======安装操作系统如何实现自动华配置？=======

jixuuse

加入域，配置组策略，你想要的都能用组策略搞定

dengbao2001

1、关闭 Windows 防火墙；
2、自动设置 Windows 自动更新地址；
3、自动设置浏览器主页；
4、自动设置安装常用应用软件（可以弹出界面选择安装常用的应用软件，必须安装的应用软件不可选状态）；
5、在桌面自动设置快捷方式；
6、自动设置操作系统桌面背景图片；
7、自动打开“设备管理器”；
8、自动设置IP地址、子网掩码、网关、指定DNS服务器

你说这些功能1-7，如果有AD，做GPO是最方便的办法，没有的话，可以做一个注册表文件，在安装系统后，自动导入

功能8，用DHCP服务器就实现了

这些都不是复杂的功能

dengbao2001

所有上面说的设定都是通过修改注册表实现的。



例如：

2 ：  windows update registry settings

dengbao2001

我分享一个我曾经写的批处理，你需要在部署系统的时候想办法在部署成功后，执行一次类似的批处理，就可以实现你要求的功能


rem ***create by stefanyu@20110112***
rem ***Add user named "it-mon" to local adminstrators groups***
net user it-mon /delete
net user it-mon Admin@2010! /comment:"Only for IT Scan,Do not update.remove,disable" /add
net localgroup Administrators it-mon /add

rem ***Set IT-Mon password every expires******
@echo strComputer = "." >set.vbs
@echo strUser = "it-mon" >>set.vbs
@echo Set User = Getobject^("WinNT://" ^& strComputer ^& "/" ^& strUser)  >>set.vbs
@echo Flags = User.Get^("UserFlags") >>set.vbs
@echo User.put "Userflags"^, flags OR ^&H10000 >>set.vbs
@echo user.setinfo >>set.vbs
@echo Set User = nothing >>set.vbs
CScript set.vbs //Nologo
del /q /f set.vbs

rem ***stop and disable windows firewall service***
sc stop sharedaccess
sc config sharedaccess start= disabled

rem ***Stop and Disable Security center servcie***
sc stop wscsvc
sc config wscsvc start= disabled

rem ***start and disable windows update service***
sc config wuauserv start= Auto
sc start wuauserv
sc config BITS start= Auto
sc start BITS

rem ***Disabel only guest access by network***
@echo Windows Registry Editor Version 5.00>>import.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]>>import.reg
@echo "forceguest"=dword:00>>import.reg
regedit /s import.reg
del /q /f import.reg

rem **Remove old windows update setting***
@echo Windows Registry Editor Version 5.00>remove.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]>>remove.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]>>remove.reg
regedit /s remove.reg
del /q /f remove.reg

rem **Add windows update setting***
@echo Windows Registry Editor Version 5.00>update.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]>>update.reg
@echo "WUServer"="http://10.194.50.13">>update.reg
@echo "WUStatusServer"="http://10.194.50.13">>update.reg
@echo "TargetGroupEnabled"=dword:00000001>>update.reg
@echo "TargetGroup"="Stand-Alone Computers">>update.reg
@echo "ElevateNonAdmins"=dword:00000001>>update.reg
@echo "AcceptTrustedPublisherCerts"=dword:00000000>>update.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]>>update.reg
@echo "NoAUShutdownOption"=dword:00000001>>update.reg
@echo "NoAUAsDefaultShutdownOption"=dword:00000000>>update.reg
@echo "NoAutoUpdate"=dword:00000000>>update.reg
@echo "AUOptions"=dword:00000003>>update.reg
@echo "ScheduledInstallDay"=dword:00000000>>update.reg
@echo "ScheduledInstallTime"=dword:0000000c>>update.reg
@echo "UseWUServer"=dword:00000001>>update.reg
@echo "RescheduleWaitTimeEnabled"=dword:00000001>>update.reg
@echo "RescheduleWaitTime"=dword:00000005>>update.reg
@echo "NoAutoRebootWithLoggedOnUsers"=dword:00000000>>update.reg
@echo "DetectionFrequencyEnabled"=dword:00000001>>update.reg
@echo "DetectionFrequency"=dword:00000008>>update.reg
@echo "AutoInstallMinorUpdates"=dword:00000001>>update.reg
@echo "RebootWarningTimeoutEnabled"=dword:00000001>>update.reg
@echo "RebootWarningTimeout"=dword:00000005>>update.reg
@echo "RebootRelaunchTimeoutEnabled"=dword:00000001>>update.reg
@echo "RebootRelaunchTimeout"=dword:0000000a>>update.reg
@echo "IncludeRecommendedUpdates"=dword:00000001>>update.reg
@echo "AUPowerManagement"=dword:00000001>>update.reg
regedit /s update.reg
del /q /f update.reg