This article will not be introduced for the basics of INF files.
For detailed structural information about the INF file, refer to the DDK help documentation.
First, modify the Telnet service, the port is changed to 99, the NTLM authentication method is 1.
================================
C: /myinf/telnet.inf
[Version]
Signature = "$ Windows NT $"
[DefaultInstall]
AddReg = addRegname
[MY_ADDREG_NAME]
HKLM, Software / Microsoft / Telnet Server / 1.0, Telnetport, 0x00010001, 99
HKLM, Software / Microsoft / Telnet Server / 1.0, NTLM, 0x00010001, 1
Installation: rundll32.exe setupapi, installhinfsection defaultinstall 128 c: /myinf/telnet.inf
Description: [Version] and [DEFAULTINSTALL] are required, 0x00010001 represents the REG_DWORD data type, 0x00000000 or omitted the item (reserved comma) represents REG_SZ (string). 0x00020000 represents REG_EXPAND_SZ.
Installhinfsection is sensitive. There is only one comma between it and setupapi, no spaces. 128 Indicates a given path, which other values and meanings are met in MSDN.
Special note, the last parameter must be the full path to the INF file, do not use a relative path.
The projects in the INF file are not sensitive.
Second, the service
================
Add a service:
[Version]
Signature = "$ Windows NT $"
[DefaultInstall.Services]
Addservice = inetsvr ,, MY_ADDSERVICE_NAME
[MY_ADDSERVICE_NAME]
DisplayName = Windows Internet Service
Description = Provides support for Internet information service management.
ServiceType = 0x10
StartType = 2
ErrorControl = 0
Servicebinary =% 11% / inetsvr.exe
Save as inetsvr.inf, then:
Rundll32.exe setupi, installhinfsection defaultinstall 128 C: /Path/inetsvr.inf
This example adds a service called INTSVR (if it is very like a service comes with the system, huh, huh).
Some explanations:
1, the last four items are
Service Type: 0x10 is a standalone process service, 0x20 is a shared process service (such as svchost);
Start type: 0 When the system is booted, load it when 1 OS is initialized, 2 is automatically started by SCM (Service Control Manager), 3 Manual Start, 4 Disabled.
(Note, 0 and 1 can only be used for drivers) Error control: 0 ignore, 1 Continue and warned, 2 Switch to LastknownGood setting, 3 blue screen.
Server location:% 11% indicate the System32 directory,% 10% represents the system directory (WinNT or Windows),% 12% is the drive directory System32 / Drivers. See DDK at other values. You can also use the full path directly without variables.
These four items must be there.
2. Six projects in the examples, as well as LoadOrderGroup, Dependencies, etc. Not often used, so don't introduce it.
3, there are two commas behind the inetsvr because there is an uncommon parameter Flags in the middle.
Delete a service:
[Version]
Signature = "$ Windows NT $"
[DefaultInstall.Services]
DELSERVICE = inetsvr
Very simple, isn't it?
Of course, you can also achieve your goals by importing registry. But INF has its own advantage.
1. Export a registry key of a system comment on the service, you will find that its execution path is like this:
"ImagePath" = HEX (2): 25, 00, 53, 00, 79, 00, 73, 3, 74, 100, 65, 6D, 00, 52, 6F, 00, 6F, 00, / /
74,00, 25, 00, 5c, 00, 73, 79, 3, 73, 33, 3, 65, 6D, 00, 33, 32, 100, 5C, 00, 74, /
00, 6C, 00, 6E, 00, 74, 73, 3, 76, 100, 72, 00, 2E, 00, 65, 3, 78, 100, 65, 100, 00
Readability is too bad. In fact, it is% systemroot% / system32 / tlntsvr.exe, but the data type is REG_EXPAND_SZ. ThisPath is obviously inconvenient when manually introduced into the registry to increase the service. If you replace it with reg_sz, some problems can not use environment variables. It can only use the full path. With the INF file, there is no such problem, servicebinary (ie imagePath) automatically be REG_EXPAND_SZ.
2, the most critical is, like a tool such as SC, the effect of INF file is immediate, and it must be restarted after importing REG.
3, INF file automatically adds a security subkey to the service's registry key so that it looks more like a service comes with the system.
In addition, AddService and DelService and AddReg, DELREG can be used at the same time and reuse. You can increase and delete multiple services and registry items at the same time.
Third, group strategy
==========
1, the password minimum 6 digits
[Version]
Signature = "$ chicago $"
[System Access]
MinimumPasswordLength = 6
PasswordComplexity = 1
Save as gp.inf, then import:
SECEDIT / CONFIGURE / DB GP.SDB / CFG GP.INF / Quiet
2. Close all "audit strategies
Echo [Version]> 1.Inf
Echo Signature = "$ Chicago $" >> 1.inf
Echo [Event Audit] >> 1.inf
Echo AuditsystemEvents = 0 >> 1.inf
Echo AuditObjectAccess = 0 >> 1.inf
echo auditprivilegen = 0 >> 1.inf
Echo AuditpolicyChange = 0 >> 1.inf
Echo AuditaccountManage = 0 >> 1.inf
Echo AuditProcessTracking = 0 >> 1.inf
echo auditdsaccess = 0 >> 1.inf
Echo AuditaccountLogon = 0 >> 1.inf
Echo Auditlogonevents = 0 >> 1.inf
SECEDIT / CONFIGURE / DB 1.SDB / CFG 1.Inf / log 1.log / quiet
DEL 1. *
Fourth, solve the XP IPC $ connection only guest rights
====================
Echo [Version]> 1.Inf
Echo Signature = "$ Chicago $" >> 1.inf
Echo [Registry Values] >> 1.inf
Echo Machine / System / CurrentControlSet / Control / LSA / Forceguest = 4,0 >> 1.inf
SECEDIT / CONFIGURE / DB 1.SDB / CFG 1.Inf / log 1.log
DEL 1. *
