zoukankan      html  css  js  c++  java

  • Windows批处理:配置防火墙规则、开启远程桌面

    一、简介

      公司主机加入域后,防火墙未进行设置,规则不统一,不少主机ping不通。另打算开启远程桌面,方便远程管理网内每台主机。曾在DC上测试过域组策略内的Windows防火墙设置,无论是新增规则还是直接开启允许ICMP之类的选项,Win7客户端都无效,最后不得不考虑批处理。批处理执行方式和前文的相同,域组策略在用户开机时自动执行。

    二、配置

    1、防火墙

    net start MpsSvc
::开启服务
    
sc config MpsSvc start    = auto
::开机启动

netsh advfirewall set allprofiles state on
::启用防火墙

netsh advfirewall firewall add rule name="Allow Ping" dir=in protocol=icmpv4 action=allow
netsh advfirewall firewall add rule name="FTP" protocol=TCP dir=in localport=20 action=allow
netsh advfirewall firewall add rule name="FTP" protocol=TCP dir=in localport=21 action=allow
netsh advfirewall firewall add rule name="SSH" protocol=TCP dir=in localport=22 action=allow
netsh advfirewall firewall add rule name="Telnet" protocol=TCP dir=in localport=23 action=allow
netsh advfirewall firewall add rule name="SMTP" protocol=TCP dir=in localport=25 action=allow
netsh advfirewall firewall add rule name="TFTP" protocol=UDP dir=in localport=69 action=allow
netsh advfirewall firewall add rule name="POP3" protocol=TCP dir=in localport=110 action=allow
netsh advfirewall firewall add rule name="HTTPS" protocol=TCP dir=in localport=443 action=allow
netsh advfirewall firewall add rule name="Netbios-ns" protocol=UDP dir=in localport=137 action=allow 
netsh advfirewall firewall add rule name="Netbios-dgm" protocol=UDP dir=in localport=138 action=allow 
netsh advfirewall firewall add rule name="Netbios-ssn" protocol=TCP dir=in localport=139 action=allow 
netsh advfirewall firewall add rule name="Netbios-ds" protocol=TCP dir=in localport=445 action=allow 
netsh advfirewall firewall add rule name="HTTP" protocol=TCP dir=in localport=80 action=allow
netsh advfirewall firewall add rule name="HTTP" protocol=TCP dir=in localport=8080 action=allow
    ::常用端口

    旧版语法(Win7&Win8.1测试无效)

    @echo off
netsh firewall set opmode mode = enable
::启用防火墙

netsh firewall set icmpsetting type=ALL mode=enable
    ::允许ICMP
    
netsh firewall set service remotedesktop enable
netsh firewall set portopening tcp     3389 enable

    2、远程桌面

    @echo off
net start SessionEnv
net start TermService
::开启服务

sc config SessionEnv start= demand
sc config TermService start= demand
::开机手动启动


REG ADD "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
::开启选项

    netsh advfirewall firewall add rule name="Remote Desktop" protocol=TCP dir=in localport=3389 action=allow
    ::开启3389端口

    本文出自 “运维菜鸟.log” 博客,谢绝转载!
  • 相关阅读:
    JAVA-初步认识-常用对象API(StringBuffer类-插入删除查找修改)
    JAVA-初步认识-常用对象API(StringBuffer类-特点添加功能)
    JAVA-初步认识-常用对象API(String类-练习1)
    JAVA-初步认识-常用对象API(String类-常见功能-intern方法)
    JAVA-初步认识-常用对象API(String类-常见功能-比较)
    JAVA-初步认识-常用对象API(String类-常见功能-判断)
    JAVA-初步认识-常用对象API(String类-常见功能-转换)
    JAVA-初步认识-常用对象API(String类-常见功能-获取-2)
    arcengine导出复本
    PC软件分享
  • 原文地址:https://www.cnblogs.com/sjy000/p/4727363.html
Copyright © 2011-2022 走看看