zoukankan      html  css  js  c++  java
  • Windows批处理:配置防火墙规则、开启远程桌面

    一、简介

      公司主机加入域后,防火墙未进行设置,规则不统一,不少主机ping不通。另打算开启远程桌面,方便远程管理网内每台主机。曾在DC上测试过域组策略内的Windows防火墙设置,无论是新增规则还是直接开启允许ICMP之类的选项,Win7客户端都无效,最后不得不考虑批处理。批处理执行方式和前文的相同,域组策略在用户开机时自动执行。

    二、配置

    1、防火墙

    net start MpsSvc
    ::开启服务
    sc config MpsSvc start
    = auto ::开机启动 netsh advfirewall set allprofiles state on ::启用防火墙 netsh advfirewall firewall add rule name="Allow Ping" dir=in protocol=icmpv4 action=allow netsh advfirewall firewall add rule name="FTP" protocol=TCP dir=in localport=20 action=allow netsh advfirewall firewall add rule name="FTP" protocol=TCP dir=in localport=21 action=allow netsh advfirewall firewall add rule name="SSH" protocol=TCP dir=in localport=22 action=allow netsh advfirewall firewall add rule name="Telnet" protocol=TCP dir=in localport=23 action=allow netsh advfirewall firewall add rule name="SMTP" protocol=TCP dir=in localport=25 action=allow netsh advfirewall firewall add rule name="TFTP" protocol=UDP dir=in localport=69 action=allow netsh advfirewall firewall add rule name="POP3" protocol=TCP dir=in localport=110 action=allow netsh advfirewall firewall add rule name="HTTPS" protocol=TCP dir=in localport=443 action=allow netsh advfirewall firewall add rule name="Netbios-ns" protocol=UDP dir=in localport=137 action=allow netsh advfirewall firewall add rule name="Netbios-dgm" protocol=UDP dir=in localport=138 action=allow netsh advfirewall firewall add rule name="Netbios-ssn" protocol=TCP dir=in localport=139 action=allow netsh advfirewall firewall add rule name="Netbios-ds" protocol=TCP dir=in localport=445 action=allow netsh advfirewall firewall add rule name="HTTP" protocol=TCP dir=in localport=80 action=allow netsh advfirewall firewall add rule name="HTTP" protocol=TCP dir=in localport=8080 action=allow
    ::常用端口

    旧版语法(Win7&Win8.1测试无效)

    @echo off
    netsh firewall set opmode mode = enable
    ::启用防火墙
    
    netsh firewall set icmpsetting type=ALL mode=enable
    ::允许ICMP
    netsh firewall set service remotedesktop enable netsh firewall set portopening tcp
    3389 enable

    2、远程桌面

    @echo off
    net start SessionEnv
    net start TermService
    ::开启服务
    
    sc config SessionEnv start= demand
    sc config TermService start= demand
    ::开机手动启动
    
    
    REG ADD "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
    ::开启选项

    netsh advfirewall firewall add rule name="Remote Desktop" protocol=TCP dir=in localport=3389 action=allow
    ::开启3389端口

    本文出自 “运维菜鸟.log” 博客,谢绝转载!

  • 相关阅读:
    linux-vi/vim
    Linux性能监控-ss
    Linux性能监控-netstat
    Linux性能监控-sar
    Linux性能监控-htop
    Linux性能监控-pstree
    Linux性能监控-ps
    查看linux占用内存/CPU最多的进程
    Linux性能监控-top
    Linux-cpu-socket/core/processor
  • 原文地址:https://www.cnblogs.com/sjy000/p/4727363.html
Copyright © 2011-2022 走看看