国产一级a片免费看高清,亚洲熟女中文字幕在线视频,黄三级高清在线播放,免费黄色视频在线看

轉(zhuǎn)貼自http://hi.baidu.com/mikeoldyang/blog/item/3ce1dd458dda7f4b510ffe99.html

我想這個(gè)是很多做網(wǎng)管的需要干的事情，禁用USB存儲(chǔ)。

    前提是我們不能從BIOS里面禁用，一個(gè)是容易破解（拔電池），主要還是因?yàn)槲覀冞€需要使用USB鼠標(biāo)以及Bitlocker的的，所以只能從系統(tǒng)里面動(dòng)腦筋。

    首先是KB555324，http://support.microsoft.com/kb/555324/zh-cn這里介紹的方法需要自定義一個(gè)組策略，看上去好像很好很強(qiáng)大，很簡(jiǎn)單，可是有一個(gè)致命的問題，誰(shuí)也無(wú)法保證那個(gè)OU下就一定沒有服務(wù)器的計(jì)算機(jī)賬號(hào)，此時(shí)就容易誤殺，比不上用腳本可以先判斷一下?；蛘吣銜?huì)說可以用WMI篩選，不過就我們的環(huán)境目前沒權(quán)限設(shè)這個(gè)，而且也不太會(huì)寫。另外就是到底效果咋樣，能否禁掉還未可知。這位看客可能要說了，KB說的還有假？不錯(cuò)，我相信KB，但是有時(shí)會(huì)不適用。何出此言？請(qǐng)繼續(xù)往下看

    然后就是KB823732，http://support.microsoft.com/kb/823732/zh-cn這個(gè)方法應(yīng)該是很好，很根本了（微軟服務(wù)所言），然后我又借用http：//www.cnitblog。 COM / joyclear /存檔/ 2008/05/10 / 43525.html所說的用XCACLS來(lái)設(shè)權(quán)限，可是在XPSP2以及之前的版本中都沒有XCACLS這個(gè)命令，只有CACLS這個(gè)命令，而CACLS的問題是不帶/ Y參數(shù)，漢語(yǔ)中類似的所以找了http://support.microsoft.com/kb/135268/zh-cn來(lái)實(shí)現(xiàn)，有看官可能要說了，你可以使用網(wǎng)絡(luò)共享的XCACLS來(lái)啊，唉，這不是有本地自帶的命令，就盡量用本地的了嗎。

    好，萬(wàn)事俱備，開始腳本吧，好像很簡(jiǎn)單，也就3?4行的批處理啊，XP是好的，可是在Vista的下就有問題了，如果插入新設(shè)備，Vista中總是還能找到，如果是舊設(shè)備，在計(jì)算機(jī)管理中卸載掉再插入閃存，Vista還是能夠使用。而且會(huì)把HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Services / UsbStor下面的開始值自動(dòng)改回到3，真是見鬼了。說法，在拒絕INF和PNF文件后，裝新設(shè)備時(shí)會(huì)由于沒有權(quán)限讀這兩個(gè)文件，導(dǎo)致安裝失敗，可是好像Vista的就是有辦法。個(gè)天殺的，把老子搞得一點(diǎn)脾氣沒有，小事變成大事了。搞不定啊。

    個(gè)NND，你不是會(huì)把注冊(cè)表改回來(lái)嗎，老子把注冊(cè)表的權(quán)限也給你拒絕掉，看你咋整？后來(lái)發(fā)現(xiàn)（無(wú)數(shù)次實(shí)驗(yàn)），只要在上述健的位置，把SYSTEM賬號(hào)給拒絕掉，就真的可以在Vista中下也禁用掉USB了，那連兩個(gè)INF和PNF文件都不要做任何修改，這可是微軟都不知道的哦?？墒菃栴}來(lái)了，鼠標(biāo)點(diǎn)點(diǎn)改注冊(cè)表權(quán)限是方便的，用腳本或者命令該咋辦呢？翻便微軟網(wǎng)站也只找到一個(gè)REGINI命令，可是要命的是看了半天幫助，也沒找到可以設(shè)置拒絕權(quán)限的選項(xiàng)。找到SETACL這個(gè)超級(jí)權(quán)限管理工具，我用的是0.904版的，用法比較簡(jiǎn)單，http://www.helge.mynetcologne.de/setacl/program/setacl0.904/setacl.exe現(xiàn)在新的是2.0版本的，功能超強(qiáng)，參數(shù)眾多，當(dāng)然用的也比較累了http://sourceforge.net/project/showfiles.php?group_id=69165

    這下基本技術(shù)就解決了，下面是寫腳本和部署了，因?yàn)榭蛻舳藳]有管理員權(quán)限，所以腳本必須要用在計(jì)算機(jī)策略中的開機(jī)腳本中，然而很顯然公司里面肯定還是有人要使用USB存儲(chǔ)的，比如說老板們，當(dāng)他們填寫申請(qǐng)單來(lái)要求開通的時(shí)候，helpdesk怎樣才能很方便的來(lái)為他們解除限制呢？而解除限制是分兩塊的，一個(gè)是把注冊(cè)表權(quán)限給改回來(lái)，另外一個(gè)是讓組策略以后不能再次生效。前者可以寫一個(gè)恢復(fù)的腳本，后者就通過組策略的安全設(shè)置嘍。建一個(gè)組，然后在GPMC中設(shè)置那個(gè)組策略中這個(gè)組被拒絕。然后在恢復(fù)的腳本中加入將計(jì)算機(jī)賬號(hào)加入到這個(gè)組的功能。

    關(guān)于還原的腳本，還有一個(gè)問題就是，如果就是一個(gè)很簡(jiǎn)單的腳本，沒有任何安全措施，一旦將來(lái)這個(gè)腳本流傳出去（很有可能），那么每個(gè)人都可以運(yùn)行一下來(lái)解除限制，到那時(shí)。這個(gè)限制也就是一個(gè)擺設(shè)了所以首先腳本要加密，其次要在運(yùn)行的時(shí)候驗(yàn)證用戶身份，只有特定賬號(hào)才可以使用。

   好了，整個(gè)技術(shù)和管理思路就是這樣了，下面就是兩個(gè)腳本最好還要說一下就是，我發(fā)現(xiàn)Vista和XP在usbstor.inf和usbstor.pnf上最大的不同是，XP下這兩個(gè)文件的所有者是管理員，而在Vista下的所有者是系統(tǒng)，而為USB安裝驅(qū)動(dòng)經(jīng)實(shí)驗(yàn)是使用的系統(tǒng)賬號(hào)，并不是之前想當(dāng)然的覺得是當(dāng)前登錄的賬號(hào)，所以KB823732在Vista下不能生效的原因就是雖然拒絕了系統(tǒng)賬號(hào)去讀這兩個(gè)文件，可是由于業(yè)主是系統(tǒng)，所以系統(tǒng)照樣可以讀到，就照樣可以安裝USB存儲(chǔ)，然后再自動(dòng)的把開始的值改回3。

   哈哈，我的解釋是不是很有說服力啊。

'------------------------------------------------- ---------------------------
'DisableUSB.vbs'VBScript
program to RestoreUSB'Date
：12/10/2008
'版本：3.0 - 刪除其他限制
“作者：楊蘇揚(yáng)在AMD蘇州
”--------------------------------------- -------------------------------------

'-------------------------
'獲取操作系統(tǒng)
'-------------------- -----
錯(cuò)誤恢復(fù)下一步

strComputer =“?！?
設(shè)置objWMIService = GetObject（“winmgmts：”_
＆“{impersonationLevel = impersonate}！//”＆strComputer＆“/ root / cimv2”）
Set colOperatingSystems = objWMIService.ExecQuery _
（“Select * from Win32_OperatingSystem”）
For Each objOperatingSystem in colOperatingSystems

OS = objOperatingSystem.Caption
如果InStr（OS，“XP”）> 0則
   OSType = 0 Elseif
InStr（OS，“2000 Professional”）> 0然后
   OSType = 0 Elseif
InStr（OS，“2000 Server”）> 0然后
   OSType = 1
ELSEIF InStr函數(shù)（OS， “2000高級(jí)服務(wù)器”）> 0，則
   OSTYPE = 1
ELSEIF InStr函數(shù)（OS， “2003”）> 0然后
   OSTYPE = 1
ELSEIF InStr函數(shù)（OS，的“Vista”）> 0然后
   OSTYPE = 0
ELSEIF InStr函數(shù)（OS， “2008”）> 0，則
   OSTYPE = 1個(gè)
否則
   OSTYPE = 0
END IF
WINDIR = objOperatingSystem.WindowsDirectory
接著
“Wscript.echo OSTYPE
如果OSTYPE = 1然后
WScript的。退出
結(jié)束if

'Wscript.echo Windir

' -------------------------
' Copy SetACL
' -------------------------
Source = "http://amd.com/SysVol/amd.com/Policies/{C6178A2D-90FC-4663-AB81-0B9B737C11A0}/Machine/Scripts/Startup/SetACL.exe"
Destination = Windir & "/system32/"

SetACL = Windir & "/system32/SetACL.exe"
Set objFSO = CreateObject("Scripting.FileSystemObject")

If objFSO.FileExists(SetACL) Then

'--------------------------------------
'Check size
'--------------------------------------
Set objFile1 = objFSO.GetFile(SetACL)
If objFile1.Size <> 163840 Then
   objFSO.CopyFile Source, Destination, OverwriteExisting
End If

Else
objFSO.CopyFile Source, Destination, OverwriteExisting

End If

' -----------------------------------------------
' Modify registry
' -----------------------------------------------
const HKEY_LOCAL_MACHINE = &H80000002
'strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &_
strComputer & "/root/default:StdRegProv")

strKeyPath = "SYSTEM/CurrentControlSet/Services/USBSTOR"
strValueName = "Start"
dwValue = 4
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

strKeyPath1 = "SYSTEM/CurrentControlSet/Control/StorageDevicePolicies"
strValueName1 = "WriteProtect"
dwValue1 = 1
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath1
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath1,strValueName1,dwValue1

Wscript.Sleep 1000

' -----------------------------------------------
' Deny system permission on registry
' -----------------------------------------------
Set Wwsh = CreateObject("WScript.Shell")

ExecRun1 = "cmd /c " & SetACL & " MACHINE/System/CurrentControlset/Services/usbstor /registry /deny system /full"

Set wExec1 = Wwsh.Exec(ExecRun1)
Rcode = wExec1.StdOut.ReadAll

下面RestorUSB的腳本需要配合一個(gè)password.htm文件來(lái)使用，這個(gè)文件的作用就是驗(yàn)證身份，并且隱藏密碼。這個(gè)RestoreUSB的腳本功能還是很強(qiáng)大的，

1. 驗(yàn)證身份
2. 驗(yàn)證是否在域中
3. 把計(jì)算機(jī)賬號(hào)加到組中（需要運(yùn)行賬號(hào)有AD中相應(yīng)的權(quán)限）
4. 恢復(fù)注冊(cè)表權(quán)限
5. 如果在Restore的時(shí)候發(fā)生錯(cuò)誤，會(huì)自動(dòng)把log發(fā)出來(lái)。

看官可以自己看是否有必要搞得這么復(fù)雜，畢竟各自的環(huán)境不同。

' ----------------------------------------------------------------------------
' RestoreUSB.vbs
' VBScript program to RestoreUSB
' Date: 12/10/2008
' Version: 3.0
' By: Mike Yang at AMD Suzhou
' ----------------------------------------------------------------------------

On Error Resume Next

' ###########################################################################
' Get privilege account, e.g admin_xxx or acct_xxx
' ###########################################################################

' Dim Shell
Dim oShell
Set oShell = WScript.CreateObject ("WSCript.shell")

' -------------------------
' Get User & Password
' -------------------------
Set objExplorer = WScript.CreateObject _
    ("InternetExplorer.Application", "IE_")

objExplorer.Navigate "file://///ssuzfile22/helpdesk$/RestoreUSB/Password.htm"
objExplorer.ToolBar = 0
objExplorer.StatusBar = 0
objExplorer.Width = 620
objExplorer.Height = 420
objExplorer.Left = 100
objExplorer.Top = 100
objExplorer.Visible = 1            

Do While (objExplorer.Document.Body.All.OKClicked.Value = "")
    Wscript.Sleep 250                
Loop

' --------------------------------------------------------------
strUserName = objExplorer.Document.Body.All.UserName.Value
strUser = "amd/" & strUserName
strPassword = objExplorer.Document.Body.All.UserPassword.Value
strASRNo = objExplorer.Document.Body.All.ASRNo.Value
' --------------------------------------------------------------

strButton = objExplorer.Document.Body.All.OKClicked.Value
objExplorer.Quit
Wscript.Sleep 250

If strButton = "Cancelled" Then
Wscript.Quit
End If
If strUsername = "" or strPassword = "" or strASRNo = "" Then
Wscript.Quit
End If

' -------------------------
' Check input User
' -------------------------
adminxxx = Left(strUser,10)
'Wscript.echo adminxxx

acctxxx = Left(strUser,9)
'Wscript.echo acctxxx

err.clear
TASRN0 = Int(strASRNo)
If err <> 0 Then
err.clear
Wscript.echo "" _
   & "Your input is error, the ASR number must be number."

run8 = "http://ssuzfile22/helpdesk$/RestoreUSB/RestoreUSB.vbe"
'Wscript.echo run8
oShell.run run8,true
Wscript.quit

Elseif Len(strASRNo) <> 6 Then

Wscript.echo "" _
   & "Your input is error, the ASR number must have 6 numbers"

run8 = "http://ssuzfile22/helpdesk$/RestoreUSB/RestoreUSB.vbe"
'Wscript.echo run8
oShell.run run8,true
Wscript.quit
End if

If adminxxx <> "amd/admin_" and acctxxx <> "amd/acct_" and strUser <> "amd/amdhelpdesk" Then

Mailto = "MailSubject = "Input error name: " & struser
MailTextbody = "Input error name: " & struser
SendMail Mailto,MailSubject,MailTextbody

Set root = GetObject("LDAP:")
Set objOU = root.OpenDSObject("        ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION)

Mailto = "MailSubject = "Logon failure: " & struser
MailTextbody = "Logon failure: " & struser
SendMail Mailto,MailSubject,MailTextbody

Mailto = "MailSubject = "Get Suzhou OU failure: " & struser
MailTextbody = "Get Suzhou OU failure: " & struser
SendMail Mailto,MailSubject,MailTextbody

Mailto = "MailSubject = LogonName & " run the RestoreUSB script on the " & ComputerName & " by " & strUser
MailTextbody = LogonName & " run the RestoreUSB script on the " & ComputerName & " by " & strUser
SendMail Mailto,MailSubject,MailTextbody

objCommand.CommandText = "<        "(&(objectCategory=computer)(objectClass=user)(Name=" & ComputerName & "));" & _
            "distinguishedName,name;Subtree"
Set objRecordSet = objCommand.Execute
ComDN = objRecordSet.Fields("distinguishedName").Value

   Mailto = "   MailSubject = "The " & ComputerName & " 's account is lost in the domain. The script quits."
   MailTextbody = "The " & ComputerName & " 's account is lost in the domain. The script quits."
   SendMail Mailto,MailSubject,MailTextbody

   Wscript.echo "" _
    & "The computer is in the domain, but seems it has lost the account in the AD, " & chr(10) & chr(13) _
    & "Please run joindomain script to fix the problem and then run the tool again."
   Wscript.quit
End If
Else
Mailto = "MailSubject = "The " & ComputerName & " is out of domain. The script quits."
MailTextbody = "The " & ComputerName & " is out of domain. The script quits."
SendMail Mailto,MailSubject,MailTextbody

Set root = GetObject("LDAP:")
Set objGroup = root.OpenDSObject("

objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(ComDN)
objGroup.SetInfo

Mailto = "MailSubject = "Join the: " & ComputerName & " into the group is OK."
MailTextbody = "Join the: " & ComputerName & " into the group is OK."
SendMail Mailto,MailSubject,MailTextbody

Err.clear
Mailto = "MailSubject = ComputerName & " had been into the group"
MailTextbody = ComputerName & " had been into the group"
SendMail Mailto,MailSubject,MailTextbody

Else
Mailto = "MailSubject = "Join the: " & ComputerName & " into the group is failed."
MailTextbody = LogonName & " run the script failed when he join the " & ComputerName & " into the Group by " & strUser
SendMail Mailto,MailSubject,MailTextbody

'Mailto = "Mailto = "MailSubject = "ASR " & strASRNo & " - " & strUser & " has restore the USB feature on the " & ComputerName & " successfully!"
MailTextbody = "ASR " & strASRNo & " - " & strUser & " has restore the USB feature on the " & ComputerName & " successfully!"
SendMail Mailto,MailSubject,MailTextbody

Else
'Mailto = "Mailto = "MailSubject = "ASR " & strASRNo & " - " & strUser & " restored the USB feature on the " & ComputerName & " failed!"
MailTextbody = "ASR " & strASRNo & " - " & strUser & " restored the USB feature on the " & ComputerName & " failed!"
SendMail Mailto,MailSubject,MailTextbody

Mailto = "MailSubject = "ASR " & strASRNo & " - " & strUser & " restored the USB feature on the " & ComputerName & " failed! -- Only Mike"
MailTextbody = "" _
    & "ASR " & strASRNo & " - " & strUser & " restored the USB feature on the " & ComputerName & " failed!" & chr(10) & chr(13) & chr(10) & chr(13) _
    & Rcode1 & chr(10) & chr(13) & chr(10) & chr(13) _
    & Rcode2 & chr(10) & chr(13) & chr(10) & chr(13) _
    & "Start = " & dwValue
SendMail Mailto,MailSubject,MailTextbody

'Mailto = "'MailTextbody = strUser & " has joined " & strComputer & " into " & strOU & " sucessfully!"
'MailAttachment = "c:/log.txt"

Set objEmail = CreateObject("CDO.Message")
objEmail.From = "objEmail.To = Mailto
objEmail.cc = Mailcc
objEmail.bcc = Mailbcc
objEmail.Subject = MailSubject
objEmail.Textbody = MailTextbody
'objEmail.AddAttachment MailAttachment

objEmail.Configuration.Fields.Item _
     ("objEmail.Configuration.Fields.Item _
     ("         "SUZSMTP"
objEmail.Configuration.Fields.Item _
     ("objEmail.Configuration.Fields.Update