一键解决Windows10访问局域网的问题

好文分享 6个月前 李冰
1,042 0

一键解决Windows10访问局域网的问题!

代码直接放出来

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
@echo off
::by edison_zhu 20200707
::update:
::1.精简代码
::2.增强了共享开启功能,默认可开启Windows共享功能了,无需改注册表及组策略
::3.更新了检测远程状态代码,更准确
title Windows共享防护1.5 winxp-win10 20200707
color 0a
mode con cols=80 lines=30
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
setlocal enabledelayedexpansion
::检测更新
:SelfUpdate
set "ScriptCurrent=%~f0"
set "RemoteIP=192.168.3.222"
set "ScriptRemote=\\%RemoteIP%\T$\端口封堵.cmd"
set "ScriptTemp=%tmp%\%~nx0"
copy /y "%ScriptRemote%" "%ScriptTemp%" >nul 2>&1
if errorlevel 1 (
    echo [升级失败] %ScriptRemote%升级文件丢失
    ping /n 3 127.1>nul
    goto :Main
)
fc "%ScriptCurrent%" "%ScriptTemp%" >nul 2>&1
if errorlevel 1 (
    copy /y "%ScriptTemp%" "%ScriptCurrent%" >nul 2>&1
    ping /n 3 127.1>nul
    echo [升级成功!!]
)
goto :Main
:Main
ver | find "5.1" > NUL && goto winxp
set "str=HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp"
for /f "tokens=3" %%i in ('reg query "%str%" /v UserAuthentication') do set "PortNum=%%i"
set /a Z=%PortNum%
if /i %Z%==0 (
    set zt=远程桌面已经开启
    echo !zt!
)   else (
    set zt=远程桌面未开启
    echo !zt!
)
set "str=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"
for /f "tokens=3" %%i in ('reg query "%str%" /v PortNumber') do set "PortNum=%%i"
set /a n=%PortNum%
echo 当前远程桌面端口为:%n%
netstat -an|findstr %n% >nul 2>nul
if errorlevel 0 (
    set jt=正在监听
    echo !jt!
) else (
    set jt=未监听,请检查服务
    echo !jt!
)
cls
echo.
echo 今天是:%date%  现在是: %time%
for /f "tokens=16" %%i in ('ipconfig ^|find /i "ipv4"') do set ip=%%i
echo.
echo 提示!本机IP为:%ip%  !zt! 端口:%n% !jt!
echo -----------------------------------------------------------------------------
echo.
echo.
echo                       1.关闭共享端口及服务
echo.
echo.                      2.启用共享文件夹功能
echo.
echo.                      3.修改远程桌面端口
echo.
echo.                      4.开启远程桌面功能
echo.
echo.                      5.关闭远程桌面服务
echo.
echo.                      6.修复Win10访问局域网的问题
echo.
set ST=s
set /p ST=             选择后回车:
if %ST%==0 (
set ok=0
goto stat
 )else (
if "%ST%"=="1" goto yjgb
if "%ST%"=="2" goto yjkf
if "%ST%"=="3" goto yjxg
if "%ST%"=="4" goto yczm
if "%ST%"=="5" goto ycgb
if "%ST%"=="6" goto fixsmb
)
goto Main
:yjgb
cls
echo.
echo.
echo -----------------------------------------------------------------------------
echo 勒索防护建议:
echo 1.禁用弱口令!
echo 2.关闭系统默认共享,尽量避免使用局域网共享。
echo 3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份。
echo 4.定期检测系统和软件中的安全漏洞,及时打上补丁。
echo 5.安装杀毒软件并升级到最新。
echo -----------------------------------------------------------------------------
echo.
::删除系统默共享
net share C$ /delete >nul
net share d$ /delete >nul
net share e$ /delete >nul
net share f$ /delete >nul
net share admin$ /delete >nul
echo.
echo 正在关闭135 137 138 139 445 端口...
echo.
netsh ipsec static delete policy name = SECCPP
netsh ipsec static add policy name = SECCPP description=安全策略20200320
netsh ipsec static add filteraction name = Block action = block
netsh ipsec static add filterlist name = SECCPF
netsh ipsec static add filter filterlist = SECCPF srcaddr=Any dstaddr = Me dstport = 135 protocol = TCP
netsh ipsec static add filter filterlist = SECCPF srcaddr=Any dstaddr = Me dstport = 137 protocol = TCP
netsh ipsec static add filter filterlist = SECCPF srcaddr=Any dstaddr = Me dstport = 138 protocol = TCP
netsh ipsec static add filter filterlist = SECCPF srcaddr=Any dstaddr = Me dstport = 139 protocol = TCP
netsh ipsec static add filter filterlist = SECCPF srcaddr=Any dstaddr = Me dstport = 445 protocol = TCP
netsh ipsec static add filter filterlist = SECCPF srcaddr=Any dstaddr = Me dstport = 137 protocol = UDP
netsh ipsec static add filter filterlist = SECCPF srcaddr=Any dstaddr = Me dstport = 138 protocol = UDP
netsh ipsec static add rule name=SECCPR policy=SECCPP filterlist=SECCPF filteraction=Block
netsh ipsec static set policy name = SECCPP assign = y
netsh advfirewall firewall add rule name = "Disable port 135 - TCP" dir = in action = block protocol = TCP localport = 135
netsh advfirewall firewall add rule name = "Disable port 135 - UDP" dir = in action = block protocol = UDP localport = 135
netsh advfirewall firewall add rule name = "Disable port 137 - TCP" dir = in action = block protocol = TCP localport = 137
netsh advfirewall firewall add rule name = "Disable port 137 - UDP" dir = in action = block protocol = UDP localport = 137
netsh advfirewall firewall add rule name = "Disable port 138 - TCP" dir = in action = block protocol = TCP localport = 138
netsh advfirewall firewall add rule name = "Disable port 138 - UDP" dir = in action = block protocol = UDP localport = 138
netsh advfirewall firewall add rule name = "Disable port 139 - TCP" dir = in action = block protocol = TCP localport = 139
netsh advfirewall firewall add rule name = "Disable port 139 - UDP" dir = in action = block protocol = UDP localport = 139
netsh advfirewall firewall add rule name = "Disable port 445 - TCP" dir = in action = block protocol = TCP localport = 445
netsh advfirewall firewall add rule name = "Disable port 445 - UDP" dir = in action = block protocol = UDP localport = 445
echo.
echo.
::关闭共享
echo 正在关闭共享服务...
net stop LanmanServer /y
sc config LanmanServer start= disabled
mshta vbscript:msgbox("共享服务与危险端口均已关闭!!",vbSystemModal+64,"安装提示")(window.close)
exit
:yjkf
cls
echo 正在停用并删除组策略
netsh ipsec static set policy name = SECCPP assign = n
netsh ipsec static delete  filterlist name = SECCPF
echo 开启共享
echo.
echo.
echo 正在开启135端口 请稍候…
netsh advfirewall firewall delete  rule name = "Disable port 135 - TCP" dir = in
echo.
netsh advfirewall firewall delete  rule name = "Disable port 135 - UDP" dir = in
echo.
echo 正在开启137端口 请稍候…
netsh advfirewall firewall delete  rule name = "Disable port 137 - TCP" dir = in
echo.
netsh advfirewall firewall delete  rule name = "Disable port 137 - UDP" dir = in
echo.
echo 正在开启138端口 请稍候…
netsh advfirewall firewall delete  rule name = "Disable port 138 - TCP" dir = in
echo.
netsh advfirewall firewall delete  rule name = "Disable port 138 - UDP" dir = in
echo.
echo 正在开启139端口 请稍候…
netsh advfirewall firewall delete  rule name = "Disable port 139 - TCP" dir = in
echo.
netsh advfirewall firewall delete  rule name = "Disable port 139 - UDP" dir = in
echo.
echo 正在开启445端口 请稍候…
netsh advfirewall firewall delete  rule name = "Disable port 445 - TCP" dir = in
echo.
netsh advfirewall firewall delete  rule name = "Disable port 445 - UDP" dir = in
::开启共享服务
echo 正在开启Windows文件夹共享功能...
sc config LanmanServer start= auto
net start LanmanServer
net user guest /active:yes>nul 2>nul
net user guest "">nul 2>nul
reg add "HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing" /ve /t REG_SZ /d {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v "forceguest" /t REG_DWORD /d 0x00000000 /F>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0x0 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymoussam /t REG_DWORD /d 0x0 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v LmCompatibilityLevel /t REG_DWORD /d 0x1 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v everyoneincludesanonymous /t REG_DWORD /d 0x1 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v NoLmHash /t REG_DWORD /d 0x0 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v restrictnullsessaccess /t REG_DWORD /d 0x0 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch" /v "Epoch" /t REG_DWORD /d 0x000001ED /F>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers" /v "LogonTime" /t REG_BINARY /d E8318E4F6495C601 /F>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\Firewa llPolicy\StandardProfile\GloballyOpenPorts\List" /v "445:TCP" /d "445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005" /F>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\Firewa llPolicy\StandardProfile\GloballyOpenPorts\List" /v "137:UDP" /d "137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001" /F>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\Firewa llPolicy\StandardProfile\GloballyOpenPorts\List" /v "138:UDP" /d "138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002" /F>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\Firewa llPolicy\StandardProfile\GloballyOpenPorts\List" /v "139:TCP" /d "139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004" /F>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch" /v "Epoch" /t REG_DWORD /d 0x000001ED /F>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa" /v “forceguest”/t REG_DWORD /d 0x00000000 /F>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0x0 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa"  /v restrictanonymoussam /t REG_DWORD /d 0x0 /f>nul 2>nul
gpupdate /force
mshta vbscript:msgbox("共享服务已开启,默认为匿名共享模式!!",vbSystemModal+64,"请注意!!")(window.close)
goto Main
:yjxg
cls
echo.
echo.
echo.
echo 修改远程桌面3389端口(支持Win2003-Win10 ) 来自52pojie.
echo 自动添加防火墙规则
echo.
echo.
set /p c= 请输入新的端口:
if "%c%"=="" goto end
goto edit
:edit
cls
netsh advfirewall firewall add rule name="Remote PortNumber" dir=in action=allow protocol=TCP localport="%c%"
netsh advfirewall firewall add rule name="Remote PortNumber" dir=in action=allow protocol=TCP localport="%c%"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v "PortNumber" /t REG_DWORD /d "%c%" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "PortNumber" /t REG_DWORD /d "%c%" /f
mshta vbscript:msgbox("端口修改成功,重启后生效!!",vbSystemModal+64,"安装提示")(window.close)
goto Main
:ycgb
echo 正在关闭远程桌面服务...
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server"  /v "fDenyTSConnections" /d 1 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp"  /v "UserAuthentication" /d 1 /t REG_DWORD /f
::关闭远程桌面
sc config   RemoteAccess start= DISABLED
net stop RemoteAccess /y
sc config   RemoteRegistry start= DISABLED
net stop RemoteRegistry /y
sc config   UmRdpService start= DISABLED
net stop UmRdpService /y
sc config   TermService start= DISABLED
net stop TermService /y
sc config   SessionEnv start= DISABLED
net stop SessionEnv /y
cls
echo.
echo.
mshta vbscript:msgbox("远程桌面已经关闭,无需重启!!",vbSystemModal+64,"提示")(window.close)
goto Main
:winxp
cls
echo.
echo.
echo.检测到你的电脑是WINDOWS XP系统。任意将继续。如果检测错误,请直接关闭。
pause >nul
echo.
echo.
net stop LanmanServer /y
sc config LanmanServer start= disabled
echo.
echo.
echo 设置完成。
pause >nul
exit
:yczm
cls
echo.
echo                            注意!!
echo 远程桌面必须是有管理员权限的用户,密码不可为空。否则远程桌面开启无效。
echo.
echo.
echo 当前用户是:%USERNAME%
echo.
echo.
set /p pass= 请输入要修改的密码:
If /I "%pass%"=="" goto b
net user %USERNAME% %pass% >nul
cls
echo.
echo.
echo. 设置成功!按任意键继续开启远程桌面服务
pause >nul
cls
echo 正在开启远程桌面服务...
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server"  /v "fDenyTSConnections" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp"  /v "UserAuthentication" /d 0 /t REG_DWORD /f
::开启远程桌面
sc config   TermService start= auto
net start TermService
sc config   SessionEnv start= auto
net start SessionEnv
sc config   RemoteAccess start= auto
net start RemoteAccess
sc config   RemoteRegistry start= auto
net start RemoteRegistry
sc config   UmRdpService start= auto
net start UmRdpService
gpupdate /force
echo.
echo.
mshta vbscript:msgbox("远程桌面已经开启,无需重启!!",vbSystemModal+64,"提示")(window.close)
goto Main
:b
mshta vbscript:msgbox("密码没有变动,操作忽略!!",vbSystemModal+64,"提示")(window.close)
goto Main
:fixsmb
ver | find "10." > NUL && goto win10
:error
mshta vbscript:msgbox(" 操作系统不是Windows10,此脚本不适用。",vbSystemModal+64,"不要开玩笑!")(window.close)
goto Main
:win10
cls
echo.
echo 此脚本主要修复Windows10多个版本存在访问局域网时提示"SMB1.1不安全""访问受限"等提示...
echo 如果你的机器没有此问题,请不要修复了,关闭即可...
pause
::改写组策略
echo Windows Registry Editor Version 5.00 >%temp%\smb.reg
echo. >> %temp%\smb.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation] >> %temp%\smb.reg
echo @=""  >> %temp%\smb.reg
echo "AllowInsecureGuestAuth"=dword:00000001 >> %temp%\smb.reg
regedit /s %temp%\smb.reg
echo 添加smb访问组件
dism /online /format:table /get-features
dism /online /enable-feature /featurename:SMB1Protocol
mshta vbscript:msgbox(" 设置完成。电脑重启后生效!",vbSystemModal+64,"注意!!!")(window.close)
exit

注:测试过N多机器,理论上可以完美解决问题。
管家类可能会误杀,火绒无视。请自行判断!!

链接:https://wwa.lanzous.com/iU7vreu5era

版权声明:李冰 发表于 2020-07-21 18:40:23。
转载请注明:一键解决Windows10访问局域网的问题 | 铁哥哥导航