服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 在Windows 2008中通过CMD或脚本禁用远程桌面
Intereting Posts
VMware ESXi可以configuration为使用LDAP用户数据库吗? 将www添加到子域 Apache access.log解释 mount /和/或apache – php的权限:我应该在哪里看? Strongswan VPNbuild立,但没有路由的数据包 为什么我需要bios模拟? RPM – >源文件 如何在Ubuntu上使用Apache2启动/停止服务 DFS命名空间不可见Windows Server 2012 2012 R2 Hyper-V和文件服务器(通用)群集 Microsoft Hyper-V获得虚拟机networking接口configuration 运行“sudo chef-client”不会更新最新版本的食谱 如何将linux卷标记为空/空(在删除分区表之前) 在Debian中分配MAC 64 Office 2010部署通过启动/closures脚本使用MAK密钥

在Windows 2008中通过CMD或脚本禁用远程桌面

我正在寻找一种方法,在Windows 2008中使用命令行或脚本(如VBS)为特定用户(本地pipe理员帐户)禁用Windows 2008的远程桌面login。

我知道我需要修改本地安全策略,但是,我还没有find一种方法来执行此通过cmd或基于脚本的解决scheme。

任何人有任何build议如何解决这个问题?

最好的祝福

安德斯

从Windows命令行禁用远程桌面以pipe理员身份运行以下命令:

reg添加“HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server”/ v fDenyTSConnections / t REG_DWORD / d 1 / f

要从Windows命令行启用远程桌面,请以pipe理员身份运行以下命令:

reg添加“HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server”/ v fDenyTSConnections / t REG_DWORD / d 0 / f

用它创build一个registry文件(.reg): 

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server] "fDenyTSConnections"=dword:00000001

然后使用regedit /s yourregfile.reg

如果你想比它更好的脚本,使用VBScript:

启用或禁用远程system.vbs上的rdp(远程桌面)

如果您想了解有关pipe理本地组策略的更多信息,请查看此Microsoft知识库,这似乎涵盖了很多: pipe理多个本地组策略对象的分步指南 

 @echo off setlocal if {%1}=={} goto syntax :loop if {%1}=={} goto finish set remote="\\%1\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" shift reg.exe ADD %remote% /v fDenyTSConnections /t REG_DWORD /d 1 /f>nul 2>&1 if NOT %ERRORLEVEL% EQU 0 @echo %remote% NOT found. goto loop :syntax @echo Syntax: RemoteDesktop Computer1 [Computer2 .... Computern] goto loop :finish endlocal

保存为bat文件,打开CMD“rdpdisabler.bat PCNAME”

最后,我最终使用了一个基于VBS(恐怖)和secedit的解决scheme。 

 ' Windows 2008 ' Setting variables and default value. Dim denyLine,newConfigFile,user,config,secExport,secVal,secImport denyLine = "None" ' Path and filename for both the exported configuration file from secedit as well ' as the modified configuration file, as well as the name of the user. newConfigFile = "C:\some_config.ini" config = "C:\some_new_config.ini" ' The Windows user previously created for this purpose. user = "some_user" ' secedit commands required for exporting, validating and importing the new local user policy. secExport = "secedit /export /cfg "&config&" /areas USER_RIGHTS" secVal = "secedit /validate " & newConfigFile secImport = "secedit /configure /db %windir%\security\user_updated.sdb /cfg "& newConfigFile &" /areas USER_RIGHTS" ' Setting up the required regular expressions. Set deny = New RegExp Set rights = New RegExp deny.Pattern = "^SeDenyRemoteInteractiveLogonRight" rights.Pattern = "^\[Privilege Rights\]$" ' Reading the configuration file, this reading object supports unicode (TriStateTrue). Const ForReading = 1 Const TriStateTrue = -1 Const ForWriting = 2 ' Create the Windows shell to run the command to extract the local security policy. Set WshShell = WScript.CreateObject("WScript.Shell") ' Only export the section we wish to append this information within. export = WshShell.Run(secExport,1,vbTrue) ' Verify the return code. if export <> 0 Then WScript.Quit 1 End If ' Create the file object. Set objFSO = CreateObject("Scripting.FileSystemObject") ' Verify that the file exist. If (objFSO.FileExists(config)) Then Set objFile = objFSO.OpenTextFile(config,ForReading,False,TriStateTrue) strData = objFile.ReadAll ' Closing the file descriptior. objFile.Close ' Placing the content of the file into an array. arrLines = Split(strData,vbCrLf) Else ' Quit if the file does not exist. WScript.Quit 1 End If ' Open the new configuration file, where we are appending the modified/new rule. Set filetxt = objFSO.OpenTextFile(newConfigFile,ForWriting,TriStateTrue) ' Walking over the array looking for an already existing configuration. For Each strLine in arrLines If deny.Test(strLine) Then denyLine = strLine End If Next ' Verify if a previous configuration exists. If denyLine <> "None" Then ' There is already an existing configuration, append ADDM user to this line. denyLine = denyLine & "," & user Else ' No existing previous configuration exists, create a new line with the new user. denyLine = "SeDenyRemoteInteractiveLogonRight = " & user End If ' Write changes to the new configuration file. For Each strLine in arrLines ' Make sure the line has content. if len(strLine) <> 0 Then ' Do not write the old configuration, look for everything except that line. if NOT deny.Test(strLine) Then 'If we find the line line [Privilege Rights] append our modified line after. if rights.Test(strLine) Then filetxt.WriteLine(strLine) filetxt.WriteLine(denyLine) ' Otherwise keep writing everything else as normal. else filetxt.WriteLine(strLine) End If End If End If Next ' Close the file descriptor. filetxt.Close ' Validate the syntax in the new config file. validate = WshShell.Run(secVal,1,vbTrue) ' Verify the return code. if validate <> 0 Then WScript.Quit 1 End If import = WshShell.Run(secImport,1,vbTrue) ' Verify the return code. if import <> 0 Then WScript.Quit 1 End If WScript.Quit 0