windows服务器安全关闭多余服务，防护永恒之蓝比特币勒索病毒

命令行界面输入以下命令，防护永恒之蓝等已知或未知的病毒。
执行后，不需要重启系统。

:: windows_sec_by_akka9
@set srv=LanmanServer WerSvc RemoteRegistry ShellHWDetection lmhosts SENS COMSysApp EventSystem SSDPSRV Dnscache MSDTC Spooler Themes WpnService lfsvc
@for  %%i in (%srv%) do @net stop %%i >nul 2>nul & @sc config %%i start= disabled

:: enable auto update and firewall
@set srv=wuauserv MpsSvc
@for  %%i in (%srv%) do @net restart %%i >nul 2>nul & @sc config %%i start= auto

netsh advfirewall firewall add rule name="BLOCK_PORT_TCP" dir=in action=block protocol=TCP localport=135,137,138,139,445,593,1025
netsh advfirewall firewall add rule name="BLOCK_PORT_UDP" dir=in action=block protocol=UDP localport=123,5050,5053

@timeout 32

提醒：

• 尽早淘汰XP、Windows 2013。尽早使用Win10，Win2016吧. 当然用苹果系统、Linux 也是比较安全的.
• 尽早淘汰IE 6、IE 7、IE 8、IE 9、IE 10。尽早使用IE 11, Edge.最好是尽量只使用最新版的Chrome、Firefox.
• 自动更新一定要开启。

:: disable 137 138 139 445
sc config   MSDTC start= DISABLED
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT /v Start  /t REG_DWORD /d 4 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT /v Start /t REG_DWORD /d 4 /f
reg add HKLM\SOFTWARE\Microsoft\Ole /v EnableDCOM /d N /f
reg add HKLM\SOFTWARE\Microsoft\Rpc /v "DCOM Protocols" /t REG_MULTI_SZ /d ncacn_spx\0ncacn_nb_nb\0ncacn_nb_ipx\0 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters /v SMBDeviceEnabled /t REG_DWORD /d 0 /f

:: change port 445 to 1445
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Smb /v SessionPort /t REG_DWORD /d 1445 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Smb /v DatagramPort /t REG_DWORD /d 1445 /f
:: change RDP 3389 to 60089
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Tenninal Server\WinStations\RDP\Tcp" /v PortNumber /t REG_DWORD /d 60089 /f

REM reg add "HKLM\SYSTEM\CurrentControlSet\Services\RpcSs" /v ListenOnInternet /t REG_SZ /d N /f

echo "手动操作关闭137、138、139端口"
echo "本地连接属性->Internet协议 (TCP/IP)->属性->高级->WINS，禁用TCP/IP上的NetBIOS"
start /w ncpa.cpl

windows diable CTRL-ALT-DEL

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCAD /t REG_DWORD /d 1 /f

http://blog.sina.com.cn/s/blog_56cb31070102wgah.html
http://www.computerstepbystep.com/turn-off-multicast-name-resolution.html
http://xfocus.net/articles/200408/723.html