在Win7端设置好共享访问后,Win11再进行如下四步设置,即可快速打通Win11访问Win7的权限。
1.断网情况下开权限。将如下文字另存为.bat文件,用管理员权限运行。
@echo off
ver | findstr "6.1">nul && set bulid=nt6 && goto sc_zd
ver | findstr "10.">nul && set bulid=nt10 && goto sc_zd
ver | findstr "5.">nul && set bulid=nt5 && goto sc_zd
ver | findstr "6.3">nul && set bulid=nt10 && goto sc_zd
ver | findstr "6.2">nul && set bulid=nt10 && goto sc_zd
:sc_zd
net user guest /active:yes>nul 2>nul
net user guest "">nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v forceguest /t REG_DWORD /d 0x1 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0x0 /f>nul 2>nul
if %bulid%==nt10 reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v AllowInsecureGuestAuth /t REG_DWORD /d 0x1 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymoussam /t REG_DWORD /d 0x0 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v LmCompatibilityLevel /t REG_DWORD /d 0x1 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v everyoneincludesanonymous /t REG_DWORD /d 0x1 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v NoLmHash /t REG_DWORD /d 0x0 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v restrictnullsessaccess /t REG_DWORD /d 0x0 /f>nul 2>nul
goto sc_main
:sc_main
sc config LanmanWorkstation start= auto>nul 2>nul
sc config LanmanServer start= auto>nul 2>nul
sc config Winmgmt start= auto>nul 2>nul
sc config RpcSs start= auto>nul 2>nul
sc config Netman start= auto>nul 2>nul
sc config RasMan start= demand>nul 2>nul
sc config SSDPSRV start= auto>nul 2>nul
sc config BFE start= auto>nul 2>nul
sc config ALG start= demand>nul 2>nul
sc config SharedAccess start= auto>nul 2>nul
net start SharedAccess /y>nul 2>nul
sc config Browser start= auto>nul 2>nul
net start Browser /y>nul 2>nul
sc config Dnscache start= auto>nul 2>nul
net start Dnscache /y>nul 2>nul
sc config Dhcp start= auto>nul 2>nul
net start Dhcp /y>nul 2>nul
sc config lmhosts start= auto>nul 2>nul
net start lmhosts /y>nul 2>nul
sc config Spooler start= auto>nul 2>nul
net start Spooler /y>nul 2>nul
sc config upnphost start= demand>nul 2>nul
net start upnphost /y>nul 2>nul
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon" /v Start|findstr "0x4">nul 2>nul && sc config Netlogon start= demand>nul 2>nul
reg add "HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters" /v TransportBindName /t REG_SZ /d \Device\ /f>nul 2>nul
reg delete "HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v SMB1 /F>nul 2>nul
reg delete "HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v SMB2 /F>nul 2>nul
reg delete "HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters" /v SMBDeviceEnabled /F>nul 2>nul
sc config netbt start= system>nul 2>nul
net start netbt>nul 2>nul
if %bulid%==nt5 (goto sc_sernt5) else (goto sc_sernt6)
:sc_sernt5
sc config PlugPlay start= auto>nul 2>nul
sc config TapiSrv start= auto>nul 2>nul
sc config Nla start= auto>nul 2>nul
net start Nla /y>nul 2>nul
netsh firewall set service type = fileandprint mode = enable scope = subnet>nul 2>nul
set "nbt=HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces"
for /f "tokens=2 delims={" %%a in ('reg query "%nbt%"') do (reg query "%nbt%\TCPIP_{%%a" /s|findstr /i /c:"NetbiosOptions">nul && reg add "%nbt%\TCPIP_{%%a" /v NetbiosOptions /t REG_DWORD /d 0x0 /f>nul 2>nul)
goto sc_main2_etc
:sc_sernt6
sc config DcomLaunch start= auto>nul 2>nul
sc config RpcEptMapper start= auto>nul 2>nul
sc config SamSs start= auto>nul 2>nul
sc config nsi start= auto>nul 2>nul
sc config SstpSvc start= demand>nul 2>nul
sc config MpsSvc start= auto>nul 2>nul
net start MpsSvc /y>nul 2>nul
sc config NlaSvc start= auto>nul 2>nul
sc config netprofm start= auto>nul 2>nul
sc config fdPHost start= auto>nul 2>nul
net start fdPHost /y>nul 2>nul
sc config FDResPub start= auto>nul 2>nul
net start FDResPub /y>nul 2>nul
sc config HomeGroupListener start= auto>nul 2>nul
sc config WMPNetworkSvc start= auto>nul 2>nul
net start WMPNetworkSvc /y>nul 2>nul
sc config HomeGroupProvider start= auto>nul 2>nul
net start HomeGroupProvider /y>nul 2>nul
netsh advfirewall firewall set rule group=\" 緢 \" new enable=Yes>nul 2>nul
netsh advfirewall firewall set rule group=\" ļ ʹ ӡ \" new enable=Yes>nul 2>nul
if %bulid%==nt10 powershell -NonInteractive "Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol">nul 2>nul
for /f "delims=" %%a in ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces" /s /e /f "0x2"^|findstr "\Tcpip_"') do reg add "%%a" /v NetbiosOptions /t REG_DWORD /d 0x0 /f>nul 2>nul
:sc_main2_etc
(echo [Unicode]
echo Unicode=yes
echo [Version]
echo signature="$CHICAGO$"
echo Revision=1
echo [Privilege Rights]
echo sedenynetworklogonright =
echo senetworklogonright = Everyone,Administrators,Users,Power Users,Backup Operators,guest)>>%temp%\zcl.inf
secedit /configure /db %temp%\zcl.sdb /cfg %temp%\zcl.inf /log %temp%\zcl.log /quiet
del /q %temp%\zcl.*>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD /d 0x0 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v AutoShareServer /t REG_DWORD /d 0x1 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v AutoShareWks /t REG_DWORD /d 0x1 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters" /v MaintainServerList /t REG_SZ /d Auto /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters" /v IsDomainMaster /t REG_SZ /d FALSE /f>nul 2>nul
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters" /v EnableLMHOSTS|findstr "0x0">nul 2>nul && reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters" /v EnableLMHOSTS /t REG_DWORD /d 0x1 /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" /f>nul 2>nul
net use * /del /y>nul 2>nul
net config server /hidden:no>nul 2>nul
net share ipc$>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters" /v NodeType /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters" /v DhcpNodeType /f>nul 2>nul
2.关闭权限:将如下文本另存为bat,用管理员权限运行,运行完毕后会自动重启。
# 1. 停用 Guest & 恢复安全策略
net user guest /active:no
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v forceguest /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" /v LmCompatibilityLevel /t REG_DWORD /d 3 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v AllowInsecureGuestAuth /t REG_DWORD /d 0 /f
# 2. 彻底禁用 SMBv1
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart
# 3. 重启生效
shutdown /r /t 0
3.链接网络,并开启网络共享和gpedit策略编辑器权限(Win11家庭版默认关闭),开启右键经典菜单等:将如下文本另存为bat,用管理员权限运行。
:: 开启组策略管理器权限
:: pushd "%~dp0"
:: dir /b C:\Windows\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum >List.txt
:: dir /b C:\Windows\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum >>List.txt
:: for /f %%i in ('findstr /i . List.txt 2^>nul') do dism /online /norestart /add-package:"C:\Windows\servicing\Packages\%%i"
:: 启用网络发现和文件共享
netsh advfirewall firewall set rule group="网络发现" new enable=Yes
netsh advfirewall firewall set rule group="文件和打印机共享" new enable=Yes
:: 关闭密码保护共享,即启用组策略管理器:计算机配置→Windows设置→安全设置→本地策略→安全选项→网络访问:本地账户的共享和安全模型:经典-对本地用户进行身份验证,不改变其本来身份
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f
:: 本地组策略编辑器中的计算机配置中的Windows设置中的安全设置中的本地策略中的安全选项中的网络访问:本地账户的共享和安全模型为:经典-对本地用户进行身份验证,不改变其本来身份,对应注册表
:: Windows Registry Editor Version 5.00
::
:: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers]
::
:: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\RPC]
:: "RpcUseNamedPipeProtocol"=dword:00000001
::
:: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
:: "forceguest"=dword:00000000
:: 修复打印机RPC错误
reg add "HKLM\Software\Policies\Microsoft\Windows NT\Printers\RPC" /v RpcUseNamedPipeProtocol /t REG_DWORD /d 1 /f
taskkill /f /im explorer.exe & start explorer.exe
:: 对应注册表:
:: Windows Registry Editor Version 5.00
::
:: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers]
::
:: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\RPC]
:: "RpcUseNamedPipeProtocol"=dword:00000001
:: 重启网络服务,可能没执行,要单独运行
net stop "Function Discovery Resource Publication" && net start "Function Discovery Resource Publication"
:: 显示经典右键菜单,不折叠:不默认显示更多选项
reg add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve
taskkill /f /im explorer.exe & start explorer.exe
4.用管理员权限打开powershell(按start或Windows徽标键,输入powershell,选择管理员权限运行),将下列两项命令分别复制进去,都选Y。
:: 可能要以管理员身份打开 PowerShell,执行下面两条,选择Y
Set-SmbClientConfiguration -RequireSecuritySignature $false
Set-SmbClientConfiguration -EnableInsecureGuestLogons $true
至此,权限打开。可以通过类似\\192.168.1.11或\\USERNAME的方式访问Win7电脑共享文件夹。
