將下面代碼復(fù)制到文本文檔中保存后設(shè)置車.BAT的批處理文件后運(yùn)行：

MD C:WINDOWSPDPLOG 
echo date /t ^>^>RDPlog.txt >>C:WINDOWSPDPLOGPdPLOG.CMD 
echo time /t ^>^>RDPlog.txt >>C:WINDOWSPDPLOGPdPLOG.CMD 
echo netstat -n -p tcp ^| find ":3389"^>^>RDPlog.txt >>C:WINDOWSPDPLOGPdPLOG.CMD 
echo start Explorer >>C:WINDOWSPDPLOGPdPLOG.CMD 
:: 添加用戶每次進(jìn)入遠(yuǎn)程桌面時(shí)自動(dòng)記錄下來所用IP，可用來發(fā)現(xiàn)黑客蹤跡！ 
REG ADD "HKEY_LOCAL_MACHINESYSTEMControlSet001ControlTerminal ServerWinStationsRDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f 
REG ADD "HKEY_LOCAL_MACHINESYSTEMControlSet001ControlTerminal ServerWinStationsRDP-Tcp" /v WorkDirectory /t REG_SZ /d C:WINDOWSPDPLOG /f 
REG ADD "HKEY_LOCAL_MACHINESYSTEMControlSet001ControlTerminal ServerWinStationsRDP-Tcp" /v InitialProgram /t REG_SZ /d "C:WINDOWSPDPLOGPdPLOG.CMD" /f 
REG ADD "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v fInheritInitialProgram /t REG_DWORD /d "00000000" /f 
REG ADD "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v WorkDirectory /t REG_SZ /d C:WINDOWSPDPLOG /f 
REG ADD "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v InitialProgram /t REG_SZ /d "C:WINDOWSPDPLOGPdPLOG.CMD" /f 
Echo 記錄遠(yuǎn)程桌面IP策略添加完畢! 請(qǐng)按任意鍵退出! 
PAUSE >nul 

——————————————————————————————————————————————————————————————
利用這個(gè)代碼我們的服務(wù)器當(dāng)被人遠(yuǎn)程登錄時(shí)候，就會(huì)自動(dòng)生成一個(gè)日志文件并且留下登陸者的IP信息。

打開日志文件就可以看到我們的登錄信息文件位置在C:WINDOWSPDPLOG