windows服务器记录3389远程桌面IP策略
时间:2021-03-20 10:01:24|栏目:Windows|点击: 次
3389IP日志路径是C:\WINDOWS\PDPLOG\RDPlog.txt
程序代码
MD C:\WINDOWS\PDPLOG
echo date /t ^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
echo time /t ^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
echo netstat -n -p tcp ^| find ":3389"^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
echo start Explorer >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
:: 添加用户每次进入远程桌面时自动记录下来所用IP,可用来发现黑客踪迹!
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v WorkDirectory /t REG_SZ /d C:\WINDOWS\PDPLOG\ /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v InitialProgram /t REG_SZ /d "C:\WINDOWS\PDPLOG\PdPLOG.CMD" /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v WorkDirectory /t REG_SZ /d C:\WINDOWS\PDPLOG\ /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v InitialProgram /t REG_SZ /d "C:\WINDOWS\PDPLOG\PdPLOG.CMD" /f
Echo 记录远程桌面IP策略添加完毕! 请按任意键退出!
PAUSE >nul
程序代码
复制代码 代码如下:
MD C:\WINDOWS\PDPLOG
echo date /t ^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
echo time /t ^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
echo netstat -n -p tcp ^| find ":3389"^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
echo start Explorer >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
:: 添加用户每次进入远程桌面时自动记录下来所用IP,可用来发现黑客踪迹!
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v WorkDirectory /t REG_SZ /d C:\WINDOWS\PDPLOG\ /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v InitialProgram /t REG_SZ /d "C:\WINDOWS\PDPLOG\PdPLOG.CMD" /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v WorkDirectory /t REG_SZ /d C:\WINDOWS\PDPLOG\ /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v InitialProgram /t REG_SZ /d "C:\WINDOWS\PDPLOG\PdPLOG.CMD" /f
Echo 记录远程桌面IP策略添加完毕! 请按任意键退出!
PAUSE >nul
阅读排行
- 1win2003 service pack2 IIS 无法复制CONVLOG.EXE CONVLOG.EX_问题处理
- 2Windows Server 2008 R2 DNS 服务器迁移方法
- 3win2008 IP安全策略关闭端口、禁止ping、修改远程连接3389端口、开放指定端口
- 4man -f/-k [keyword]在fedora 29 中报错nothing appropriate
- 5IP策略实现服务器禁止Ping
- 6win2003开机自动登录后锁定
- 7本地策略提示不能确定应用到此机器的组策略安全性设置的解决方法
- 8限制Win9X/NT系统功能二十六招
- 9windows10彻底关闭自动更新【绝对可行】
- 10win2003 3389手工修改方法