall firewall add rule name="block_in_tcp_135_137_138_139_445" protocol=TCP dir=in localport=135,137,138,139,445 action=block
netsh advfirewall firewall add rule name="block_in_udp_135_137_138_139_445" protocol=UDP dir=in localport=135,137,138,139,445 action=block
netsh advfirewall firewall add rule name="block_out_tcp_135_137_138_139_445" protocol=TCP dir=out localport=135,137,138,139,445 action=block
netsh advfirewall firewall add rule name="block_out_udp_135_137_138_139_445" protocol=UDP dir=out localport=135,137,138,139,445 action=block
netsh advfirewall set allprofiles state on
配置优化
echo ## Disable useless service for security ##
net stop Browser /yes
sc config Browser start= disabled
net stop WinHttpAutoProxySvc /yes
sc config WinHttpAutoProxySvc start= disabled
net stop RemoteRegistry /yes
sc config RemoteRegistry start= disabled
net stop SCardSvr /yes
sc config SCardSvr start= disabled
net stop SCPolicySvc /yes
sc config SCPolicySvc start= disabled
net stop Spooler /yes
sc config Spooler start= disabled
echo ## Enable necessary service for window update ##
net start BITS /yes
sc config BITS start= auto
net start wuauserv /yes
sc config wuauserv start= auto
echo ## 同步时间 ##
net start W32Time /yes
sc config W32Time start= auto
w32tm /config /manualpeerlist:ntp.aliyun.com /syncfromflags:manual /reliable:yes /update
w32tm -resync
服务器激活
echo ## 服务器激活-通过kms服务器激活,示例 116.211.11.18 ##
sc config W32Time start= auto
net start W32Time
Cscript c:\windows\system32\slmgr.vbs /skms 116.211.11.18
Cscript c:\windows\system32\slmgr.vbs /ato
Cscript c:\windows\system32\slmgr.vbs /skms 116.211.11.18
Cscript c:\windows\system32\slmgr.vbs /ato
echo ## windows2019服务器激活-通过序列号激活 ##
slmgr /upk
slmgr /ipk WMDGN-G9PQG-XVVXX-R3X43-63DFG
slmgr /skms zh.us.to
slmgr /ato
调优排障
::查看系统信息
msinfo32
::收集硬件信息
msinfo32 /nfo C:\msinfo32.nfo /categories +systemsummary
::收集应用日志
wevtutil epl System C:\system.evtx
wevtutil epl Application C:\app.evtx
::查看簇大小
fsutil fsinfo ntfsinfo d:
::查看cpu型号
wmic cpu get Name
rem 查看OS版本\机器名\SN号\内存大小
wmic os get Caption,CSName,SerialNumber,TotalVisibleMemorySize
rem 查看处理器个数
echo %number_of_processors%
rem 查看处理器架构
echo %processor_architecture%
rem 查看处理器标识符
echo %processor_identifier%
IIS管理
- iis站点迁移(假设站点目录已同步)
:: 老机器:先导出所有应用程序池,再导出所有站点
%windir%\system32\inetsrv\appcmd list apppool /config /xml > c:\apppools.xml
%windir%\system32\inetsrv\appcmd list site /config /xml > c:\sites.xml
:: 新机器:先导入所有应用程序池,再导入所有站点
%windir%\system32\inetsrv\appcmd add apppool /in < c:\apppools.xml
%windir%\system32\inetsrv\appcmd add site /in < c:\sites.xml
- iis启用压缩
:: 在IIS服务器上启用静态文件(.js、.css、.html之类)压缩
cscript C:\Inetpub\adminscripts\adsutil.vbs set w3svc/filters/compression/parameters/HcDoStaticCompression true
:: 在IIS服务器上启用动态文件(.asp之类)压缩
cscript C:\Inetpub\adminscripts\adsutil.vbs set w3svc/filters/compression/parameters/HcDoDynamicCompression true
- 删除当前所有站点及应用程序池
::删除当前所有站点及应用程序池
cd /d d:
%windir%/system32/inetsrv/appcmd list site > allsite.txt
%windir%/system32/inetsrv/appcmd list apppool > allpool.txt
for /f "delims=(" %i in (allsite.txt) do %windir%/system32/inetsrv/appcmd delete %i
for /f "delims=(" %i in (allpool.txt) do %windir%/system32/inetsrv/appcmd delete %i
学习
dism角色功能
::列出操作系统中所有可用的功能,例如:
Dism /online /Get-Features
::启用映像中的特定功能,例如:
dism /online /Enable-Feature /FeatureName:TelnetClient
::启用映像中的特定功能。你可以使用 /All 参数在相同的命令中启用所有父功能,例如:
Dism /online /Enable-Feature /FeatureName:TFTP /All
::禁用映像中的特定功能,例如:
Dism /online /Disable-Feature /FeatureName:TelnetClient
::删除映像中的特定功能,而不删除映像中的功能清单,例如:
Dism /online /Disable-Feature /FeatureName:TFTP /Remove