10.   修改conn.asp和config.asp文件.适应我们的设置.



11.   访问您设定的网址 安装完成.


windows下根目录的权限设置：

C:\WINDOWS\Downloaded Program Files 默认不改

C:\WINDOWS\Offline Web Pages 默认不改

C:\WINDOWS\Help TERMINAL SERVER USER 除前两项权限不选其余都选

C:\WINDOWS\IIS Temporary Compressed Files IIS_WPG选全部权限

C:\WINDOWS\Installer 删除everyone组权限

C:\WINDOWS\Prefetch 默认权限不改

C:\WINDOWS\Registration 添加NETWORK SERVICE 选择其中三项权限，其它保留默认

C:\WINDOWS\system32 添加NETWORK SERVICE 选择其中三项权限，其它保留默认

C:\WINDOWS\TAPI 删除user组，其它组的权限保留默认

C:\WINDOWS\Temp 删除user组，其它组的权限保留默认

C:\WINDOWS\Web 注意权限设置为继承。具体看演示

C:\WINDOWS\WinSxS 添加NETWORK SERVICE 选择其中三项权限，其它保留默认

C:\WINDOWS\Application Compatibility Scripts

C:\WINDOWS\Debug\UserMode 删除users组的权限
C:\WINDOWS\Debug\WPD 目录删除Authenticated Users组权限。其它默认不变

C:\WINDOWS\ime

C:\WINDOWS\inf

C:\WINDOWS\Installer 删除其子目录下所有包含everyone组的权限

C:\WINDOWS\Microsoft.NET 和C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322 子目录中有很多组权限。保留默认就行

C:\WINDOWS\PCHealth\UploadLB 删除everyone组的权限，其它下级目录不用管，没有user组和everyone组权限
C:\WINDOWS\PCHealth\HelpCtr 删除everyone组的权限，其它下级目录不用管，没有user组和everyone组权限
如果C:\WINDOWS\PCHealth\还有其它演示中没有的目录，也如此操作，依情况灵活运用

C:\WINDOWS\Registration\CRMLog 删除users组的权限

C:\WINDOWS\security\templates 删除users组的权限及多余权限，看演示


下面开始
system32根目录的设置：

此目录中基本上是删除user组和其它不必要的组后，其余组的权限保留就行了。要改的地方没几处

C:\WINDOWS\system32\GroupPolicy 删除Authenticated Users组，其下子目录保留默认不用改就行*******

C:\WINDOWS\system32\inetsrv 及其下子目录均保持不改就行*******

C:\WINDOWS\system32\spool*************
C:\WINDOWS\system32\spool\drivers 删除everyone组的权限
C:\WINDOWS\system32\spool\PRINTERS 删除everyone组的权限

C:\WINDOWS\system32\wbem\AutoRecover 删除everyone组的权限
C:\WINDOWS\system32\wbem\Logs 同上
C:\WINDOWS\system32\wbem\mof 同上
C:\WINDOWS\system32\wbem\Repository 同上





在这里提供给大家一段批处理 windows 2003权限设置批处理

echo.
echo ------------------------------------------------------
echo.
echo ...........
echo.
net share c$ /delete
net share d$ /delete
net share e$ /delete
net share f$ /delete
net share admin$ /delete
net share ipc$ /delete
net stop server
net stop lanmanworkstation

regsvr32/u C:\WINDOWS\System32\wshom.ocx
regsvr32/u C:\WINDOWS\system32\shell32.dll
cacls c:\WINDOWS\system32\shell32.dll /g administrators:f system:f
cacls c:\WINDOWS\system32\shell.dll /g administrators:f system:f
cacls c:\ /g administrators:f system:f
cacls d:\ /g administrators:f system:f
echo.
echo ..........
echo.
echo ------------------------------------------------------
echo.
echo .................
echo.
echo .. delshare.reg .......
echo Windows Registry Editor Version 5.00> c:\delshare.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:\delshare.reg
echo "AutoShareWks"=dword:00000000>> c:\delshare.reg
echo "AutoShareServer"=dword:00000000>> c:\delshare.reg
echo .. delshare.reg .....
regedit /s c:\delshare.reg
echo .. delshare.reg ....
del c:\delshare.reg
echo .
echo ........
echo .
echo =========================================================
echo .
echo .....................dos....
echo .
echo .........
echo Windows Registry Editor Version 5.00> c:\dosforwin.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>> c:\dosforwin.reg
echo "EnableICMPRedirect"=dword:00000000>> c:\dosforwin.reg
echo "DeadGWDetectDefault"=dword:00000001>> c:\dosforwin.reg
echo "DontAddDefaultGatewayDefault"=dword:00000000>> c:\dosforwin.reg
echo "EnableSecurityFilters"=dword:00000000">> c:\dosforwin.reg
echo "AllowUnqualifiedQuery"=dword:00000000>> c:\dosforwin.reg
echo "PrioritizeRecordData"=dword:00000001>> c:\dosforwin.reg
echo "ReservedPorts"=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,\>> c:\dosforwin.reg
echo 00,00,00,00>> c:\dosforwin.reg
echo "SynAttackProtect"=dword:00000002>> c:\dosforwin.reg
echo "EnablePMTUDiscovery"=dword:00000000>> c:\dosforwin.reg
echo "NoNameReleaseOnDemand"=dword:00000001>> c:\dosforwin.reg
echo "EnableDeadGWDetect"=dword:00000000>> c:\dosforwin.reg
echo "KeepAliveTime"=dword:00300000>> c:\dosforwin.reg
echo "PerformRouterDiscovery"=dword:00000000>> c:\dosforwin.reg
echo "EnableICMPRedirects"=dword:00000000>> c:\dosforwin.reg
echo .
echo ==========================================================
echo .. dosforwin.reg .....
regedit /s c:\dosforwin.reg
echo .. dosforwin.reg ....
del c:\dosforwin.reg
echo ==============================================================
echo .
echo ..........(......................).
echo .
echo ..telnet,......telnet.
echo ..........
echo Windows Registry Editor Version 5.00> c:\telnet.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]>> c:\telnet.reg
echo "Start"=dword:00000004>> c:\telnet.reg
echo .
echo .. telnet.reg .....
regedit /s c:\telnet.reg
echo .
echo .. telnet.reg ....
del c:\telnet.reg
echo .
echo