將下面代碼復制到文本文檔中保存后設置車.BAT的批處理文件后運行：

MD C:WINDOWSPDPLOG 
echo date /t ^>^>RDPlog.txt >>C:WINDOWSPDPLOGPdPLOG.CMD 
echo time /t ^>^>RDPlog.txt >>C:WINDOWSPDPLOGPdPLOG.CMD 
echo netstat -n -p tcp ^| find ":3389"^>^>RDPlog.txt >>C:WINDOWSPDPLOGPdPLOG.CMD 
echo start Explorer >>C:WINDOWSPDPLOGPdPLOG.CMD 
:: 添加用戶每次進入遠程桌面時自動記錄下來所用IP，可用來發(fā)現黑客蹤跡！ 
REG ADD "HKEY_LOCAL_MACHINESYSTEMControlSet001ControlTerminal ServerWinStationsRDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f 
REG ADD "HKEY_LOCAL_MACHINESYSTEMControlSet001ControlTerminal ServerWinStationsRDP-Tcp" /v WorkDirectory /t REG_SZ /d C:WINDOWSPDPLOG /f 
REG ADD "HKEY_LOCAL_MACHINESYSTEMControlSet001ControlTerminal ServerWinStationsRDP-Tcp" /v InitialProgram /t REG_SZ /d "C:WINDOWSPDPLOGPdPLOG.CMD" /f 
REG ADD "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f 
REG ADD "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v WorkDirectory /t REG_SZ /d C:WINDOWSPDPLOG /f 
REG ADD "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v InitialProgram /t REG_SZ /d "C:WINDOWSPDPLOGPdPLOG.CMD" /f 
Echo 記錄遠程桌面IP策略添加完畢! 請按任意鍵退出! 
PAUSE >nul 

——————————————————————————————————————————————————————————————
利用這個代碼我們的服務器當被人遠程登錄時候，就會自動生成一個日志文件并且留下登陸者的IP信息。

打開日志文件就可以看到我們的登錄信息文件位置在C:WINDOWSPDPLOG