|
mfdcxnf
初级用户
 
积分 155
发帖 74
注册 2007-2-21
状态 离线
|
『楼 主』:
如何禁用CMD
使用 LLM 解释/回答一下
通过修改注册表,可以禁止用户使用命令解释器(CMD.exe)和运行批处理文件(BAT文件)。
进入到注册表项
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\中,
新建一个双字节值项DisableCMD,修改其值为2。
则命令解释器和批处理文件都不能够被运行。
如果只是禁止命令解释器的运行,而运行批处理文件的运行,则修改DisableCMD的值为1。
1,2都是禁止,那么0是什么呢?当然是没有限制啦
看到一个可以通过修改注册表实现禁用注册表的方法,用起来不错,可是我想用批处理实现,我又不会修改,请各位大师帮一下忙,我也好借此机会学习一下如何用批处理修改注册表,越详细越好,谢谢!
By modifying the registry, you can prohibit users from using the command interpreter (CMD.exe) and running batch files (BAT files).
Enter the registry key
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\,
create a double-byte value item DisableCMD, and modify its value to 2.
Then both the command interpreter and batch files cannot be run.
If you only want to prohibit the running of the command interpreter but allow the running of batch files, modify the value of DisableCMD to 1.
Both 1 and 2 are prohibitions, so what is 0? Of course, there are no restrictions.
I saw a method to disable the registry by modifying the registry, which works well, but I want to implement it with a batch file. I don't know how to modify it. Please help me, masters. I also want to learn how to modify the registry with a batch file. The more detailed the better. Thank you!
|
|
2008-9-11 18:13 |
|
|
huahua0919
银牌会员
    
积分 1608
发帖 780
注册 2007-10-7
状态 离线
|
『第 2 楼』:
使用 LLM 解释/回答一下
修改为1后两者都不能用,修改为2后无效 winXP-SP2@cmd
After modifying to 1, neither works. After modifying to 2, it has no effect winXP-SP2@cmd
|
|
2008-9-11 18:31 |
|
|
mfdcxnf
初级用户
 
积分 155
发帖 74
注册 2007-2-21
状态 离线
|
『第 3 楼』:
使用 LLM 解释/回答一下
谢谢2楼的指正,不过如何实现呀!
Thanks to the correction from user 2, but how to implement it!
|
|
2008-9-11 18:37 |
|
|
tireless
银牌会员
    
积分 2025
发帖 1122
注册 2007-9-5
状态 离线
|
『第 4 楼』:
使用 LLM 解释/回答一下
命令行工具 reg.exe 就是操作注册表的。键入 reg /? 查看帮助。
=======================
用“映像劫持”可以同时禁用cmd.exe和批处理的运行。
禁用
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.EXE" /v debugger /t reg_sz /d debugfile.exe /f
恢复
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe" /f
Last edited by tireless on 2008-9-10 at 10:47 PM ]
The command-line tool reg.exe is used to operate the registry. Type reg /? to view the help.
=======================
Using "image hijacking" can disable the running of cmd.exe and batch processing simultaneously.
Disable
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.EXE" /v debugger /t reg_sz /d debugfile.exe /f
Restore
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe" /f
Last edited by tireless on 2008-9-10 at 10:47 PM ]
|
|
2008-9-11 18:44 |
|
|
huahua0919
银牌会员
    
积分 1608
发帖 780
注册 2007-10-7
状态 离线
|
『第 5 楼』:
使用 LLM 解释/回答一下
你写的是HKLM了,所以你找不到
You wrote HKLM, so you can't find it
|
|
2008-9-11 18:49 |
|
|
mfdcxnf
初级用户
 
积分 155
发帖 74
注册 2007-2-21
状态 离线
|
『第 6 楼』:
使用 LLM 解释/回答一下
谢谢4楼的朋友,你帮我解决了问题,但是你恢复发上来没有用吧,因为你都禁止了运行,难道你的恢复批处理还能运行吗,不过非常感谢!
Thank you, friend on the 4th floor. You helped me solve the problem, but it's useless to post it back because you've prohibited running. Can your restored batch file still run? But I'm very grateful!
|
|
2008-9-11 18:52 |
|
|
HAT
版主
       
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第 7 楼』:
Re 6楼
使用 LLM 解释/回答一下
恢复可以用这个方法:生成出一个.reg文件,然后导入注册表即可。
The recovery can use this method: generate a.reg file and then import it into the registry.
|

 |
|
2008-9-11 20:42 |
|
|
tireless
银牌会员
    
积分 2025
发帖 1122
注册 2007-9-5
状态 离线
|
『第 8 楼』:
使用 LLM 解释/回答一下
Originally posted by mfdcxnf at 2008-9-10 10:52 PM:
谢谢4楼的朋友,你帮我解决了问题,但是你恢复发上来没有用吧,因为你都禁止了运行,难道你的恢复批处理还能运行吗,不过非常感谢!
直接在“运行”对话框里运行。
Originally posted by mfdcxnf at 2008-9-10 10:52 PM:
Thanks to the friend on the 4th floor, you helped me solve the problem, but it's useless for you to post the recovery because you have prohibited running. Can your recovery batch processing still run? But thank you very much!
Run directly in the "Run" dialog box.
|
|
2008-9-11 22:56 |
|
|
qwertl
中级用户
  
积分 461
发帖 243
注册 2007-10-14
状态 离线
|
『第 9 楼』:
使用 LLM 解释/回答一下
禁用windows脚本要怎样设置呢?
How to set up disabling Windows scripts?
|
|
2008-9-11 23:06 |
|
|
mfdcxnf
初级用户
 
积分 155
发帖 74
注册 2007-2-21
状态 离线
|
『第 10 楼』:
使用 LLM 解释/回答一下
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 00000000 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 00000001 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 00000000 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v Disableregistrytools /t REG_DWORD /d 1
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.EXE" /v debugger /t reg_sz /d debugfile.exe /f
这样就无法用REG恢复了,那位有好的招式,请分享一下,谢谢!我想要我需要用的时候就可以用,不需要的时候就禁止!
不知道脚本可不可以实现解除禁止。批处理和注册表肯定是不行了。
Last edited by mfdcxnf on 2008-9-12 at 08:18 PM ]
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 00000000 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 00000001 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 00000000 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v Disableregistrytools /t REG_DWORD /d 1
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.EXE" /v debugger /t reg_sz /d debugfile.exe /f
In this way, it cannot be restored with REG. If anyone has a good move, please share it. Thank you! I want to be able to use it when I need it and prohibit it when I don't!
I don't know if the script can realize removing the prohibition. Batch processing and registry are definitely not okay.
Last edited by mfdcxnf on 2008-9-12 at 08:18 PM ]
|
|
2008-9-12 20:16 |
|
|
HAT
版主
       
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第 11 楼』:
Re 10楼
使用 LLM 解释/回答一下
xxx.inf可以吗?
Signature="$CHICAG0$"
AddReg=My.Add.Reg:
HKCU,"SOFTWARE\Microsoft\windows\currentversion\policies\system","disableregistrytools",0x00010001,"0"
xxx.vbs呢?
Dim WSHShell
Set WSHShell =CreateObject("WScript.Shell")
WSHShell.RegWrite "HKCU\SOFTWARE\Microsoft\windows\currentversion\policies\system\disableregistrytools",0, "REG_DWORD"
Last edited by HAT on 2008-9-15 at 04:37 PM ]
Is xxx.inf okay?
Signature="$CHICAG0$"
AddReg=My.Add.Reg:
HKCU,"SOFTWARE\Microsoft\windows\currentversion\policies\system","disableregistrytools",0x00010001,"0"
What about xxx.vbs?
Dim WSHShell
Set WSHShell =CreateObject("WScript.Shell")
WSHShell.RegWrite "HKCU\SOFTWARE\Microsoft\windows\currentversion\policies\system\disableregistrytools",0, "REG_DWORD"
Last edited by HAT on 2008-9-15 at 04:37 PM ]
|

 |
|
2008-9-12 21:59 |
|
|
mfdcxnf
初级用户
 
积分 155
发帖 74
注册 2007-2-21
状态 离线
|
『第 12 楼』:
使用 LLM 解释/回答一下
我对楼上的代码进行过测试,结果还是无法运行
I have tested the code from the user above, but it still doesn't work
|
|
2008-9-13 07:19 |
|
|
HAT
版主
       
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第 13 楼』:
使用 LLM 解释/回答一下
11楼的代码无法解锁注册表?报错信息是什么?
The code on floor 11 cannot unlock the registry? What is the error message?
|

 |
|
2008-9-13 09:49 |
|
|
moniuming
银牌会员
     永远的菜鸟
积分 1335
发帖 574
注册 2007-11-27 来自 广西
状态 离线
|
『第 14 楼』:
使用 LLM 解释/回答一下
在我的机子上也无法运行,报错信息如下图:

It can't run on my machine either, and the error message is shown in the following picture:

|
|
2008-9-13 11:00 |
|
|
qinbuer
高级用户
    我思故我在
积分 512
发帖 228
注册 2007-1-21
状态 离线
|
『第 15 楼』:
使用 LLM 解释/回答一下
会不会你的电脑将解释VBS运行的几个宿主文件删除掉了?我记得有些网吧好像就这样干
Could it be that your computer has deleted several host files that interpret VBS operations? I remember some internet cafes do this like that
|

我确实是只菜鸟,而且这里X人太多,所以我不敢装X。谁要再说我装X,我就XXOO他。 |
|
2008-9-13 13:04 |
|