Windows 组策略修改 之 初始化文件 %windir%\inf\defltbase.inf
OS 名称: Microsoft Windows Server 2012 R2 Standard
OS 版本: 6.3.9600 暂缺 Build 9600
查看所有用户和组
C:\Users\Administrator>wmic useraccount list brief
AccountType Caption Domain FullName Name SID
512 WIN-QOATMA184E8\Administrator WIN-QOATMA184E8 Administrator S-1-5-21-3580962554-2649974931-79358928-500
512 WIN-QOATMA184E8\Guest WIN-QOATMA184E8 Guest S-1-5-21-3580962554-2649974931-79358928-501
C:\Users\Administrator>wmic group get Caption, InstallDate, LocalAccount, Domain, SID, Status
Caption Domain InstallDate LocalAccount SID Status
WIN-QOATMA184E8\Access Control Assistance Operators WIN-QOATMA184E8 TRUE S-1-5-32-579 OK
WIN-QOATMA184E8\Administrators WIN-QOATMA184E8 TRUE S-1-5-32-544 OK
WIN-QOATMA184E8\Backup Operators WIN-QOATMA184E8 TRUE S-1-5-32-551 OK
WIN-QOATMA184E8\Certificate Service DCOM Access WIN-QOATMA184E8 TRUE S-1-5-32-574 OK
WIN-QOATMA184E8\Cryptographic Operators WIN-QOATMA184E8 TRUE S-1-5-32-569 OK
WIN-QOATMA184E8\Distributed COM Users WIN-QOATMA184E8 TRUE S-1-5-32-562 OK
WIN-QOATMA184E8\Event Log Readers WIN-QOATMA184E8 TRUE S-1-5-32-573 OK
WIN-QOATMA184E8\Guests WIN-QOATMA184E8 TRUE S-1-5-32-546 OK
WIN-QOATMA184E8\Hyper-V Administrators WIN-QOATMA184E8 TRUE S-1-5-32-578 OK
WIN-QOATMA184E8\IIS_IUSRS WIN-QOATMA184E8 TRUE S-1-5-32-568 OK
WIN-QOATMA184E8\Network Configuration Operators WIN-QOATMA184E8 TRUE S-1-5-32-556 OK
WIN-QOATMA184E8\Performance Log Users WIN-QOATMA184E8 TRUE S-1-5-32-559 OK
WIN-QOATMA184E8\Performance Monitor Users WIN-QOATMA184E8 TRUE S-1-5-32-558 OK
WIN-QOATMA184E8\Power Users WIN-QOATMA184E8 TRUE S-1-5-32-547 OK
WIN-QOATMA184E8\Print Operators WIN-QOATMA184E8 TRUE S-1-5-32-550 OK
WIN-QOATMA184E8\RDS Endpoint Servers WIN-QOATMA184E8 TRUE S-1-5-32-576 OK
WIN-QOATMA184E8\RDS Management Servers WIN-QOATMA184E8 TRUE S-1-5-32-577 OK
WIN-QOATMA184E8\RDS Remote Access Servers WIN-QOATMA184E8 TRUE S-1-5-32-575 OK
WIN-QOATMA184E8\Remote Desktop Users WIN-QOATMA184E8 TRUE S-1-5-32-555 OK
WIN-QOATMA184E8\Remote Management Users WIN-QOATMA184E8 TRUE S-1-5-32-580 OK
WIN-QOATMA184E8\Replicator WIN-QOATMA184E8 TRUE S-1-5-32-552 OK
WIN-QOATMA184E8\Users WIN-QOATMA184E8 TRUE S-1-5-32-545 OK
WIN-QOATMA184E8\WinRMRemoteWMIUsers__ WIN-QOATMA184E8 TRUE S-1-5-21-3580962554-2649974931-79358928-1000 OK
查看所有系统内置用户和组
C:\Users\Administrator> WHOAMI /USER /GROUPS用户信息
----------------用户名 SID
============================= ===========================================
win-qoatma184e8\administrator S-1-5-21-3580962554-2649974931-79358928-500组信息
-----------------组名 类型 SID 属性
===================================== ====== ============ ==========================================
Everyone 已知组 S-1-1-0 必需的组, 启用于默认, 启用的组
NT AUTHORITY\本地帐户和管理员组成员 已知组 S-1-5-114 必需的组, 启用于默认, 启用的组
BUILTIN\Administrators 别名 S-1-5-32-544 必需的组, 启用于默认, 启用的组, 组的所有者
BUILTIN\Users 别名 S-1-5-32-545 必需的组, 启用于默认, 启用的组
NT AUTHORITY\REMOTE INTERACTIVE LOGON 已知组 S-1-5-14 必需的组, 启用于默认, 启用的组
NT AUTHORITY\INTERACTIVE 已知组 S-1-5-4 必需的组, 启用于默认, 启用的组
NT AUTHORITY\Authenticated Users 已知组 S-1-5-11 必需的组, 启用于默认, 启用的组
NT AUTHORITY\This Organization 已知组 S-1-5-15 必需的组, 启用于默认, 启用的组
NT AUTHORITY\本地帐户 已知组 S-1-5-113 必需的组, 启用于默认, 启用的组
LOCAL 已知组 S-1-2-0 必需的组, 启用于默认, 启用的组
NT AUTHORITY\NTLM Authentication 已知组 S-1-5-64-10 必需的组, 启用于默认, 启用的组
Mandatory Label\High Mandatory Level 标签 S-1-16-12288
初始配置文件路径: %windir%\inf\defltbase.inf
; Copyright (c) Microsoft Corporation. All rights reserved.
;
; Security Configuration Template for Security Configuration Editor
;
; Template Name: DefltSV.INF
; Template Version: 05.10.DS.0000
;
; Default Security For Windows VISTA Server.[Profile Description]
%SCEDefltSVProfileDescription%[version]
signature="$CHICAGO$"
revision=1
DriverVer=06/21/2006,6.3.9600.16384[System Access]
;----------------------------------------------------------------
;Account Policies - Password Policy ( 账户策略 - 密码策略 )
;----------------------------------------------------------------
MinimumPasswordAge = 0 -- 密码最短使用期限
MaximumPasswordAge = 42 -- 密码最长使用期限
MinimumPasswordLength = 0 -- 密码长度最小值
PasswordComplexity = 1 -- 密码必须符合复杂性要求
PasswordHistorySize = 0 -- 强制密码历史
RequireLogonToChangePassword = 0 -- 需要登陆后更改密码
ClearTextPassword = 0 -- ;----------------------------------------------------------------
;Account Policies - Lockout Policy ( 账户策略 - 账户锁定策略 )
;----------------------------------------------------------------
;No Account Lockout
LockoutBadCount = 0 -- 账户锁定阈值 (默认0次无效登陆);The following are not configured when No Account Lockout
;ResetLockoutCount = 30 -- 重置账户锁定计数器(分钟)
;LockoutDuration = 30 -- 账户锁定时间(分钟);----------------------------------------------------------------
;Local Policies - Security Options ( 本地策略 - 安全选项 )
;----------------------------------------------------------------
;DC Only
;ForceLogoffWhenHourExpire = 0LSAAnonymousNameLookup = 0;NewAdministatorName =
;NewGuestName =
;SecureSystemPartition;----------------------------------------------------------------
;Event Log - Log Settings ( 事件查看器 - 日志设定 )
;----------------------------------------------------------------
;Audit Log Retention Period: 审计日志保存周期
;0 = Overwrite Events As Needed 按需要覆盖事件(旧事件优先)
;1 = Overwrite Events As Specified by Retention Days Entry 日志满时将其存档,不覆盖事件
;2 = Never Overwrite Events (Clear Log Manually) 不覆盖事件(手动清除日志)[System Log] 系统日志
MaximumLogSize = 20480 日志最大大小
AuditLogRetentionPeriod = 0 审计日志保留周期 (0就是上面的"按需要覆盖事件(旧事件优先)")
;RetentionDays = 7 保留天数
RestrictGuestAccess = 1 限制客户访问(这个在哪里看呢?)[Security Log] 安装日志
MaximumLogSize = 20480
AuditLogRetentionPeriod = 0
;RetentionDays = 7
RestrictGuestAccess = 1[Application Log] 应用程序日志
MaximumLogSize = 20480
AuditLogRetentionPeriod = 0
;RetentionDays = 7
RestrictGuestAccess = 1;----------------------------------------------------------------
;Local Policies - Audit Policy ( 本地策略 - 审核策略 )
;----------------------------------------------------------------[Event Audit]
CrashOnAuditFull = 0;----------------------------------------------------------------
;Registry Values
;----------------------------------------------------------------
[Registry Values]
; Registry value name in full path = Type, Value
; REG_SZ ( 1 )
; REG_EXPAND_SZ ( 2 ) // with environment variables to expand
; REG_BINARY ( 3 )
; REG_DWORD ( 4 )
; REG_MULTI_SZ ( 7 )MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1;Domain Controllers Only
;MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,1MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,0
MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1;Potential to take on different values during and after setup
;MACHINE\Software\Microsoft\Driver Signing\Policy=3,1
;MACHINE\Software\Microsoft\Non-Driver Signing\Policy=3,0MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,""
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,""
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,0MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled=4,0; remove lsarpc, samr and netlogon from anonymously accessible pipes
MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionPipes=8,Remove:,lsarpc,samr,netlogon;----------------------------------------------------------------------
; Privileges & Rights
;----------------------------------------------------------------------
;
;World S-1-1-0
;
;NT Authority S-1-5
;TERMINAL_SERVER 13
;LOCAL_SERVICE 19
;NETWORK_SERVICE 20
;
;Built-In Domain SubAuthority = S-1-5-32
;ADMINISTRATORS 544
;USERS 545
;GUESTS 546
;POWER_USERS (DEPRECATED)
;ACCOUNT_OPS 548
;SYSTEM_OPS 549
;PRINT_OPS 550
;BACKUP_OPS 551
;REPLICATOR 552
;RAS_SERVERS 553
;PREW2KCOMPACCESS 554
;REMOTE_DESKTOP_USERS 555
;NETWORK_CONFIGURATION_OPS 556
;LOGGING_USERS 559
;WdiServiceHost S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420
;ALL SERVICES S-1-5-80-0[Privilege Rights] 用户权限分配
;-- 计算机配置\windows设置\安全设置本地策略\用户权限分配
SeAssignPrimaryTokenPrivilege = *S-1-5-19, *S-1-5-20 替换进程级令牌
SeAuditPrivilege = *S-1-5-19, *S-1-5-20 生成安全审核
SeBackupPrivilege = *S-1-5-32-544, *S-1-5-32-551 备份文件和目录
SeBatchLogonRight = *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-559 作为批处理作业登录
SeChangeNotifyPrivilege = *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-545, *S-1-1-0, *S-1-5-19, *S-1-5-20 跳过遍历检查
SeCreateGlobalPrivilege = *S-1-5-6, *S-1-5-32-544, *S-1-5-19, *S-1-5-20 创建全局对象
SeCreatePagefilePrivilege = *S-1-5-32-544 创建页面文件
SeCreatePermanentPrivilege = 创建永久共享的对象
SeCreateSymbolicLinkPrivilege = *S-1-5-32-544 拒绝通过远程桌面服务登录
SeCreateTokenPrivilege = 创建令牌的对象
SeDebugPrivilege = *S-1-5-32-544 调试程序
SeImpersonatePrivilege = *S-1-5-6, *S-1-5-32-544, *S-1-5-19, *S-1-5-20 身份验证后模拟客户端
SeIncreaseBasePriorityPrivilege = *S-1-5-32-544 提高日程安排的优先级
SeIncreaseQuotaPrivilege = *S-1-5-32-544, *S-1-5-19, *S-1-5-20 调整进程的内存配额
SeIncreaseWorkingSetPrivilege = *S-1-5-32-545 增加进程工作集
SeInteractiveLogonRight = *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-545 允许本地登录
SeLoadDriverPrivilege = *S-1-5-32-544
SeLockMemoryPrivilege = 锁定内存页
SeMachineAccountPrivilege = 将工作站添加到域
SeManageVolumePrivilege = *S-1-5-32-544 执行卷维护任务
SeNetworkLogonRight = *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-545, *S-1-1-0 从网络访问此计算机
SeProfileSingleProcessPrivilege = *S-1-5-32-544 配置单一进程
SeRemoteInteractiveLogonRight = *S-1-5-32-544, *S-1-5-32-555 允许通过远程桌面服务登录
SeRemoteShutdownPrivilege = *S-1-5-32-544 从远程系统强制关机
SeRestorePrivilege = *S-1-5-32-544, *S-1-5-32-551 还原文件和目录
SeSecurityPrivilege = *S-1-5-32-544 管理审核和安全日志
SeServiceLogonRight = *S-1-5-80-0 作为服务登录
SeShutdownPrivilege = *S-1-5-32-544, *S-1-5-32-551 关闭系统
SeSystemEnvironmentPrivilege = *S-1-5-32-544 修改固件环境值
SeSystemProfilePrivilege = *S-1-5-32-544, *S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420 配置系统性能
SeSystemTimePrivilege = *S-1-5-32-544, *S-1-5-19 更改系统时间
SeTakeOwnershipPrivilege = *S-1-5-32-544 获得文件或其他对象的所有权
SeTcbPrivilege = 充当操作系统的一部分
SeTimeZonePrivilege = *S-1-5-32-544, *S-1-5-19 更改时区
;
SeDenyInteractiveLogonRight = 拒绝从本地登陆
SeDenyBatchLogonRight = 拒绝作为批处理作业登陆
SeDenyServiceLogonRight = 拒绝作为服务登陆
SeDenyNetworkLogonRight = 拒绝从网络访问这台计算机
SeDenyRemoteInteractiveLogonRight = 拒绝通过远程桌面服务登录
;
SeUndockPrivilege = *S-1-5-32-544 从扩展坞中取出计算机
SeSyncAgentPrivilege = 同步目录服务数据
SeEnableDelegationPrivilege = 允许计算机和用户帐户被信任可以进行委派[Group Membership]
*S-1-5-32-545__Memberof =
*S-1-5-32-545__Members = *S-1-5-11,*S-1-5-4[Service General Setting]
;autostarted on workstations and servers, standalone or joined
Browser,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
TrkWks,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Dnscache,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
PolicyAgent,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
dmserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
PlugPlay,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Spooler,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
ProtectedStorage,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
RpcSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
NtmsSvc,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
seclogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SamSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLO;;;IU)(A;;CCLCSWLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
lanmanserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SENS,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Schedule,2,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Sysmonlog,,"D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCRPLOCR;;;LU)S:AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
LmHosts,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
LanmanWorkstation,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
RemoteRegistry,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"ClipSrv,4,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
NetDDE,4,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
NetDDEdsdm,4,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
EventSystem,,"D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)";Not autostarted if machine is standalone
Netlogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)";Server Only Services
Dfs,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
LicenseService,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)";IIS Specific Services - Leave them alone
;IISADMIN,2,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;W3SVC,2,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;MSFTPSVC,2,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;SMTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)";
; set default startup for the following services - do not touch permissions
;
;;FastUserSwitching service not installed in setup
Mnmsrvc,4,""
Themes,4,""
TlntSvr,4,""
;;Tssdis service not installed in setup
WmdmPmSp,3,""[Registry Keys];Not same as parent, and this is the target of a symlink - set explicitly."MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)"
"MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)"
"MACHINE\SOFTWARE\Microsoft\SystemCertificates\Authroot",2,"D:AI(A;CIOI;GA;;;S-1-5-80-242729624-280608522-2219052887-3187409060-2225943459)""MACHINE\Software\Microsoft\Windows\CurrentVersion",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)""MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GR;;;S-1-15-2-1)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)";The following keys do not exist when we run.
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR""MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole",2,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)""MACHINE\System",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)""MACHINE\SYSTEM\Clone",1,"D:AR""MACHINE\SYSTEM\ControlSet001",1,"D:AR"
"MACHINE\SYSTEM\ControlSet002",1,"D:AR"
"MACHINE\SYSTEM\ControlSet003",1,"D:AR"
"MACHINE\SYSTEM\ControlSet004",1,"D:AR"
"MACHINE\SYSTEM\ControlSet005",1,"D:AR"
"MACHINE\SYSTEM\ControlSet006",1,"D:AR"
"MACHINE\SYSTEM\ControlSet007",1,"D:AR"
"MACHINE\SYSTEM\ControlSet008",1,"D:AR"
"MACHINE\SYSTEM\ControlSet009",1,"D:AR"
"MACHINE\SYSTEM\ControlSet010",1,"D:AR""MACHINE\SYSTEM\CurrentControlSet\Control\Class",0,"D:AR""MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Data",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Nsi",2,"D:P(A;CI;KR;;;BU)(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)(A;CI;CCDCLCSWRPWPSDRC;;;S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582)(A;CIIO;RC;;;S-1-3-4)(A;CI;KR;;;S-1-15-2-1)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\4",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)(A;CI;KR;;;S-1-15-2-1)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}\4",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)(A;CI;KR;;;S-1-15-2-1)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a1C-9b1a-11d4-9123-0050047759bc}\0",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)(A;CI;KR;;;S-1-15-2-1)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\8",2,"D:P(A;CI;KR;;;BU)(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)(A;CI;CCDCLCSWRPWPSDRC;;;S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052)(A;CIIO;RC;;;S-1-3-4)(A;CI;KR;;;S-1-15-2-1)""MACHINE\SYSTEM\CurrentControlSet\Services",0,"D:P(A;CI;GR;;;BU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)";Set security subkey permissions for those services created via default hives
"MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\LicenseInfo",2,"D:AR(A;CI;CCLCSWRPRC;;;NS)(A;CIIO;CCDCLCSWRPRC;;;NS)"
"MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)";Set security subkey permissions for those services created in GUI-mode setup before SCE runs
"MACHINE\SYSTEM\CurrentControlSet\Services\STISvc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)""MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries",2,"D:(A;CI;GA;;;NS)(A;CI;CCDCLCSWSDRC;;;LU)""MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles",1,"D:AR""USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots",1,"D:AR"[File Security];---------------------------------------------------------------------------------------
;System Drive
;---------------------------------------------------------------------------------------
;SetupSecurity will contain the new root acl. Ignore docs and settings if it's reapplied (e.g. on conversion from FAT)
; Directories that might not exist when security is applied; but are listed here
; so that they get secured correctly on converting the file system to NTFS;---------------------------------------------------------------------------------------------
;ProgramFiles
;---------------------------------------------------------------------------------------------
"%SceInfCommonProgramFiles%\SpeechEngines\Microsoft\TTS",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)";---------------------------------------------------------------------------------------------
;Win64 32bit ProgramFiles Directory
;---------------------------------------------------------------------------------------------;---------------------------------------------------------------------------------------------
; ProgramData Folder (Typically \ProgramData)
;---------------------------------------------------------------------------------------------;---------------------------------------------------------------------------------------------
;System Root (Typically \WINDOWS)
;---------------------------------------------------------------------------------------------;Directories that existed and inherited on NT4 out of the box.
;The text-mode files within these directories are individually secured below.
;Config, Cursors, Help, Media, Repair, System, Fonts, INF;Directories that do not exist when security applied during clean-install - Creator specifies directory security.
;We explicitly ignore so as not to whack the component-specified DIRECTORY security on upgrade or reapplication of defaults.;Profile for LocalService and NetworkService, moved from Users in Longhorn, creator specifies security
"%SystemRoot%\ServiceProfiles\LocalService",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;LS)"
"%SystemRoot%\ServiceProfiles\NetworkService",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;NS)";---------------------------------------------------------------------------------------------
;System Directory (Typically \Windows\System32)
;---------------------------------------------------------------------------------------------;Directories with no legacy to preserve. Different from parent.; Directories that might not exist when security is applied; but are listed here
; so that they get secured correctly on converting the file system to NTFS
"%SystemDirectory%\LogFiles\wms",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)";-----------------------------------------------------------------------------------------
; SysWOW64 directories
;-----------------------------------------------------------------------------------------"%Systemroot%\SysWOW64\Export",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)";-----------------------------------------------------------------------------------------
;Individual File Settings.
;-----------------------------------------------------------------------------------------
"%Systemroot%\repair\default",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\ntuser.dat",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\sam",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\software",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\system",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"[Strings]SceInfAdministrator = "Administrator"
SceInfAdmins = "Administrators"
SceInfAcountOp = "Account Operators"
SceInfAuthUsers = "Authenticated Users"
SceInfInteractive = "INTERACTIVE"
SceInfBackupOp = "Backup Operators"
SceInfDomainAdmins = "Domain Admins"
SceInfDomainGuests = "Domain Guests"
SceInfDomainUsers = "Domain Users"
SceInfEveryone = "Everyone"
SceInfGuests = "Guests"
SceInfGuest = "Guest"
SceInfPowerUsers = "Power Users"
SceInfPrintOp = "Print Operators"
SceInfReplicator = "Replicator"
SceInfServerOp = "Server Operators"
SceInfUsers = "Users"
SceInfLocalService = "Local Service"
SceInfNetworkService = "Network Service"
SceInfProgramFiles = "%ProgramFiles%"
SceInfProgramFilesx86 = "%ProgramFiles(x86)%"
SceInfCommonProgramFiles = "%CommonProgramFiles%"
SceInfRemoteDesktopUsers = "Remote Desktop Users"
SceDefltSVProfileDescription = "Default Security Settings. (Windows Server)"
SCEInfSysdir1 = "edit.com"
SCEInfSysdir2 = "edit.hlp"
SCEInfHelp1 = "signin.hlp"
附:
关于用户权限的设置可以参考
https://docs.microsoft.com/zh-cn/previous-versions/windows/server/dn221963(v=ws.11)
命令行模式改变本地安全策略
http://blog.sina.com.cn/s/blog_1557e67c90102wa4m.html
Windows 组策略修改 之 初始化文件 %windir%\inf\defltbase.inf相关推荐
- Windows 组策略(Group Policy Object)机制的漏洞分析
Windows 组策略(Group Policy Object)机制的漏洞类大约有60个,专门针对策略更新步骤,允许域环境中的标准用户执行文件系统攻击,进而使恶意用户可以逃避反恶意软件解决方案,绕过安 ...
- 安全设置Windows组策略 有效阻止黑客
安全设置Windows组策略 有效阻止黑客在本篇技术指南中,将概要介绍你如何修改最重要的组策略安全设置. 你可以在采用Windows XP.2000和Server 2003操作系统的本地计算机上使用这 ...
- Windows 组策略 应用
一.什么是组策略 (一)组策略有什么用? 说到组策略,就不得不提注册表.注册表是Windows系统中保存系统.应用软件配置的数据库,随着Windows功能的越来越丰富,注册表里的配置 项目也越来越多. ...
- Windows组策略应用全攻略
一.什么是组策略 (一)组策略有什么用? 说到组策略,就不得不提注册表.注册表是Windows系统中保存系统.应用软件配置的数据库,随着Windows功能的越来越丰富,注册表里的配置项目也越来越多.很 ...
- Windows组策略屏蔽U盘
Windows 组策略屏蔽 U 盘有妙法 ( 图 ) 标签: 组策略 windows 笔者在一家区级法院网络中心工作,为确保局域网内的计算机安全,省高院要求全省联网的法院客户端的机器光软驱都要拆除,而 ...
- Windows组策略屏蔽U盘有妙法(图
Windows组策略屏蔽U盘有妙法(图) 笔者在一家区级法院网络中心工作,为确保局域网内的计算机安全,省高院要求全省联网的法院客户端的机器光软驱都要拆除,而且禁止在局域网内使用U盘.我们知道,现在 ...
- 组策略 控制台登录计算机用用户,更方便的管理计算机!Windows组策略应用全攻略一...
更方便的管理计算机!Windows组策略应用全攻略一 (2007-03-22 01:28:09) 更方便的管理计算机!Windows组策略应用全攻略一 一)组策略有什么用? 说到组策略,就不得不提注册 ...
- windows 组策略
通过 Windows 组策略,实现登录启动指定脚本. 1.快捷键 win+R,输入 gpedit.msc,点击 ok 2.在 Local Group Policy Editor 对话框中选择:Loca ...
- 自动修改Windows组策略
准备工作 下载LGPO(Local Group Policy Object,本地策略组对象) 打开LGPO.zip并下载,或者从我的百度网盘下载:网盘,密码:6r25 在电脑上将组策略预先设置好 我以 ...
最新文章
- 快速收录网站文章可以从这几步下手
- 用python实现矩阵乘法
- 图像处理之ROI区域裁剪
- 成功的前提,35岁前必须做好的十件事
- Vue.js安装使用教程
- c++ 数组引用_在 Solidity中使用值数组以降低 gas 消耗
- 18.12.09-C语言练习:兔子繁衍问题 / Fibonacci 数列
- vue3 Cannot find module ‘path‘. 找不到模块‘path‘
- 魅族mx四核即将使用android,魅族MX四核智能手机发布
- 解决Centos 7安装在虚拟机中没有图形界面的问题
- 人工智能与深度学习概念(3)——目标分类-CNN
- python包管理工具pip_pip_python包管理工具(pip)下载 v9.0.1官方版 - 121下载站
- Java实例化类的几种方法
- can和could的用法_can could 的区别与用法
- 《孙子兵法》的优秀读后感作文2100字
- 从新一期技术雷达看技术领域最新趋势
- 单页面应用首页白屏时间过长和SEO不友好的问题的一些技术的优缺点和原理
- 云从科技的Pixel-Anchor论文解读
- Zeppelin-0.9.0 开启kerberos登陆认证
- D3DAPI大全,全部函数