RDP安全配置简介:
Windows Server 2012的默认RDP端口3389是黑客攻击的常见目标。通过修改RDP端口并禁用默认的Administrator账户,可以显著提高服务器的安全性。
创建脚本
创建脚本文件,打开记事本,复制以下完整脚本内容:
# 远程桌面安全配置脚本 - Windows Server 2012
Write-Host "Starting Windows Server 2012 RDP Security Configuration..." -ForegroundColor Cyan
# 1. 修改RDP端口从3389到25701
Write-Host "Step 1: Changing RDP port to 25701..." -ForegroundColor Yellow
try {
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "PortNumber" -Value 25701 -ErrorAction Stop
Write-Host "RDP port changed to 25701" -ForegroundColor Green
}
catch {
Write-Host "Failed to change RDP port: $_" -ForegroundColor Red
exit 1
}
# 2. 配置Windows防火墙(Windows Server 2012兼容版本)
Write-Host "Step 2: Configuring firewall rules..." -ForegroundColor Yellow
try {
# 禁用旧的3389端口规则
netsh advfirewall firewall set rule name="Remote Desktop" new enable=no 2>&1 | Out-Null
# 创建新的25701端口规则(使用netsh命令,兼容Windows Server 2012)
netsh advfirewall firewall add rule name="RDP-25701" dir=in action=allow protocol=TCP localport=25701 2>&1 | Out-Null
Write-Host "Firewall rules configured" -ForegroundColor Green
}
catch {
Write-Host "Failed to configure firewall rules: $_" -ForegroundColor Red
# 继续执行,因为端口修改可能已经成功
}
# 3. 创建新管理用户 guboysky
Write-Host "Step 3: Creating new admin user guboysky..." -ForegroundColor Yellow
try {
# 检查用户是否已存在
$userExists = Get-LocalUser -Name "guboysky" -ErrorAction SilentlyContinue
if ($userExists) {
Write-Host "User guboysky already exists, resetting password..." -ForegroundColor Yellow
# 删除已存在用户
Remove-LocalUser -Name "guboysky" -ErrorAction Stop
}
# 创建新用户
$securePassword = ConvertTo-SecureString "ovh-64(Fr)6479862" -AsPlainText -Force
New-LocalUser -Name "guboysky" -Password $securePassword -FullName "Guboysky Admin" -Description "Administrative Account" -ErrorAction Stop
# 添加到管理员组
Add-LocalGroupMember -Group "Administrators" -Member "guboysky" -ErrorAction Stop
# 设置密码永不过期
Set-LocalUser -Name "guboysky" -PasswordNeverExpires $true -ErrorAction Stop
Write-Host "New user guboysky created successfully" -ForegroundColor Green
}
catch {
Write-Host "Failed to create user: $_" -ForegroundColor Red
exit 1
}
# 4. 禁用Administrator账户
Write-Host "Step 4: Disabling Administrator account..." -ForegroundColor Yellow
try {
Disable-LocalUser -Name "Administrator" -ErrorAction Stop
Write-Host "Administrator account disabled" -ForegroundColor Green
}
catch {
Write-Host "Failed to disable Administrator account: $_" -ForegroundColor Red
}
# 5. 重启远程桌面服务
Write-Host "Step 5: Restarting Remote Desktop services..." -ForegroundColor Yellow
try {
Restart-Service TermService -Force -ErrorAction Stop
Write-Host "Remote Desktop services restarted" -ForegroundColor Green
}
catch {
Write-Host "Warning: Could not restart services: $_" -ForegroundColor Yellow
}
# 6. 验证配置
Write-Host "Verification Results:" -ForegroundColor Cyan
# 验证端口
$port = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "PortNumber"
Write-Host "RDP Port: $($port.PortNumber)" -ForegroundColor $(if($port.PortNumber -eq 25701){"Green"}else{"Red"})
# 验证防火墙规则
$firewallCheck = netsh advfirewall firewall show rule name="RDP-25701" 2>&1
if ($firewallCheck -notlike "*No rules match*") {
Write-Host "Firewall Rule: Configured" -ForegroundColor Green
} else {
Write-Host "Firewall Rule: Not found" -ForegroundColor Red
}
# 验证用户状态
$adminStatus = Get-LocalUser -Name "Administrator"
Write-Host "Administrator Status: $($adminStatus.Enabled)" -ForegroundColor $(if(-not $adminStatus.Enabled){"Green"}else{"Red"})
$newUser = Get-LocalUser -Name "guboysky" -ErrorAction SilentlyContinue
if ($newUser) {
Write-Host "guboysky User: Created" -ForegroundColor Green
Write-Host "guboysky Password Never Expires: $($newUser.PasswordNeverExpires)" -ForegroundColor Green
} else {
Write-Host "guboysky User: Not found" -ForegroundColor Red
}
# 验证管理员组成员
$isAdmin = (Get-LocalGroupMember -Group "Administrators" | Where-Object {$_.Name -like "*guboysky"}).Count -gt 0
Write-Host "guboysky in Administrators group: $isAdmin" -ForegroundColor $(if($isAdmin){"Green"}else{"Red"})
Write-Host "Configuration Complete!" -ForegroundColor Green
Write-Host "=" * 50 -ForegroundColor Cyan
Write-Host "New Remote Desktop Connection Info:" -ForegroundColor Yellow
Write-Host "Server Address: YourServerIP:25701" -ForegroundColor White
Write-Host "Username: guboysky" -ForegroundColor White
Write-Host "Password: ovh-64(Fr)6479862" -ForegroundColor White
Write-Host "=" * 50 -ForegroundColor Cyan
Write-Host "Important Notes:" -ForegroundColor Red
Write-Host "1. Please test login with new user guboysky immediately" -ForegroundColor Yellow
Write-Host "2. Keep the password secure" -ForegroundColor Yellow
Write-Host "3. If connection fails, check firewall and network settings" -ForegroundColor Yellow将脚本保存到桌面:
- 文件名:rdp.ps1
执行步骤:以管理员身份运行 PowerShell
cd $env:USERPROFILE\Desktop
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
.\rdp.ps1说明:首先CD路径到桌面,然后设置执行策略,运行配置脚本.
完成配置后,使用以下信息连接服务器:
- 服务器IP:25701
- 用户名:guboysky
- 密码:ovh-64(Fr)6479862
