3389IP日誌路徑是C:\WINDOWS\PDPLOG\RDPlog.txt
程式碼
複製代碼 代碼如下:
MD C:\WINDOWS\PDPLOG
echo date /t ^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
echo time /t ^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
echo netstat -n -p tcp ^| find ":3389"^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
echo start Explorer >>C:\WINDOWS\PDPLOG\PdPLOG.CMD
:: 添加使用者每次進入遠端桌面時自動記錄下來所用IP,可用來發現駭客蹤跡!
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v WorkDirectory /t REG_SZ /d C:\WINDOWS\PDPLOG\ /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v InitialProgram /t REG_SZ /d "C:\WINDOWS\PDPLOG\PdPLOG.CMD" /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v WorkDirectory /t REG_SZ /d C:\WINDOWS\PDPLOG\ /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v InitialProgram /t REG_SZ /d "C:\WINDOWS\PDPLOG\PdPLOG.CMD" /f
Echo 記錄遠端桌面IP策略添加完畢! 請按任意鍵退出!
PAUSE >nul
