Record the batch processing bat for each entry to the 3389 Remote Desktop IP Address

Copy the following code and save it as a batch file. Then double-click it! Copy codeThe Code is as follows: md c: \ WINDOWS \ PDPLOG
Echo date/t ^> RDPlog.txt> C: \ WINDOWS \ PDPLOG \ PdPLOG. CMD
Echo time/t ^> RDPlog.txt> C: \ WINDOWS \ PDPLOG \ PdPLOG. CMD
Echo netstat-n-p tcp ^ | find ": 3389" ^> RDPlog.txt> C: \ WINDOWS \ PDPLOG \ PdPLOG. CMD
Echo start Explorer> C: \ WINDOWS \ PDPLOG \ PdPLOG. CMD

: Add an IP address that is automatically recorded every time a user enters the Remote Desktop to detect hacker traces!
Reg add "HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Terminal Server \ WinStations \ RDP-Tcp"/v fInheritInitialProgram/t REG_DWORD/d "00000000"/f
Reg add "HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Terminal Server \ WinStations \ RDP-Tcp"/v WorkDirectory/t REG_SZ/d C: \ WINDOWS \ PDPLOG \/f
Reg add "HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Terminal Server \ WinStations \ RDP-Tcp"/v InitialProgram/t REG_SZ/d "C: \ WINDOWS \ PDPLOG \ PdPLOG. CMD "/f
Reg add "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ WinStations \ RDP-Tcp"/v fInheritInitialProgram/t REG_DWORD/d "00000000"/f
Reg add "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ WinStations \ RDP-Tcp"/v WorkDirectory/t REG_SZ/d C: \ WINDOWS \ PDPLOG \/f
Reg add "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ WinStations \ RDP-Tcp"/v InitialProgram/t REG_SZ/d "C: \ WINDOWS \ PDPLOG \ PdPLOG. CMD "/f

Echo record Remote Desktop IP policy added! Press any key to exit!
PAUSE> nul

Echo netstat-n-p tcp ^ | find ": 3389" ^> RDPlog.txt> C: \ WINDOWS \ PDPLOG \ PdPLOG. CMD
There is a 3389 number in the above sentence, which is the default port of the Remote Desktop.
If you want to change the Remote Desktop, replace 3389 with your modified port.

View the record in C: \ WINDOWS \ PDPLOG \ RDPlog.txt