Microsoft's win2000 Server version includes a Terminal Service named Terminal Service, which is based on the Remote Desktop Protocol RDP. It is fast and stable. It is a good remote management software, however, this terminal service is inconvenient:
First, there is no port change,Terminal Services can only use the default port 3389. For a careful administrator, if the server is on port 3389, anyone can go up and try the password. In addition, the vulnerability of Microsoft input method in the past does not require the password to be the System permission.
Second, there is no complete function log,In this way, no one knows when to connect. In fact, both of these problems can be easily solved. For the port problem, Microsoft provides a way to allow users to change the ports on the server and client themselves:
Microsoft's original article is: http://support.microsoft.com/support/kb/articles/q187/6/23.asp?this link is in English. If you want .) Pai_^
1. Step 1: Change the server settings of the terminal service.
Open the registry and find a key value like HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminal ServerWdsRepwdTdsTcp. Do you see the PortNumber? 0xd3d. This is a hexadecimal value, which is 3389. I want to change it... this value is the default value of RDP (Remote Desktop Protocol). That is to say, it is used to configure the newly created RDP service. To change the already created RDP service, go to the next key value:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminalServerWinStations here there should be one or more RDP-TCP-like child keys depending on how many RDP services you have built), just remove PortNumber.
2. Step 2: Change the client.
The server has changed the port while the client port has not changed. Isn't it just a blank eye? Change the client: Open the Client Connection Manager and follow the normal steps to create a client connection shortcut. Select this connection, then select "Export" Menu-> File-> Export) in the "File" Menu. This operation will generate a central File, which is the configuration File of the terminal service client, you can use a text editor such as NotePad) to edit this File, find "Server Port = 3389", change it to the Port you want, and then select Import Menu-> File-> Import ), the client shortcut has become the port you need.
It is imperative that the Terminal Service Client (MSI) and ActiveX versions downloaded from the Microsoft Homepage cannot change the port, you can only use the "Create an installation disk" function provided by Win2000 Server Edition Terminal Service to create a version. This function is available in the "Terminal Service Client builder" Terminal Service Client Creator of the management tool.
For log problems, the Terminal Service actually has the log function. Open the Terminal Service Configration in the management tool and click "Connect ", right-click the RDP service you want to configure, such as the RDP-TCP (Microsoft RDP5.0), select the bookmarks "permission", click "advanced" in the lower left corner, see the above "Review?
Join an Everyone group, which represents all users, then review the "connection", "disconnected", "logout" success and "login" functions and failures is enough. It is not good if there are too many reviews, this review is recorded in security logs and can be viewed in "Administrative Tools"> "Log Viewer.
At present, it is clear when anyone logs in, but it does not record the client's IP address and can only view the ip address of the online user) But records the computer name, if someone else starts a PIG machine name, you have to be ridiculed by him. Let's write a program on our own, and everything will be done. Will you c? I won't. What about vb? I will not ^ _ ^, Delphi ?? I still won't ^ _ ^. Don't worry. If you are the same as me, there is another way to create one. the bat file is called TSLog. bat. This file is used to record the ip address of the publisher. The content is as follows:
Time/t> TSLog. log
Netstat-n-p tcp | find ": 3389"> TSLog. log
Start Explorer
Let me explain the meaning of this file:
The first line is to record the user login Time. Time/t means to directly return the system Time. If no/t is added, the system will wait for you to enter a new Time ), then we use the append symbol.
> Record the time in TSLog. log
The second line is to record the user's ip address. Netstat is a command used to display the current network connection status.-n indicates that the ip address and port are displayed instead of the domain name and protocol.-p tcp indicates that only the tcp protocol is displayed, then, we use the pipeline symbol "|" to output the result of this command to the Find command, and Find the line containing ": 3389" from the output result. This is the line where we need the customer's ip address, if you change the port of the Terminal Service, the value must be changed accordingly ).
Finally, we also redirect this result to the log file TSLog. log. Therefore, in the TSLog. log file, the record format is as follows:
22: 40
TCP 192.168.12.28: 3389 192.168.10.123: 4903 ESTABLISHED
22: 54
TCP/IP 192.168.12.28: 3389 192.168.12.29: 1039 ESTABLISHED
That is to say, as long as the TSLog. bat file is run, all ip addresses connected to port 3389 will be recorded. How can this batch file be run?
We know that the terminal service allows us to customize the starting program for the user. In the terminal service configuration, We overwrite the user's login script settings and specify TSLog. bat is the script that needs to be opened during user login, so every user must execute this script after login, because the default script is equivalent to the SHELL environment) is Explorer Resource Manager), so I am in TSLog. the start Explorer command is added to the last line of bat. If this command is not added, you cannot enter the desktop. Of course, if you only need to give the user a specific SHELL: for example, pai.exedomainword.exe, you can also replace start explorer with any SHELL.
This script can also be written in other ways. For example, it is also a good method to write a script to send the ip address of each login user to its mailbox to an important server.
Under normal circumstances, a general user does not have the permission to view the terminal service settings, so he does not know that you have performed ip review on the login, as long as the TSLog. bat file and TSLog. it is enough to put the log file in a relatively hidden directory, but it should be noted that this is only a simple Terminal Service log strategy, and there are not many security measures and permission mechanisms, if the server has higher security requirements, you still need to purchase intrusion detection software after programming.
Related Articles]
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
