Windows服务器如何修改3389远程端口，以及修改超级管理员密码

如何修改Windows服务器的3389远程端口与超级管理员密码

在使用Windows服务器时，修改默认的3389远程端口以及超级管理员密码是提升系统安全性的重要步骤。默认的3389端口是远程桌面连接的标准端口，修改后可以有效降低遭受暴力破解攻击的风险。本教程将详细介绍如何在Windows服务器上修改远程桌面端口，并安全地更改超级管理员密码。通过简单的步骤，你可以确保服务器的安全性更上一层楼。

1. 修改3389远程桌面端口

修改3389端口可以通过修改注册表来完成，以下是详细步骤：

1.1 打开注册表编辑器
1. 按下 Win + R 键，打开运行窗口。
2. 输入 regedit，然后按 Enter，打开注册表编辑器。

1.2 导航到远程桌面端口设置
在注册表编辑器中，依次展开以下路径：

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp

注意：以上两个位置都需要更改。

1.3 修改端口号
1. 找到 PortNumber 字段，双击它。
2. 将数值从 3389 修改为你想设置的新端口（例如：3390）。
3. 点击 确定 保存更改。

1.4 更新防火墙设置
确保新的端口在Windows防火墙中开放：
1. 打开控制面板，选择 系统和安全 > Windows Defender 防火墙。
2. 点击 高级设置。
3. 在左侧选择 入站规则，然后选择 新建规则。
4. 选择 端口，点击 下一步。
5. 选择 TCP，并输入新的端口号（例如：3390），然后点击 下一步。
6. 选择 允许连接，继续点击 下一步，给规则命名并完成设置。

1.5 重启服务器
为了使更改生效，重启你的Windows服务器。

2. 修改超级管理员密码

更改超级管理员密码可以通过以下方式完成：

2.1 使用“计算机管理”
1. 右键点击 “计算机” 或 “此电脑”，选择 “管理”。
2. 在左侧的菜单中，找到并展开 “本地用户和组” > “用户”。
3. 找到 “Administrator” 账户，右键点击它，选择 “设置密码”。
4. 在弹出的对话框中输入新密码，确认后点击 确定。

2.2 使用命令提示符
你也可以通过命令提示符修改密码：
1. 按下 Win + R 键，输入 cmd，按 Enter 打开命令提示符。
2. 输入以下命令并按 Enter：

net user Administrator 新密码

替换 新密码 为你想要设置的密码。

3. 确认设置成功

3.1 测试远程连接
在另一台计算机上，打开 远程桌面连接（mstsc），输入 服务器IP:新端口（如 192.168.1.100:3390），测试是否能够成功连接。

3.2 确认管理员密码更改
使用管理员账户登录，确认新密码能够正常使用。

通过本教程，你已经成功修改了Windows服务器的3389远程桌面端口和超级管理员密码。这些步骤不仅提高了服务器的安全性，也让你更好地管理系统。如果需要了解更多关于Windows服务器管理的内容，请关注我们的后续文章。

Win7/2008+配置IP、防火墙、远程桌面及端口、设置密码等配置脚本

@echo off & color 0A
setlocal enabledelayedexpansion
mode con cols=100 lines=50
:: *****************************************************************************
:: ** Author          : Saiwa
:: ** Email           : [email protected]
:: ** Create Time     : 2019-06-06 15:20
:: ** Last modified   : 2022-12-28 13:29
:: ** Filename        : windows_tools.cmd
:: ** Description     : Win7/2008+配置IP、防火墙、远程桌面及端口、设置密码等
:: *****************************************************************************
:: chcp 437
:: 通过活动代码页判断系统语言，中文显示中文，非中文则显示英文
for /f "tokens=1-2 delims= " %%a in ('chcp ^| findstr "936"') do (
    set "code=%%b"
)
if defined code (
   goto cn
) else goto en

:cn
:: 标题
title WinTools 适用于win7/2008以上系统  --By Saiwa

:: 全局变量,设置DNS
set dns1=8.8.8.8
set dns2=8.8.4.4
set "input_error=输入有误，请重新输入..."
set "port_error=输入有误,范围:1024-65535 请重新输入..."
set ver=V2.6
:: 进入菜单
goto menu

:: ============================================================================================
:: 菜单
:menu
cls
echo.
echo  Windows系统 配置工具 [!ver!]  By Saiwa
echo  ------------------------------------------
echo   1 添加连续IP
echo   2 添加整段IP
echo   3 配置主要IP
echo   4 设置获取IP方式为DHCP
echo   5 查看修改远程桌面端口号
echo   6 设置administrator的密码
echo   7 设置防火墙允许指定端口号
echo   8 阻止高危端口和开启远程桌面
echo   9 使用speedtest_cli命令行測速
echo   a 使用iperf3命令行測速，可选节点
echo   q 回车后退出
echo  ------------------------------------------
echo   使用说明：
echo   1. 在任何等待输入界面，输入0可返回本菜单
echo   2. IP配置仅适用于网关是IP段最后一个可用IP
:rechoice
echo.
set choice=init
set /p choice=请选择您的操作: 
if  "%choice%"=="0"  goto menu
if  "%choice%"=="cmd"  cmd
echo;%choice%|findstr "^[1-9aq]$">nul || echo.&&echo !input_error!&&goto rechoice
echo;%choice%|findstr "^[1-4]$">nul && goto getname
if  "%choice%"=="5"  goto setremoveport
if  "%choice%"=="6"  goto resetpass
if  "%choice%"=="7"  goto allowport
if  "%choice%"=="8"  goto secset
if  "%choice%"=="9"  goto speedtest_cli
if  "%choice%"=="a"  goto iperf3_test
if  "%choice%"=="q"  exit

:: ============================================================================================
:: 获取配置IP的网卡名称
:getname
cls
echo.
set i=1
for /f "tokens=3*" %%a in ('netsh interface show interface ^| findstr "已连接"') do (
    set "ethname!i!=%%b"
    set /a i+=1
)
set /a i=%i%-1
if defined ethname1 (
    if !i! == 1 (
        echo 当前已连接状态的网卡只有:!ethname1!
        set "ethname=!ethname1!"
        goto inputbegin )
    echo 当前已连接状态的网卡有：
    for /l %%j in (1,1,!i!) do (
        echo  %%j. !ethname%%j!
        )
) else echo 没有网卡是已连接状态,请检查...按任意键返回主菜单 && pause >nul 2>nul & goto menu
set nic=init
set /p nic=请选择要配置的网卡名称[1-!i!]: 
if  "%nic%"=="0" goto menu
echo;%nic%|findstr "^[1-!i!]$">nul || (cls&&echo.&&echo !input_error! && goto getname)
set "ethname=!ethname%nic%!"
echo.&echo  您选择的网卡是"!ethname!"
:inputbegin
if  "%choice%"=="1"  goto inputipm
if  "%choice%"=="2"  goto inputipd
if  "%choice%"=="3"  goto inputips
if  "%choice%"=="4"  goto ipbydhcp

:: ============================================================================================
:: 配置主IP
:inputips
echo.
echo 主IP输入格式示例: 108.186.1.1/27
set "ips=init"
set /p ips=输入你要配置的IP: 
if %ips% == 0 goto menu
for /f "tokens=1-5* delims=./ " %%a in ("!ips!") do (
    set x1=%%a
    set x2=%%b
    set x3=%%c
    set x4=%%d
    set x5=%%e
)
for %%i in (!x1! !x2! !x3! !x4! !x5!) do (
    set /a %%i 2>nul || (echo !input_error! & goto inputips)
)
if !x1! geq 1 if !x1! leq 255 if !x2! geq 0 if !x2! leq 255 ^
if !x3! geq 0 if !x3! leq 255 if !x4! geq 0 if !x4! leq 255 ^
if !x5! geq 24 if !x5! leq 29 goto inputok
cls
echo.
echo !input_error!  & goto inputips

:inputok
    if !x5! == 29 (
    set x6=248
    set /a n=!x4!/8
    set /a m=!n!*8
    set /a x7=!m!+6 )
    if !x5! == 28 (
    set x6=240
    set /a n=!x4!/16
    set /a m=!n!*16
    set /a x7=!m!+14 )
    if !x5! == 27 (
    set x6=224
    set /a n=!x4!/32
    set /a m=!n!*32
    set /a x7=!m!+30 )
    if !x5! == 26 (
    set x6=192
    set /a n=!x4!/64
    set /a m=!n!*64
    set /a x7=!m!+62 )
    if !x5! == 25 (
    set x6=128
    set /a n=!x4!/128
    set /a m=!n!*128
    set /a x7=!m!+126 )
    if !x5! == 24 (
    set x6=0
    set m=0
    set x7=254 )
    if !x4! leq !m! echo !input_error! && goto inputips
    if !x4! geq !x7! echo !input_error! && goto inputips
    set addr=!x1!.!x2!.!x3!.!x4!
    set netmask=255.255.255.!x6!
    set gateway=!x1!.!x2!.!x3!.!x7!
echo.
echo 您要配置的IP信息如下：
echo Server IP: !addr!
echo NetMask: !netmask!
echo Gateway: !gateway!
echo DNS1: !dns1!
echo DNS2: !dns2!
echo.
set tip=init
set /p tip=确认无误后请按Enter键开始配置... 
if  "%tip%"=="0"  goto menu
echo 正在配置主IP...
netsh interface ip set address name="!ethname!" source=static addr=!addr! mask=!netmask! gateway=!gateway! 1
netsh interface ip set dns name="!ethname!" source=static addr=!dns1! >/nul
netsh interface ip add dns "!ethname!" addr=!dns2! index=2 >/nul
ping 127.1 -n 5 >nul
echo 主IP配置完成
echo.
ping baidu.com
::echo.
::ping baidu.com >nul && (echo 可以PING通百度！！) || (echo 无法PING通百度！！)
:configmore
echo.
set next=init
set /p next=1.添加连续IP，2.添加整段IP，其它返回菜单: 
if  "%next%"=="0"  goto menu
if !next! == 1 goto inputipm
if !next! == 2 goto inputipd
goto menu

:: ============================================================================================
:: 添加连续IP
:inputipm
echo.
echo  例如配置: 108.186.1.1/27-108.186.1.10/27
echo  则请输入: 108.186.1.1-10/27
echo.
set ipm=init
set /p ipm=输入你要配置的连续IP: 
if "%ipm%" == "0" goto menu
echo.
for /f "tokens=1-6* delims=./- " %%a in ("!ipm!") do (
    set x1=%%a
    set x2=%%b
    set x3=%%c
    set x4=%%d
    set x5=%%e
    set x6=%%f
    for %%i in (!x1! !x2! !x3! !x4! !x5!) do (
        echo;%%i|findstr "^[0-9]$">nul || echo;%%i|findstr "^[1-9][0-9]$">nul || ^
echo;%%i|findstr "^[1][0-9][0-9]$">nul || echo;%%i|findstr "^[2][0-4][0-9]$">nul || ^
echo;%%i|findstr "^[2][5][0-5]$">nul || echo !input_error!  && goto inputipm	
    )
    echo;!x6!|findstr "^[2][4-9]$">nul || echo !input_error!  && goto inputipm
    if !x6! == 29 (
    set x6=248
    set /a n=!x4!/8
    set /a m=!n!*8
    set /a x7=!m!+6 )
    if !x6! == 28 (
    set x6=240
    set /a n=!x4!/16
    set /a m=!n!*16
    set /a x7=!m!+14 )
    if !x6! == 27 (
    set x6=224
    set /a n=!x4!/32
    set /a m=!n!*32
    set /a x7=!m!+30 )
    if !x6! == 26 (
    set x6=192
    set /a n=!x4!/64
    set /a m=!n!*64
    set /a x7=!m!+62 )
    if !x6! == 25 (
    set x6=128
    set /a n=!x4!/128
    set /a m=!n!*128
    set /a x7=!m!+126 )
    if !x6! == 24 (
    set x6=0
    set m=0
    set x7=254 )
    if !x4! leq !m! (echo !input_error! & goto inputipm)
    if !x4! geq !x7! (echo !input_error! & goto inputipm)
    if !x5! lss !x4! (echo !input_error! & goto inputipm)
    if !x5! geq !x7!  (echo !input_error! & goto inputipm)
)
:start_configure
set start_ip=!x1!.!x2!.!x3!.!x4!
set end_ip=!x1!.!x2!.!x3!.!x5!
set netmask=255.255.255.!x6!
set gateway=!x1!.!x2!.!x3!.!x7!
echo.
echo 您要配置的IP信息如下: 
echo 起始 IP: !start_ip!
echo 结束 IP: !end_ip!
echo 网关 IP: !gateway!
echo 子网掩码: !netmask!
set net=!x1!.!x2!.!x3!
echo.
set tip=init
set /p tip=确认无误后请按Enter键开始配置... 
if  "%tip%"=="0"  goto menu
echo.
for /l %%i in (!x4!,1,!x5!) do netsh interface ip add address "!ethname!" !net!.%%i !netmask! >nul && (echo !net!.%%i 已添加到“!ethname!”上)
netsh interface ip add address "!ethname!" gateway=!gateway! gwmetric=2 >/nul
netsh interface ip set dns name="!ethname!" source=static addr=!dns1! >/nul
netsh interface ip add dns "!ethname!" addr=!dns2! index=2 >/nul
echo.
ping baidu.com >nul && (echo 可以PING通百度！！) || (echo 无法PING通百度！！)
goto configmore

:: ============================================================================================
:: 添加整段IP
:inputipd
echo.
echo  仅支持/24,/25,/26,/27,/28,/29整段IP配置
echo  整段IP格式输入示例: 108.186.1.0/24
echo.
set ipd=init
set /p ipd=请输入您要配置的IP段: 
if "%ipd%" == "0" goto menu
for /f "tokens=1-5* delims=./ " %%a in ("!ipd!") do (
    set x1=%%a
    set x2=%%b
    set x3=%%c
    set x4=%%d
    set x6=%%e
    for %%i in (!x1! !x2! !x3! !x4!) do (
        echo;%%i|findstr "^[0-9]$">nul || echo;%%i|findstr "^[1-9][0-9]$">nul || ^
echo;%%i|findstr "^[1][0-9][0-9]$">nul || echo;%%i|findstr "^[2][0-4][0-9]$">nul || ^
echo;%%i|findstr "^[2][5][0-5]$">nul || echo !input_error!  && goto inputipd
    )
    echo;!x6!|findstr "^[2][4-9]$">nul || echo !input_error!  && goto inputipd
    if !x6! == 29 (
        set /a n=!x4! %% 8
        if !n! neq 0 echo !input_error!  && goto inputipd
        set /a x4=!x4!+1
        set /a x5=!x4!+4
        set /a x7=x5+1
        set x6=248)
    if !x6! == 28 (
        set /a n=!x4! %% 16
        if !n! neq 0 echo !input_error!  && goto inputipd
        set /a x4=!x4!+1		
        set /a x5=!x4!+12
        set /a x7=x5+1
        set x6=240)
    if !x6! == 27 (
        set /a n=!x4! %% 32
        if !n! neq 0 echo !input_error!  && goto inputipd
        set /a x4=!x4!+1
        set /a x5=!x4!+28
        set /a x7=x5+1
        set x6=224)
    if !x6! == 26 (
        set /a n=!x4! %% 64
        if !n! neq 0 echo !input_error!  && goto inputipd
        set /a x4=!x4!+1
        set /a x5=!x4!+60
        set /a x7=x5+1
        set x6=192)
    if !x6! == 25 (
        set /a n=!x4! %% 128
        if !n! neq 0 echo !input_error!  && goto inputipd
        set /a x4=!x4!+1
        set /a x5=!x4!+124
        set /a x7=x5+1
        set x6=128)
    if !x6! == 24 (
        if !x4! neq 0 echo !input_error!  && goto inputipd
        set /a x4=!x4!+1
        set /a x5=!x4!+252
        set /a x7=x5+1
        set x6=0)
)
goto start_configure

:: ============================================================================================
:: 设置网卡获取IP方式为DHCP
:ipbydhcp
netsh interface ip set address name="!ethname!" source=DHCP >nul 2>nul
netsh interface ip set dns name="!ethname!" source=DHCP >nul 2>nul
echo.&echo  !ethname!已设置为DHCP获取IP，请按任意键返回主菜单 && pause >nul 2>nul & goto menu 

:: ============================================================================================
:: 设置administrator密码
:resetpass
cls
echo.
echo  设置管理员用户administrator的密码
:inputpwd
echo.
set "var1=本脚本不支持 ^!^#^^^&^|^"^<^> 这些字符 ！"
set "var2=如有以上字符会导致用户密码无效 ！"
echo  !var1!
echo  !var2!
echo  !var2!
echo  !var2!
echo.
set "chars=^^! ^^# ^^ ^^& ^^| ^^" ^< ^>"
set pwd=0
set /p "pwd=请输入要设置的密码: "
if %pwd% == 0 goto menu
for %%i in (!chars!) do set pwd=!pwd:^%%i=!
echo.
net user administrator %pwd% >nul 2>nul && (echo 密码设置成功) || (echo 密码不满足密码策略的要求,请重新输入... && goto inputpwd )
echo.
echo  请按任意键返回主菜单 && pause >nul 2>nul & goto menu

:: ============================================================================================
:: 修改远程桌面端口号
:setremoveport
cls
echo.
set n=1
for /f "tokens=1-3 delims= " %%i in ('tasklist /svc ^| findstr "TermService"') do (
    set pid=%%j
    set /a n+=1
)
set /a n=!n!-1
if !n! == 1 (
    for /f "tokens=1-3 delims=: " %%a in ('netstat -p tcp -ano ^| findstr "!pid!"') do (set "removeport=%%c")
    echo.
    echo  系统当前远程端口号是: !removeport!
) else echo  远程桌面服务没有开启，按任意键返回主菜单 && pause >nul 2>nul && goto menu
echo.
echo  远程桌面端口号范围:1024-65535 不能与其他端口冲突
:resetremoveport
echo.
set port=init
set /p port=请输入要设置的端口号: 
if %port% == 0 goto menu
echo.
set /a %port% 2>nul || (echo !port_error!  & goto resetremoveport)
if !port! geq 1024 if !port! leq 65535 goto portok
echo !port_error!  & goto resetremoveport

:portok
netsh advfirewall firewall delete rule name="Allow %port%"  >nul 2>nul
netsh advfirewall firewall add rule name="Allow %port%" protocol=TCP dir=in localport=%port% action=allow >nul && (echo 防火墙允许%port%端口)
echo 正在设置远程端口号...
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t reg_dword /d %port% /f  >nul
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t reg_dword /d %port% /f  >nul
ping 127.1 -n 2 >nul
echo 远程端口号设置完成
echo 正在重启远程桌面服务...
net stop UmRdpService >nul 2>nul
net stop TermService >nul 2>nul
ping 127.1 -n 5 >nul 2>nul
net start TermService >nul 2>nul
ping 127.1 -n 2 >nul
echo 远程桌面服务重启完毕
echo.
echo 请按任意键返回主菜单 && pause >nul 2>nul & goto menu

:: ============================================================================================
:: 防火墙允许指定端口号
:allowport
cls
echo.
set port=init
set /p port=请输入要允许的端口号: 
if %port% == 0 goto menu
set /a %port% 2>nul || (echo !port_error! & goto allowport)
echo.
if !port! geq 1024 if !port! leq 65535 goto portok2
echo !port_error!  & goto allowport
:portok2
netsh advfirewall firewall delete rule name="Allow %port%"  >nul 2>nul
netsh advfirewall firewall add rule name="Allow %port%" protocol=TCP dir=in localport=%port% action=allow >nul && (echo 防火墙允许%port%端口)
echo.
echo 请按任意键返回主菜单 && pause >nul 2>nul & goto menu

:: ============================================================================================
:: 配置防火墙和开启远程桌面
:secset
cls
echo.
set tip=init
echo 设置防火墙阻止TCP和UDP端口135\137\138\139\445
set /p tip=允许PING,开启远程桌面，确认请按Enter键开始配置... 
if %tip% == 0 goto menu
echo 正在配置防火墙、允许PING、开启远程
:: 禁用所有入站规则
netsh advfirewall firewall set rule name=all dir=in new enable=no >nul 2>nul
:: 添加阻止TCP和UDP连接的端口(135\137\138\139\445)
netsh advfirewall firewall delete rule name="DENY tcp 135"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY tcp 135" protocol=TCP dir=in localport=135 action=block >nul && (echo DENY tcp 135)
netsh advfirewall firewall delete rule name="DENY udp 135"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY udp 135" protocol=UDP dir=in localport=135 action=block >nul && (echo DENY udp 135)
netsh advfirewall firewall delete rule name="DENY tcp 137"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY tcp 137" protocol=TCP dir=in localport=137 action=block >nul && (echo DENY tcp 137)
netsh advfirewall firewall delete rule name="DENY udp 137"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY udp 137" protocol=UDP dir=in localport=137 action=block >nul && (echo DENY udp 137)
netsh advfirewall firewall delete rule name="DENY tcp 138"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY tcp 138" protocol=TCP dir=in localport=138 action=block >nul && (echo DENY tcp 138)
netsh advfirewall firewall delete rule name="DENY udp 138"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY udp 138" protocol=UDP dir=in localport=138 action=block >nul && (echo DENY udp 138)
netsh advfirewall firewall delete rule name="DENY tcp 139"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY tcp 139" protocol=TCP dir=in localport=139 action=block >nul && (echo DENY tcp 139)
netsh advfirewall firewall delete rule name="DENY udp 139"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY udp 139" protocol=UDP dir=in localport=139 action=block >nul && (echo DENY udp 139)
netsh advfirewall firewall delete rule name="DENY tcp 445"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY tcp 445" protocol=TCP dir=in localport=445 action=block >nul && (echo DENY tcp 445)
netsh advfirewall firewall delete rule name="DENY udp 445"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY udp 445" protocol=UDP dir=in localport=445 action=block >nul && (echo DENY udp 445)
:: 允许PING
netsh advfirewall firewall set rule name="文件和打印机共享(回显请求 - ICMPv4-In)" dir=in new enable=yes >nul && (echo 允许 PING)
netsh advfirewall firewall set rule name="文件和打印机共享(回显请求 - ICMPv6-In)" dir=in new enable=yes >nul 2>nul
:: 启用远程桌面
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f >nul && (echo 开启远程桌面)
:: 防火允许远程连接
netsh advfirewall firewall set rule name="远程桌面(TCP-In)" dir=in new enable=yes >nul && (echo 防火墙允许远程桌面) || ^
netsh advfirewall firewall set rule name="远程桌面 - 用户模式(TCP-In)" dir=in new enable=yes >nul && (echo 防火墙允许远程桌面)
netsh advfirewall firewall set rule name="远程桌面 - 用户模式(UDP-In)" dir=in new enable=yes >nul 2>nul
netsh advfirewall firewall set rule name="远程桌面 - 远程监控(TCP-In)" dir=in new enable=yes >nul 2>nul
netsh advfirewall firewall set rule name="远程桌面 - RemoteFX (TCP-In)" dir=in new enable=yes >nul 2>nul
:: 远程桌面安全验证 0 为允许任何链接  1为仅允许安全的连接
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "UserAuthentication" /t REG_DWORD /d "0" /f >nul 2>nul
:: 关闭磁盘自检
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t reg_multi_sz /d "" /f >nul 2>nul
:: 关闭意外重启进入修复模式
bcdedit /set {default} bootstatuspolicy ignoreallfailures >nul 2>nul
bcdedit /set {current} recoveryenabled No >nul 2>nul
:: 服务可进行的最大正时间校准量调整为总是校准时间
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config" /v MaxNegPhaseCorrection /t REG_DWORD /d "0xFFFFFFFF" /f >nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config" /v MaxPosPhaseCorrection /t REG_DWORD /d "0xFFFFFFFF" /f >nul 2>nul
:: 与time.windows.com时间同步
sc config w32time start= auto >nul 2>nul
net stop w32time >nul 2>nul
net start w32time >nul 2>nul
net time \\127.0.0.1 /setsntp:time.windows.com >nul 2>nul
w32tm /config /manualpeerlist:time.windows.com,0x8 /syncfromflags:MANUAL >nul 2>nul
w32tm /resync >nul 2>nul
:: 关闭IE ESC yes 为关闭  no为开启
reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Enable Browser Extensions" /d "yes" /t REG_SZ /f >nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Play_Animations" /d "yes" /t REG_SZ /f >nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Play_Background_Sounds" /d "yes" /t REG_SZ /f >nul 2>nul
:: 开启防火墙
netsh advfirewall set allprofiles state on >nul 2>nul && (echo 防火墙已开启)
echo.
echo 设置完成，请按任意键返回主菜单 && pause >nul 2>nul & goto menu

:speedtest_cli
set speedtestfile=C:\Windows\System32\speedtest.exe
if not exist !speedtestfile! (
    powershell Invoke-WebRequest -Uri "http://198.200.51.51/speedtest.exe" -OutFile "C:\Windows\System32\speedtest.exe"
    speedtest.exe --accept-license 2>null
    ) else (
    speedtest.exe --accept-license 2>null
    )
echo.
echo 请按任意键返回主菜单 && pause >nul 2>nul & goto menu

:iperf3_test
cls
set "SV2_SERVER=142.4.97.233"
set "SV6_SERVER=107.148.199.113"
set "LA2_SERVER=107.148.135.25"
set iperf3file=C:\Windows\System32\iperf3.exe
if not exist !iperf3file! (
    echo.&&echo   正在下载 iperf3...
    powershell Invoke-WebRequest -Uri "http://198.200.51.51/iperf3/cygwin1.dll" -OutFile "C:\Windows\System32\cygwin1.dll"
    powershell Invoke-WebRequest -Uri "http://198.200.51.51/iperf3/iperf3.exe" -OutFile "C:\Windows\System32\iperf3.exe"
    ) else (
    echo.&&echo   已经下载 iperf3...
    )
:choice_SERVER
echo   可选iperf3测速节点
echo   1 SV2
echo   2 SV6
echo   3 LA2
set choice=init
set /p choice=请选择测速节点ID[1-3]: 
if  "%choice%"=="0"  goto menu
if  "%choice%"=="cmd"  cmd
if  "%choice%"=="1" (
    echo.&&echo 测试本机到SV2节点上传带宽...
    iperf3 -c !SV2_SERVER!
    echo.&&echo 测试本机到SV2节点下载带宽...
    iperf3 -c !SV2_SERVER! -R
    echo 请按任意键返回主菜单 && pause >nul 2>nul & goto menu)
if  "%choice%"=="2" (
    echo.&&echo 测试本机到SV6节点上传带宽...
    iperf3 -c !SV6_SERVER!
    echo.&&echo 测试本机到SV6节点下载带宽...
    iperf3 -c !SV6_SERVER! -R
    echo 请按任意键返回主菜单 && pause >nul 2>nul & goto menu)
if  "%choice%"=="3" (
    echo.&&echo 测试本机到LA2节点上传带宽...
    iperf3 -c !LA2_SERVER!
    echo.&&echo 测试本机到LA2节点下载带宽...
    iperf3 -c !LA2_SERVER! -R
    echo 请按任意键返回主菜单 && pause >nul 2>nul & goto menu)
echo !input_error! && goto choice_SERVER



:: ############################################################################################
:en
:: Title
title WinTools Applicable to win7/2008+ system  --By Shihua

:: Global variable,DNS
set dns1=8.8.8.8
set dns2=8.8.4.4
set "input_error=Input error,please retype..."
set "port_error=Input error,range:1024-65535 please retype..."
set ver=2.6
:: init
goto menu_en
:: ============================================================================================
:: menu_en
:menu_en
cls
echo.
echo  Windows system tools [!ver!]  --By Saiwa
echo  --------------------------------------------------------
echo   1 Configure continuous IP
echo   2 Configure a subnet IP
echo   3 Configure the man IP
echo   4 Set get IP by DHCP
echo   5 Show^&Set RDP port
echo   6 Set administrator's pwd
echo   7 Set firewall allow your port
echo   8 Enable RDP and close unsafe port
echo   9 Download and run speedtest_cli
echo   a Download and run iperf3_cli
echo   q Exit
echo  --------------------------------------------------------
echo   Instructions:
echo   1. Any waiting for input, input "0" return the menu
echo   2. All IP configurations only applies if the gateway
echo      is the last available IP of the subnet
:rechoice_en
echo.
set choice=init
set /p choice=Pls input: 
if  "%choice%"=="0"  goto menu_en
if  "%choice%"=="cmd"  cmd
echo;%choice%|findstr "^[1-9aq]$">nul || echo.&&echo !input_error!&&goto rechoice_en
echo;%choice%|findstr "^[1-4]$">nul && goto getname_en
if  "%choice%"=="5"  goto setremoveport_en
if  "%choice%"=="6"  goto resetpass_en
if  "%choice%"=="7"  goto allowport_en
if  "%choice%"=="8"  goto secset_en
if  "%choice%"=="9"  goto speedtest_cli_en
if  "%choice%"=="a"  goto iperf3_en
if  "%choice%"=="q"  exit

:: ============================================================================================
:: Get Connected NIC
:getname_en
cls
echo.
set i=1
for /f "tokens=3*" %%a in ('netsh interface show interface ^| findstr "Connected"') do (
    set "ethname!i!=%%b"
    set /a i+=1
)
set /a i=%i%-1
if defined ethname1 (
    if !i! == 1 (
        echo The connected NIC only: !ethname1!
        set "ethname=!ethname1!"
        goto inputbegin_en )
    echo The connected NIC as follows:
    for /l %%j in (1,1,!i!) do (
        echo  %%j. !ethname%%j!
        )
) else echo No available NIC... Press any key to return menu. && pause >nul 2>nul & goto menu_en
set nic=init
set /p nic=Pls select NIC [1-!i!]: 
if  "%nic%"=="0" goto menu_en
echo;%nic%|findstr "^[1-!i!]$">nul || (cls&&echo.&&echo !input_error! && goto getname_en)
set "ethname=!ethname%nic%!"
echo.&echo  The IP will be configured on the "!ethname!"
:inputbegin_en
if  "%choice%"=="1"  goto inputipm_en
if  "%choice%"=="2"  goto inputipd_en
if  "%choice%"=="3"  goto inputips_en
if  "%choice%"=="4"  goto ipbydhcp_en

:: ============================================================================================
:: Configure the man IP
:inputips_en
echo.
echo Man IP example: 108.186.1.1/27
set "ips=init"
set /p ips=Pls input man IP: 
if %ips% == 0 goto menu_en
for /f "tokens=1-5* delims=./ " %%a in ("!ips!") do (
    set x1=%%a
    set x2=%%b
    set x3=%%c
    set x4=%%d
    set x5=%%e
)
for %%i in (!x1! !x2! !x3! !x4! !x5!) do (
    set /a %%i 2>nul || (echo !input_error! & goto inputips_en)
)
if !x1! geq 1 if !x1! leq 255 if !x2! geq 0 if !x2! leq 255 ^
if !x3! geq 0 if !x3! leq 255 if !x4! geq 0 if !x4! leq 255 ^
if !x5! geq 24 if !x5! leq 29 goto inputok_en
cls
echo.
echo !input_error!  & goto inputips_en

:inputok_en
    if !x5! == 29 (
    set x6=248
    set /a n=!x4!/8
    set /a m=!n!*8
    set /a x7=!m!+6 )
    if !x5! == 28 (
    set x6=240
    set /a n=!x4!/16
    set /a m=!n!*16
    set /a x7=!m!+14 )
    if !x5! == 27 (
    set x6=224
    set /a n=!x4!/32
    set /a m=!n!*32
    set /a x7=!m!+30 )
    if !x5! == 26 (
    set x6=192
    set /a n=!x4!/64
    set /a m=!n!*64
    set /a x7=!m!+62 )
    if !x5! == 25 (
    set x6=128
    set /a n=!x4!/128
    set /a m=!n!*128
    set /a x7=!m!+126 )
    if !x5! == 24 (
    set x6=0
    set m=0
    set x7=254 )
    if !x4! leq !m! echo !input_error! && goto inputips_en
    if !x4! geq !x7! echo !input_error! && goto inputips_en
    set addr=!x1!.!x2!.!x3!.!x4!
    set netmask=255.255.255.!x6!
    set gateway=!x1!.!x2!.!x3!.!x7!
echo.
echo The IP details as follows:
echo.
echo Man  IP: !addr!
echo NetMask: !netmask!
echo Gateway: !gateway!
echo DNS1: !dns1!
echo DNS2: !dns2!
echo.
set tip=init
set /p tip=Please confirm then press Enter... 
if  "%tip%"=="0"  goto menu_en
echo Configuring the man IP...
netsh interface ip set address name="!ethname!" source=static addr=!addr! mask=!netmask! gateway=!gateway! 1
netsh interface ip set dns name="!ethname!" source=static addr=!dns1! >/nul
netsh interface ip add dns "!ethname!" addr=!dns2! index=2 >/nul
ping 127.1 -n 5 >nul
echo Configuration done
echo.
ping www.baidu.com
::echo.
::ping www.baidu.com >nul && (echo The network is ok.) || (echo The network is bad)
:configmore_en
echo.
set next=init
set /p next=1.Configure continuous IP; 2.Configure a subnet IP; Else return menu: 
if  "%next%"=="0"  goto menu_en
if !next! == 1 goto inputipm_en
if !next! == 2 goto inputipd_en
goto menu_en

:: ============================================================================================
:: Configure continuous IP
:inputipm_en
echo.
echo  Example: 108.186.1.1/27-108.186.1.10/27
echo  Pls input: 108.186.1.1-10/27
echo.
set ipm=init
set /p ipm=Pls input continuous IP: 
if "%ipm%" == "0" goto menu_en
echo.
for /f "tokens=1-6* delims=./- " %%a in ("!ipm!") do (
    set x1=%%a
    set x2=%%b
    set x3=%%c
    set x4=%%d
    set x5=%%e
    set x6=%%f
    for %%i in (!x1! !x2! !x3! !x4! !x5!) do (
        echo;%%i|findstr "^[0-9]$">nul || echo;%%i|findstr "^[1-9][0-9]$">nul || ^
echo;%%i|findstr "^[1][0-9][0-9]$">nul || echo;%%i|findstr "^[2][0-4][0-9]$">nul || ^
echo;%%i|findstr "^[2][5][0-5]$">nul || echo !input_error!  && goto inputipm_en	
    )
    echo;!x6!|findstr "^[2][4-9]$">nul || echo !input_error!  && goto inputipm_en
    if !x6! == 29 (
    set x6=248
    set /a n=!x4!/8
    set /a m=!n!*8
    set /a x7=!m!+6 )
    if !x6! == 28 (
    set x6=240
    set /a n=!x4!/16
    set /a m=!n!*16
    set /a x7=!m!+14 )
    if !x6! == 27 (
    set x6=224
    set /a n=!x4!/32
    set /a m=!n!*32
    set /a x7=!m!+30 )
    if !x6! == 26 (
    set x6=192
    set /a n=!x4!/64
    set /a m=!n!*64
    set /a x7=!m!+62 )
    if !x6! == 25 (
    set x6=128
    set /a n=!x4!/128
    set /a m=!n!*128
    set /a x7=!m!+126 )
    if !x6! == 24 (
    set x6=0
    set m=0
    set x7=254 )
    if !x4! leq !m! (echo !input_error! & goto inputipm_en)
    if !x4! geq !x7! (echo !input_error! & goto inputipm_en)
    if !x5! lss !x4! (echo !input_error! & goto inputipm_en)
    if !x5! geq !x7!  (echo !input_error! & goto inputipm_en)
)
:start_configure_en
set start_ip=!x1!.!x2!.!x3!.!x4!
set end_ip=!x1!.!x2!.!x3!.!x5!
set netmask=255.255.255.!x6!
set gateway=!x1!.!x2!.!x3!.!x7!
echo.
echo The continuous IP details as follows:
echo.
echo Start IP: !start_ip!
echo End   IP: !end_ip!
echo Gateway : !gateway!
echo Netmask : !netmask!
set net=!x1!.!x2!.!x3!
echo.
set tip=init
set /p tip=Please confirm then press Enter...
if  "%tip%"=="0"  goto menu_en
echo.
for /l %%i in (!x4!,1,!x5!) do netsh interface ip add address "!ethname!" !net!.%%i !netmask! >nul && (echo !net!.%%i added "!ethname!" )
netsh interface ip add address "!ethname!" gateway=!gateway! gwmetric=2 >/nul
netsh interface ip set dns name="!ethname!" source=static addr=!dns1! >/nul
netsh interface ip add dns "!ethname!" addr=!dns2! index=2 >/nul
echo.
ping www.baidu.com >nul && (echo The network is ok.) || (echo The network is bad.)
goto configmore_en

:: ============================================================================================
:: Configure a subnet IP
:inputipd_en
echo.
echo  Only support subnet with /24,/25,/26,/27,/28,/29.
echo  Example: 108.186.1.0/24
echo.
set ipd=init
set /p ipd=Pls input a subnet IP: 
if "%ipd%" == "0" goto menu_en
for /f "tokens=1-5* delims=./ " %%a in ("!ipd!") do (
    set x1=%%a
    set x2=%%b
    set x3=%%c
    set x4=%%d
    set x6=%%e
    for %%i in (!x1! !x2! !x3! !x4!) do (
        echo;%%i|findstr "^[0-9]$">nul || echo;%%i|findstr "^[1-9][0-9]$">nul || ^
echo;%%i|findstr "^[1][0-9][0-9]$">nul || echo;%%i|findstr "^[2][0-4][0-9]$">nul || ^
echo;%%i|findstr "^[2][5][0-5]$">nul || echo !input_error!  && goto inputipd_en
    )
    echo;!x6!|findstr "^[2][4-9]$">nul || echo !input_error!  && goto inputipd_en
    if !x6! == 29 (
        set /a n=!x4! %% 8
        if !n! neq 0 echo !input_error!  && goto inputipd_en
        set /a x4=!x4!+1
        set /a x5=!x4!+4
        set /a x7=x5+1
        set x6=248)
    if !x6! == 28 (
        set /a n=!x4! %% 16
        if !n! neq 0 echo !input_error!  && goto inputipd_en
        set /a x4=!x4!+1		
        set /a x5=!x4!+12
        set /a x7=x5+1
        set x6=240)
    if !x6! == 27 (
        set /a n=!x4! %% 32
        if !n! neq 0 echo !input_error!  && goto inputipd_en
        set /a x4=!x4!+1
        set /a x5=!x4!+28
        set /a x7=x5+1
        set x6=224)
    if !x6! == 26 (
        set /a n=!x4! %% 64
        if !n! neq 0 echo !input_error!  && goto inputipd_en
        set /a x4=!x4!+1
        set /a x5=!x4!+60
        set /a x7=x5+1
        set x6=192)
    if !x6! == 25 (
        set /a n=!x4! %% 128
        if !n! neq 0 echo !input_error!  && goto inputipd_en
        set /a x4=!x4!+1
        set /a x5=!x4!+124
        set /a x7=x5+1
        set x6=128)
    if !x6! == 24 (
        if !x4! neq 0 echo !input_error!  && goto inputipd_en
        set /a x4=!x4!+1
        set /a x5=!x4!+252
        set /a x7=x5+1
        set x6=0)
)
goto start_configure_en

:: ============================================================================================
:: Set get IP by DHCP
:ipbydhcp_en
netsh interface ip set address name="!ethname!" source=DHCP >nul 2>nul
netsh interface ip set dns name="!ethname!" source=DHCP >nul 2>nul
echo.&echo  !ethname! Set to get IP for DHCP, press any key return menu && pause >nul 2>nul & goto menu_en 

:: ============================================================================================
:: Set administrator's password
:resetpass_en
cls
echo.
echo  Now reset administrator's password
:inputpwd_en
echo.
set "var1=Not support ^!^#^^^&^|^"^<^> characters!"
set "var2=If the above characters will cause the user password invalid."
echo  !var1!
echo  !var2!
echo  !var2!
echo  !var2!
echo.
set "chars=^^! ^^# ^^ ^^& ^^| ^^" ^< ^>"
set pwd=0
set /p "pwd=Pls input new password: "
if %pwd% == 0 goto menu_en
for %%i in (!chars!) do set pwd=!pwd:^%%i=!
echo.
net user administrator %pwd% >nul 2>nul && (echo Password set done) || (echo Password does not meet the requirements, please re-enter... && goto inputpwd_en )
echo.
echo  press any key return menu && pause >nul 2>nul & goto menu_en

:: ============================================================================================
:: Show&Set RDP port
:setremoveport_en
cls
echo.
set n=1
for /f "tokens=1-3 delims= " %%i in ('tasklist /svc ^| findstr "TermService"') do (
    set pid=%%j
    set /a n+=1
)
set /a n=!n!-1
if !n! == 1 (
    for /f "tokens=1-3 delims=: " %%a in ('netstat -p tcp -ano ^| findstr "!pid!"') do (set "removeport=%%c")
    echo.
    echo  Now the RDP port is: !removeport!
) else echo  RDP service is not enable,press any key return menu && pause >nul 2>nul && goto menu_en
echo.
echo  RDP port number range: 1024-65535; cannot conflict with other ports
:resetremoveport_en
echo.
set port=init
set /p port=Pls input new port: 
if %port% == 0 goto menu_en
echo.
set /a %port% 2>nul || (echo !port_error!  & goto resetremoveport_en)
if !port! geq 1024 if !port! leq 65535 goto portok_en
echo !port_error!  & goto resetremoveport_en

:portok_en
netsh advfirewall firewall delete rule name="Allow %port%"  >nul 2>nul
netsh advfirewall firewall add rule name="Allow %port%" protocol=TCP dir=in localport=%port% action=allow >nul && (echo firewall allow %port% port)
echo Configuring RDP ports...
reg add "HKLM/SYSTEM/CurrentControlSet/Control/Terminal Server/Wds/rdpwd/Tds/tcp" /v PortNumber /t reg_dword /d %port% /f  >nul
reg add "HKLM/SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp" /v PortNumber /t reg_dword /d %port% /f  >nul
ping 127.1 -n 2 >nul
echo Configuration done
echo Restart RDP service...
net stop UmRdpService >nul 2>nul
net stop TermService >nul 2>nul
ping 127.1 -n 5 >nul 2>nul
net start TermService >nul 2>nul
ping 127.1 -n 2 >nul
echo Restart done
echo.
echo Press any key return menu && pause >nul 2>nul & goto menu_en

:: ============================================================================================
:: firewall allows you to specify a port number
:allowport_en
cls
echo.
set port=init
set /p port=Pls input port number: 
if %port% == 0 goto menu_en
set /a %port% 2>nul || (echo !port_error! & goto allowport_en)
echo.
if !port! geq 1024 if !port! leq 65535 goto portok2_en
echo !port_error!  & goto allowport_en
:portok2_en
netsh advfirewall firewall delete rule name="Allow %port%"  >nul 2>nul
netsh advfirewall firewall add rule name="Allow %port%" protocol=TCP dir=in localport=%port% action=allow >nul && (echo firewall allow %port% port)
echo.
echo Press any key return menu && pause >nul 2>nul & goto menu_en

:: ============================================================================================
:: Configure firewalls and enable RDP
:secset_en
cls
echo.
set tip=init
echo Set firewall denny port=135,137,138,139,445/TCP^&UDP
set /p tip=Allow PING,enable RDP,Please confirm then press Enter... 
if %tip% == 0 goto menu_en
echo Configure firewalls/allow PING/enable RDP
:: Disable all inbound rules
netsh advfirewall firewall set rule name=all dir=in new enable=no >nul 2>nul
:: Deny TCP&UDP ports(135/137/138/139/445)
netsh advfirewall firewall delete rule name="DENY tcp 135"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY tcp 135" protocol=TCP dir=in localport=135 action=block >nul && (echo DENY tcp 135)
netsh advfirewall firewall delete rule name="DENY udp 135"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY udp 135" protocol=UDP dir=in localport=135 action=block >nul && (echo DENY udp 135)
netsh advfirewall firewall delete rule name="DENY tcp 137"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY tcp 137" protocol=TCP dir=in localport=137 action=block >nul && (echo DENY tcp 137)
netsh advfirewall firewall delete rule name="DENY udp 137"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY udp 137" protocol=UDP dir=in localport=137 action=block >nul && (echo DENY udp 137)
netsh advfirewall firewall delete rule name="DENY tcp 138"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY tcp 138" protocol=TCP dir=in localport=138 action=block >nul && (echo DENY tcp 138)
netsh advfirewall firewall delete rule name="DENY udp 138"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY udp 138" protocol=UDP dir=in localport=138 action=block >nul && (echo DENY udp 138)
netsh advfirewall firewall delete rule name="DENY tcp 139"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY tcp 139" protocol=TCP dir=in localport=139 action=block >nul && (echo DENY tcp 139)
netsh advfirewall firewall delete rule name="DENY udp 139"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY udp 139" protocol=UDP dir=in localport=139 action=block >nul && (echo DENY udp 139)
netsh advfirewall firewall delete rule name="DENY tcp 445"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY tcp 445" protocol=TCP dir=in localport=445 action=block >nul && (echo DENY tcp 445)
netsh advfirewall firewall delete rule name="DENY udp 445"  >nul 2>nul
netsh advfirewall firewall add rule name="DENY udp 445" protocol=UDP dir=in localport=445 action=block >nul && (echo DENY udp 445)
:: allow PING
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" dir=in new enable=yes >nul && (echo Allow PING)
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv6-In)" dir=in new enable=yes >nul 2>nul
:: enable rdp
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f >nul 2>nul && (echo Enalbed RDP)
:: firewall allow rdp service
netsh advfirewall firewall set rule name="Remote Desktop (TCP-In)" dir=in new enable=yes >nul && (echo firewall allowed RDP service/TCP) || ^
netsh advfirewall firewall set rule name="Remote Desktop - User Mode (TCP-In)" dir=in new enable=yes >nul && (echo firewall allowed RDP service/TCP)
netsh advfirewall firewall set rule name="Remote Desktop (TCP-In)" dir=in new enable=yes >nul && (echo firewall allowed RDP service/UDP) || ^
netsh advfirewall firewall set rule name="Remote Desktop - User Mode (UDP-In)" dir=in new enable=yes >nul && (echo firewall allowed RDP service/UDP)
netsh advfirewall firewall set rule name="Remote Desktop (TCP-In)" dir=in new enable=yes >nul 2>nul
netsh advfirewall firewall set rule name="Remote Desktop - RemoteFX (TCP-In)" dir=in new enable=yes >nul 2>nul
netsh advfirewall firewall set rule name="Remote Desktop - User Mode (UDP-In)" dir=in new enable=yes >nul 2>nul
:: Remote desktop security verification 0 to allow any link 1 to allow only secure connections
reg add "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp" /v "UserAuthentication" /t REG_DWORD /d "0" /f >nul 2>nul
:: no autochk_disk
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t reg_multi_sz /d "" /f >nul 2>nul
:: no recovery mode
bcdedit /set {default} bootstatuspolicy ignoreallfailures >nul 2>nul
bcdedit /set {current} recoveryenabled No >nul 2>nul
:: rsync time
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config" /v MaxNegPhaseCorrection /t REG_DWORD /d "0xFFFFFFFF" /f >nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config" /v MaxPosPhaseCorrection /t REG_DWORD /d "0xFFFFFFFF" /f >nul 2>nul
sc config w32time start= auto >nul 2>nul
net stop w32time >nul 2>nul
net start w32time >nul 2>nul
net time \\127.0.0.1 /setsntp:time.windows.com >nul 2>nul
w32tm /config /manualpeerlist:time.windows.com,0x8 /syncfromflags:MANUAL >nul 2>nul
w32tm /resync >nul 2>nul
:: close IE ESC, yes for off, no for on
reg add "HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main" /v "Enable Browser Extensions" /d "yes" /t REG_SZ /f >nul 2>nul
reg add "HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main" /v "Play_Animations" /d "yes" /t REG_SZ /f >nul 2>nul
reg add "HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main" /v "Play_Background_Sounds" /d "yes" /t REG_SZ /f >nul 2>nul
:: Enable Firewall
netsh advfirewall set allprofiles state on >nul 2>nul && (echo Firewall enabled)
echo.
echo Set done, Press any key return menu && pause >nul 2>nul & goto menu_en

:speedtest_cli_en
set speedtestfile=C:\Windows\System32\speedtest.exe
if not exist !speedtestfile! (
    powershell Invoke-WebRequest -Uri "http://198.200.51.51/speedtest.exe" -OutFile "C:\Windows\System32\speedtest.exe"
    speedtest.exe --accept-license 2>null
    ) else (
    speedtest.exe --accept-license 2>null
    )
echo.
echo Press any key return menu && pause >nul 2>nul & goto menu_en

:iperf3_en
set "SV2_SERVER=142.4.97.233"
set "SV6_SERVER=107.148.199.113"
set "LA2_SERVER=107.148.135.25"
set iperf3file=C:\Windows\System32\iperf3.exe
if not exist !iperf3file! (
    echo.&&echo   Downloading iperf3...
    powershell Invoke-WebRequest -Uri "http://198.200.51.51/iperf3/cygwin1.dll" -OutFile "C:\Windows\System32\cygwin1.dll"
    powershell Invoke-WebRequest -Uri "http://198.200.51.51/iperf3/iperf3.exe" -OutFile "C:\Windows\System32\iperf3.exe"
    ) else (
    echo.&&echo   Downloaded iperf3...
    )
:choice_SERVER_en
echo   iperf3 Server List
echo   1 SV2
echo   2 SV6
echo   3 LA2
set choice=init
set /p choice=Pls server id[1-3]: 
if  "%choice%"=="0"  goto menu_en
if  "%choice%"=="cmd"  cmd
if  "%choice%"=="1" (
    echo.&&echo Test Upload to SV2...
    iperf3 -c !SV2_SERVER!
    echo.&&echo Test Download from SV2...
    iperf3 -c !SV2_SERVER! -R
    echo Press any key return menu && pause >nul 2>nul & goto menu_en)
if  "%choice%"=="2" (
    echo.&&echo Test Upload to SV6......
    iperf3 -c !SV6_SERVER!
    echo.&&echo Test Download from SV6...
    iperf3 -c !SV6_SERVER! -R
    echo Press any key return menu && pause >nul 2>nul & goto menu_en)
if  "%choice%"=="3" (
    echo.&&echo Test Upload to LA2......
    iperf3 -c !LA2_SERVER!
    echo.&&echo Test Download from LA2...
    iperf3 -c !LA2_SERVER! -R
    echo Press any key return menu && pause >nul 2>nul & goto menu_en)
echo !input_error! && goto choice_SERVER_en