【原创】开3389的批处理

March 29th, 2007
过年的时候写的一个批处理文件，可以开本机的3389。自动识别系统版本，可以更改连接端口，通过修改注册表来到达开3389的目的。写完之后，才发现一点作用都没，不能远程执行，需要管理员权限，容易被发现。就一点好处，不会被杀软kill。权当是练习写批处理文件吧，也没什么技术含量的:)
:INIT
@echo off
cls
setlocal

echo.
echo ===========================================================
echo   TSOPEN.bat written by JustNeo.
echo   This program is to open TermService on target computer.
echo   It is a free software; you can redistribute it and/or
echo   modify it as you like.
echo ===========================================================

set port=d3d
if /I "%1"=="" goto :START
if /I "%1"=="%*" goto :SYNTAX
if /I not "%2"=="" set port=%2
if /I "%1"=="-p" goto :START

:SYNTAX
echo.
echo  TSOPEN.bat [-p portnumber]
echo    -p portnumber         Specify the TermService PortNumber(Hexdecimal)
echo.
echo  If there is no parameter, use 3389 as the default port.
goto :QUIT

:START
set regedit=%SystemRoot%\regedit.exe
set find=%SystemRoot%\System32\find.exe
if not exist “%regedit%” set regedit=%SystemRoot%\system32\dllcache\regedit.exe
if not exist “%regedit%” goto:NOREGEDIT
if not exist “%find%” set find=%SystemRoot%\system32\dllcache\find.exe
if not exist “%find%” goto :NOFIND

:VERSION
echo.
echo  Checking system version …
REM Checking for running system version
ver | find /i “Windows 2000″ > NUL
if not errorlevel 1 goto :OS2KCHK
ver | find /i “Windows XP” > NUL
if not errorlevel 1 goto :OSXP
type %systemroot%\system32\prodspec.ini | find /i “2003″ > NUL
if not errorlevel 1 goto :OS2K3
goto :NOVERSION
:OS2KCHK
“%regedit%” /e “%TEMP%\~ntsvr.tmp” “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions”
type “%TEMP%\~ntsvr.tmp”|”%find%” /i “Server” >NUL
if not errorlevel 1 goto :OS2KSERVER

type “%TEMP%\~ntsvr.tmp”|”%find%” /i “LanMan” >NUL
if not errorlevel 1 goto :OS2KSERVER

if exist “%TEMP%\~ntsvr.tmp” del “%TEMP%\~ntsvr.tmp” /f /q

type %systemroot%\system32\prodspec.ini | find /i “Professional” > NUL
if not errorlevel 1 goto :OS2KPRO

type %systemroot%\system32\prodspec.ini | find /i “Server” > NUL
if not errorlevel 1 goto :OS2KSERVER

goto :NOVERSION

:OS2KPRO
echo.
echo  The system version is Windows 2000 Professional, if you wanna
echo  install TermService on it, use NTSwitch to change the system
echo  to server version first.
echo.

set /P NTSwitch= Have you done that? (Y/N):
if /I “%NTSwitch%”==”Y” goto :OSNTSERVER
if /I “%NTSwitch%”==”N” goto :QUIT
if /I not “%NTSwitch%”==”Y&N” goto :INERROR

:OS2KSERVER
echo.
echo  The system version is Windows 2000 Server/Adance Server.
echo  Or you have changed Windows 2000 Proessional to server version.
echo.
echo  Write to Registry to Open TermService…

echo Windows Registry Editor Version 5.00 >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\netcache] >> %temp%\~3389.dll
echo “Enabled”=”0″ >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >> %temp%\~3389.dll
echo “ShutdownWithoutLogon”=”0″ >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer] >> %temp%\~3389.dll
echo “EnableAdminTSRemote”=dword:00000001 >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server] >> %temp%\~3389.dll
echo “fDenyTSConnections”=dword:00000000 >> %temp%\~3389.dll
echo “TSEnabled”=dword:00000001 >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp] >> %temp%\~3389.dll
echo “PortNumber”=dword:00000D3D >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] >> %temp%\~3389.dll
echo “PortNumber”=dword:00000D3D >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD] >> %temp%\~3389.dll
echo “Start”=dword:00000002 >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService] >> %temp%\~3389.dll
echo “Start”=dword:00000002 >> %temp%\~3389.dll

echo [HKEY_USERS\.DEFAULT\Keyboard Layout\Toggle] >> %temp%\~3389.dll
echo “Hotkey”=”1″ >> %temp%\~3389.dll

%regedit% /s %temp%\~3389.dll
if exist %temp%\~3389.dll del %temp%\~3389.dll /f /q

echo  Completed! Reboot the remote computer to apply the changes.
echo  Then you can connect it with “Remote Desktop Connection”.
goto :QUIT

REM 这里XP是可以多开的，不会出现需要踢出用户的问题
:OSXP
echo.
echo  The system is Windows XP.
echo.
echo  Write to Registry to Open TermService…

echo Windows Registry Editor Version 5.00 >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >> %temp%\~3389.dll
echo “KeepRASConnections”=”1″ >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server] >> %temp%\~3389.dll
echo “fDenyTSConnections”=dword:00000000 >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core] >> %temp%\~3389.dll
echo “EnableConcurrentSessions”=dword:00000001 >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp] >> %temp%\~3389.dll
echo “PortNumber”=dword:%port% >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] >> %temp%\~3389.dll
echo “PortNumber”=dword:%port% >> %temp%\~3389.dll

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters /v ServiceDll /t REG_EXPAND_SZ /d %SystemRoot%\System32\termsvr.dll /f > NUL

REM 多开需要替换系统的文件，但是这样会被发现，改为调用不同的文件，我把名字改成了termsvr.dll，原来是termsrv.dll。这个文件可以在网上找到，是老版本的XP文件。
%regedit% /s  %temp%\~3389.dll
if exist %temp%\~3389.dll del  %temp%\~3389.dll /f /q

echo.
echo  Congratulations!!!
echo  Now you can connect it with “Remote Desktop Connection”.
goto :QUIT

:OS2K3
echo.
echo  The system is Windows Server 2003.
echo.
echo  Write to Registry to Open TermService…
echo.

echo Windows Registry Editor Version 5.00 >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server] >> %temp%\~3389.dll
echo “fDenyTSConnections”=dword:00000000 >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp] >> %temp%\~3389.dll
echo “PortNumber”=dword:%port% >> %temp%\~3389.dll

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] >> %temp%\~3389.dll
echo “PortNumber”=dword:%port% >> %temp%\~3389.dll

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters /v ServiceDll /t REG_EXPAND_SZ /d %SystemRoot%\System32\termsvr.dll /f > NUL

%regedit% /s  %temp%\~3389.dll
if exist %temp%\~3389.dll del  %temp%\~3389.dll /f /q

echo  Congratulations!!!
echo  Now you can connect it with “Remote Desktop Connection”.
goto :QUIT

:NOREGEDIT
echo.
echo  Error!!! Please verify the regedit.exe is exist in the
echo  %systemroot% or %systemroot%\system32\dllcache folder.
echo.
goto :QUIT
:NOFIND
echo.
echo  Error!!! Please verify the find.exe is exist in the
echo  %systemroot%\system32 or %systemroot%\system32\dllcache folder.
echo.
goto :QUIT

:NOVERSION
echo.
echo  Can not detect the running system version.
goto :QUIT
:INERROR
echo.
echo  Input Incorrect!!! Exit.

:QUIT
endlocal
echo.
Categories: Uncategorized | Trackback
One Response to “【原创】开3389的批处理”

rojoro
April 9th, 2008 at 2:44 am
这篇日志导致模板错位，建议使用more标签！把日志隐藏一半就好了。
【原创】开3389的批处理

One Response to “【原创】开3389的批处理”

Leave a Reply

Archives

Categories
