-
彻底隐藏文件
-
关闭默认共享
-
加速菜单显示
-
移除快捷方式箭头
-
Win 10移除资源管理器中的OneDrive
-
修改远程桌面端口
-
系统登陆提示语
-
关闭IPv6协议
-
启用 windows 自动登录
-
关闭Windows Defender
隐藏内容:此处内容需要评论本文通过后才能查看!
-
Windows 照片查看器
- 下载并导入Windows_Photo_Viewer.reg
- 在图片文件属性中更改“打开方式”
- 下拉列表中选择“Windows 照片查看器”
说明:U盘Auto病毒利用这一点,还会加上隐藏文件后缀名。
1 2 3 4 5 6 7 8 9 10 11 12 |
#--隐藏显示-- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t REG_DWORD /v CheckedValue /d "0x00000000" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t REG_DWORD /v Hidden /d "0x00000002" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t REG_DWORD /v Hidden /d "0x00000000" /f #--重启视窗进程-- taskkill /f /im explorer.exe & ping 127.1 -n 3 >nul & explorer.exe #--恢复显示-- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t REG_DWORD /v CheckedValue /d "0x00000001" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t REG_DWORD /v Hidden /d "0x00000001" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t REG_DWORD /v Hidden /d "0x00000001" /f |
说明:系统默认会开启每个卷的文件共享,如C$、ADMIN$($表示共享目录不可见);一般环境安全审计要求关闭默认共享,但在域环境可能需要通过RemoteRegistry服务来实现远程部署软件、在推送软件时需要使用到默认共享。
1 2 3 4 5 6 7 8 9 10 |
#--关闭默认共享-- reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /t REG_DWORD /v AutoShareServer /d "0x00000000" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /t REG_DWORD /v AutoSharewks /d "0x00000000" /f #--查看共享会话,重启Server共享服务,查看共享列表-- net file & sc stop LanmanServer && sc start LanmanServer && net share #--开启默认共享-- reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /t REG_DWORD /v AutoShareServer /d "0x00000001" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /t REG_DWORD /v AutoSharewks /d "0x00000001" /f |
1 2 3 4 5 6 7 8 9 10 |
#--调整菜单显示延迟-- reg add "HKCU\Control Panel\Desktop" /t REG_SZ /v MenuShowDelay /d "200" /f reg add "HKCU\Control Panel\Mouse" /t REG_SZ /v MouseHoverTime /d "200" /f #--重启视窗进程-- taskkill /f /im explorer.exe & ping 127.1 -n 3 >nul & explorer.exe #--恢复菜单显示延迟-- reg add "HKCU\Control Panel\Desktop" /t REG_SZ /v MenuShowDelay /d "400" /f reg add "HKCU\Control Panel\Mouse" /t REG_SZ /v MouseHoverTime /d "400" /f |
1 2 3 4 5 6 7 8 9 10 |
#--移除箭头,会导致Win10的Win+X组合键失效-- reg delete "HKCR\lnkfile" /v IsShortcut /f reg delete "HKCR\piffile" /v IsShortcut /f #--重启视窗进程-- taskkill /f /im explorer.exe & ping 127.1 -n 3 >nul & explorer.exe #--恢复箭头-- reg add "HKCR\lnkfile" /t REG_SZ /v IsShortcut /f reg add "HKCR\piffile" /t REG_SZ /v IsShortcut /f |
1 |
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f |
1 2 3 4 5 6 7 8 9 10 |
#--远程桌面端口53389-- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /t REG_DWORD /v PortNumber /d 53389 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /t REG_DWORD /v PortNumber /d 53389 /f #--重启远程桌面服务-- net stop TermService /y & ping 127.1 -n 3 >nul & net start TermService & netstat -ano | find /i "3389" #--恢复远程桌面默认端口-- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /t REG_DWORD /v PortNumber /d 3389 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /t REG_DWORD /v PortNumber /d 3389 /f |
1 2 3 4 5 6 7 8 9 10 |
#--添加登陆提示语标题及文本-- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /t REG_SZ /v legalnoticecaption /d "欢迎使用Windows 8.1操作系统" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /t REG_SZ /v legalnoticetext /d "该系统由Desen掌管,请使用授权帐户登录;若您未被授权请联系wsh11080329@qq.com,谢谢使用。" /f #--注销登陆的用户-- shutdown /l /t 15 #--清空登陆提示语标题及文本-- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /t REG_SZ /v legalnoticecaption /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /t REG_SZ /v legalnoticetext /f |
1 2 3 4 5 6 7 8 |
#--禁用IPv6协议-- reg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /t REG_DWORD /v DisabledComponents /d "0x00ffffff" /f #--重启系统生效-- shutdown /r /t 15 #--启用IPv6协议-- reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /f |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
#--登陆界面无须按 Ctrl+Alt+Delete 组合键-- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /t REG_DWORD /v DisableCAD /d "1" /f #--自动登陆次数-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_DWORD /v AutoLogonCount /d "99999999" /f #--启用自动登陆-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v AutoAdminLogon /d "1" /f #--默认登陆的域名或计算机名-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultDomainName /d "DESENPAST.COM" /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultDomainName /d "Windows10" /f #--默认登陆的域用户或本地用户-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultUserName /d "DESENPAST\Administrator" /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultUserName /d ".\Administrator" /f #--默认登陆的的用户密码-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultPassword /d "Password" /f #--登陆界面隐藏Administrator用户-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /t REG_DWORD /v Administrator /d "0" /f |
Jump in the loop...