碼上歡樂
相關內容    簡體    繁體

Windows批處理:配置防火牆規則、開啟遠程桌面

本文轉載自   查看原文   2015-08-13 15:10   16951    Shell

一、簡介

  公司主機加入域后,防火牆未進行設置,規則不統一,不少主機ping不通。另打算開啟遠程桌面,方便遠程管理網內每台主機。曾在DC上測試過域組策略內的Windows防火牆設置,無論是新增規則還是直接開啟允許ICMP之類的選項,Win7客戶端都無效,最后不得不考慮批處理。批處理執行方式和前文的相同,域組策略在用戶開機時自動執行。

 

二、配置

1、防火牆

net start MpsSvc
::開啟服務

sc config MpsSvc start= auto
::開機啟動

netsh advfirewall set allprofiles state on
::啟用防火牆

netsh advfirewall firewall add rule name="Allow Ping" dir=in protocol=icmpv4 action=allow
netsh advfirewall firewall add rule name="FTP" protocol=TCP dir=in localport=20 action=allow
netsh advfirewall firewall add rule name="FTP" protocol=TCP dir=in localport=21 action=allow
netsh advfirewall firewall add rule name="SSH" protocol=TCP dir=in localport=22 action=allow
netsh advfirewall firewall add rule name="Telnet" protocol=TCP dir=in localport=23 action=allow
netsh advfirewall firewall add rule name="SMTP" protocol=TCP dir=in localport=25 action=allow
netsh advfirewall firewall add rule name="TFTP" protocol=UDP dir=in localport=69 action=allow
netsh advfirewall firewall add rule name="POP3" protocol=TCP dir=in localport=110 action=allow
netsh advfirewall firewall add rule name="HTTPS" protocol=TCP dir=in localport=443 action=allow
netsh advfirewall firewall add rule name="Netbios-ns" protocol=UDP dir=in localport=137 action=allow 
netsh advfirewall firewall add rule name="Netbios-dgm" protocol=UDP dir=in localport=138 action=allow 
netsh advfirewall firewall add rule name="Netbios-ssn" protocol=TCP dir=in localport=139 action=allow 
netsh advfirewall firewall add rule name="Netbios-ds" protocol=TCP dir=in localport=445 action=allow 
netsh advfirewall firewall add rule name="HTTP" protocol=TCP dir=in localport=80 action=allow
netsh advfirewall firewall add rule name="HTTP" protocol=TCP dir=in localport=8080 action=allow
::常用端口

 

舊版語法(Win7&Win8.1測試無效)

@echo off
netsh firewall set opmode mode = enable
::啟用防火牆

netsh firewall set icmpsetting type=ALL mode=enable
::允許ICMP

netsh firewall set service remotedesktop enable
netsh firewall set portopening tcp 3389 enable

 

2、遠程桌面

@echo off
net start SessionEnv
net start TermService
::開啟服務

sc config SessionEnv start= demand
sc config TermService start= demand
::開機手動啟動


REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
::開啟選項

netsh advfirewall firewall add rule name="Remote Desktop" protocol=TCP dir=in localport=3389 action=allow
::開啟3389端口

 

本文出自 “運維菜鳥.log” 博客,謝絕轉載!


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 windows server 2008 R2 Enterprise 防火牆開啟允許遠程桌面登錄 Windows批處理編輯防火牆規則 window cmd 設置IP,關閉防火牆,開啟遠程桌面 服務器設置防火牆規則,實現遠程桌面連接的ip限制 批處理開啟遠程桌面 Windows 10修改遠程桌面的端口以及防火牆設置 主機防火牆firewalld配置規則和開啟日志 windows防火牆開放zabbix端口(批處理) windows防火牆實驗-命令行設置遠程桌面連接以及禁止瀏覽器上網 清除windows 遠程桌面訪問記錄 批處理
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM