- 论坛徽章:
- 13
|
我分享一个我曾经写的批处理,你需要在部署系统的时候想办法在部署成功后,执行一次类似的批处理,就可以实现你要求的功能
rem ***create by stefanyu@20110112***
rem ***Add user named "it-mon" to local adminstrators groups***
net user it-mon /delete
net user it-mon Admin@2010! /comment:"Only for IT Scan,Do not update.remove,disable" /add
net localgroup Administrators it-mon /add
rem ***Set IT-Mon password every expires******
@echo strComputer = "." >set.vbs
@echo strUser = "it-mon" >>set.vbs
@echo Set User = Getobject^("WinNT://" ^& strComputer ^& "/" ^& strUser) >>set.vbs
@echo Flags = User.Get^("UserFlags") >>set.vbs
@echo User.put "Userflags"^, flags OR ^&H10000 >>set.vbs
@echo user.setinfo >>set.vbs
@echo Set User = nothing >>set.vbs
CScript set.vbs //Nologo
del /q /f set.vbs
rem ***stop and disable windows firewall service***
sc stop sharedaccess
sc config sharedaccess start= disabled
rem ***Stop and Disable Security center servcie***
sc stop wscsvc
sc config wscsvc start= disabled
rem ***start and disable windows update service***
sc config wuauserv start= Auto
sc start wuauserv
sc config BITS start= Auto
sc start BITS
rem ***Disabel only guest access by network***
@echo Windows Registry Editor Version 5.00>>import.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]>>import.reg
@echo "forceguest"=dword:00>>import.reg
regedit /s import.reg
del /q /f import.reg
rem **Remove old windows update setting***
@echo Windows Registry Editor Version 5.00>remove.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]>>remove.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]>>remove.reg
regedit /s remove.reg
del /q /f remove.reg
rem **Add windows update setting***
@echo Windows Registry Editor Version 5.00>update.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]>>update.reg
@echo "WUServer"="http://10.194.50.13">>update.reg
@echo "WUStatusServer"="http://10.194.50.13">>update.reg
@echo "TargetGroupEnabled"=dword:00000001>>update.reg
@echo "TargetGroup"="Stand-Alone Computers">>update.reg
@echo "ElevateNonAdmins"=dword:00000001>>update.reg
@echo "AcceptTrustedPublisherCerts"=dword:00000000>>update.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]>>update.reg
@echo "NoAUShutdownOption"=dword:00000001>>update.reg
@echo "NoAUAsDefaultShutdownOption"=dword:00000000>>update.reg
@echo "NoAutoUpdate"=dword:00000000>>update.reg
@echo "AUOptions"=dword:00000003>>update.reg
@echo "ScheduledInstallDay"=dword:00000000>>update.reg
@echo "ScheduledInstallTime"=dword:0000000c>>update.reg
@echo "UseWUServer"=dword:00000001>>update.reg
@echo "RescheduleWaitTimeEnabled"=dword:00000001>>update.reg
@echo "RescheduleWaitTime"=dword:00000005>>update.reg
@echo "NoAutoRebootWithLoggedOnUsers"=dword:00000000>>update.reg
@echo "DetectionFrequencyEnabled"=dword:00000001>>update.reg
@echo "DetectionFrequency"=dword:00000008>>update.reg
@echo "AutoInstallMinorUpdates"=dword:00000001>>update.reg
@echo "RebootWarningTimeoutEnabled"=dword:00000001>>update.reg
@echo "RebootWarningTimeout"=dword:00000005>>update.reg
@echo "RebootRelaunchTimeoutEnabled"=dword:00000001>>update.reg
@echo "RebootRelaunchTimeout"=dword:0000000a>>update.reg
@echo "IncludeRecommendedUpdates"=dword:00000001>>update.reg
@echo "AUPowerManagement"=dword:00000001>>update.reg
regedit /s update.reg
del /q /f update.reg |
|