常用命令:Windows登入相關
阿新 • • 發佈:2018-12-18
1. 登入認證:設定RDP-tcp安全層為0x0,記錄登入源IP。(映象系統預設為0x1)
查詢:
reg query "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v SecurityLayer
設定:
reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v SecurityLayer /t REG_DWORD /d 0x0 /f
2. 登入認證:設定UserAuthentication為0x0,記錄登入源IP。(映象系統預設為0x1)
查詢:
reg query "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication
設定:
reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0x0 /f
3. 登入審計:開啟登入成功和失敗稽核策略。 (映象系統預設開啟)
查詢: auditpol /get /category:{69979849-797a-11d9-bed3-505054503030} // 稽核登入事件 auditpol /get /category:{69979850-797a-11d9-bed3-505054503030} // 稽核賬戶登入事件(域認證)
設定:
auditpol /set /category:{69979849-797a-11d9-bed3-505054503030} /success:enable /failure:enable
auditpol /set /category:{69979850-797a-11d9-bed3-505054503030} /success:enable /failure:enable
4. 登入日誌服務:開啟登入日誌服務。(映象系統預設開啟)
查詢:
sc query eventlog
設定:
sc start eventlog