3389IP Log path is C:\WINDOWS\PDPLOG\RDPlog.txt
Program code
Copy Code code as follows:
MD C:\WINDOWS\PDPLOG
echo date/t ^>^>rdplog.txt >>c:\windows\pdplog\pdplog.cmd
echo time/t ^>^>rdplog.txt >>c:\windows\pdplog\pdplog.cmd
echo Netstat-n-P TCP ^| Find ": 3389" ^>^>rdplog.txt >>c:\windows\pdplog\pdplog.cmd
echo Start Explorer >>c:\windows\pdplog\pdplog.cmd
:: Add users each time to enter the Remote Desktop automatically record the use of IP, can be used to find the hacker traces!
REG ADD "hkey_local_machine\system\controlset001\control\terminal server\winstations\rdp-tcp"/V finheritinitialprogram/t reg_dword/d "00000000"/F
Reg ADD "hkey_local_machine\system\controlset001\control\terminal server\winstations\rdp-tcp"/V workdirectory/t REG _SZ/D C:\WINDOWS\PDPLOG\/F
REG ADD "hkey_local_machine\system\controlset001\control\terminal server\winstations\rdp-tcp"/V initialprogram/t REG_SZ/D "C:\WINDOWS\PDPLOG\PdPLOG.CMD"/F
REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal server\winstations\rdp-tcp"/V finheritinitialprogram/t reg_dword/d "00000000"/F
REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal server\winstations\rdp-tcp"/V WorkDirectory/ T reg_sz/d C:\WINDOWS\PDPLOG\/F
REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal server\winstations\rdp-tcp"/V InitialProgram /t reg_sz/d "C:\WINDOWS\PDPLOG\PdPLOG.CMD"/F
Echo Log Remote Desktop IP policy complete! Please press any key to exit!
PAUSE >nul
