win2012服务器,3389端口修改为25701,禁止administrator用户登录,并建立新的管理用户:guboysky

执行步骤:

保存脚本:将下面的脚本保存为 Configure-RDP.ps1 ,存到桌面

以管理员身份运行 PowerShell:路径到桌面

cd $env:USERPROFILE\Desktop
注意:如果因为执行策略限制而无法运行脚本,可以先执行以下命令允许脚本运行:

第一步:设置执行策略

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force

第二步:运行脚本

.\Configure-RDP.ps1

一键脚本

  1. 打开记事本,复制完整的脚本内容
  2. 保存到桌面:
  • 文件名:Configure-RDP.ps1
  • 保存类型:选择"所有文件"
  • 编码:选择"UTF-8"
# 以管理员身份运行此脚本
# 远程桌面安全配置脚本 - Windows Server 2012

Write-Host "Starting Windows Server 2012 RDP Security Configuration..." -ForegroundColor Cyan

# 1. 修改RDP端口从3389到25701
Write-Host "Step 1: Changing RDP port to 25701..." -ForegroundColor Yellow
try {
    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "PortNumber" -Value 25701 -ErrorAction Stop
    Write-Host "RDP port changed to 25701" -ForegroundColor Green
}
catch {
    Write-Host "Failed to change RDP port: $_" -ForegroundColor Red
    exit 1
}

# 2. 配置Windows防火墙(Windows Server 2012兼容版本)
Write-Host "Step 2: Configuring firewall rules..." -ForegroundColor Yellow
try {
    # 禁用旧的3389端口规则
    netsh advfirewall firewall set rule name="Remote Desktop" new enable=no 2>&1 | Out-Null
    
    # 创建新的25701端口规则(使用netsh命令,兼容Windows Server 2012)
    netsh advfirewall firewall add rule name="RDP-25701" dir=in action=allow protocol=TCP localport=25701 2>&1 | Out-Null
    Write-Host "Firewall rules configured" -ForegroundColor Green
}
catch {
    Write-Host "Failed to configure firewall rules: $_" -ForegroundColor Red
    # 继续执行,因为端口修改可能已经成功
}

# 3. 创建新管理用户 guboysky
Write-Host "Step 3: Creating new admin user guboysky..." -ForegroundColor Yellow
try {
    # 检查用户是否已存在
    $userExists = Get-LocalUser -Name "guboysky" -ErrorAction SilentlyContinue
    if ($userExists) {
        Write-Host "User guboysky already exists, resetting password..." -ForegroundColor Yellow
        # 删除已存在用户
        Remove-LocalUser -Name "guboysky" -ErrorAction Stop
    }
    
    # 创建新用户
    $securePassword = ConvertTo-SecureString "ovh-64(Fr)6479862" -AsPlainText -Force
    New-LocalUser -Name "guboysky" -Password $securePassword -FullName "Guboysky Admin" -Description "Administrative Account" -ErrorAction Stop
    
    # 添加到管理员组
    Add-LocalGroupMember -Group "Administrators" -Member "guboysky" -ErrorAction Stop
    
    # 设置密码永不过期
    Set-LocalUser -Name "guboysky" -PasswordNeverExpires $true -ErrorAction Stop
    
    Write-Host "New user guboysky created successfully" -ForegroundColor Green
}
catch {
    Write-Host "Failed to create user: $_" -ForegroundColor Red
    exit 1
}

# 4. 禁用Administrator账户
Write-Host "Step 4: Disabling Administrator account..." -ForegroundColor Yellow
try {
    Disable-LocalUser -Name "Administrator" -ErrorAction Stop
    Write-Host "Administrator account disabled" -ForegroundColor Green
}
catch {
    Write-Host "Failed to disable Administrator account: $_" -ForegroundColor Red
}

# 5. 重启远程桌面服务
Write-Host "Step 5: Restarting Remote Desktop services..." -ForegroundColor Yellow
try {
    Restart-Service TermService -Force -ErrorAction Stop
    Write-Host "Remote Desktop services restarted" -ForegroundColor Green
}
catch {
    Write-Host "Warning: Could not restart services: $_" -ForegroundColor Yellow
}

# 6. 验证配置
Write-Host "Verification Results:" -ForegroundColor Cyan

# 验证端口
$port = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "PortNumber"
Write-Host "RDP Port: $($port.PortNumber)" -ForegroundColor $(if($port.PortNumber -eq 25701){"Green"}else{"Red"})

# 验证防火墙规则
$firewallCheck = netsh advfirewall firewall show rule name="RDP-25701" 2>&1
if ($firewallCheck -notlike "*No rules match*") {
    Write-Host "Firewall Rule: Configured" -ForegroundColor Green
} else {
    Write-Host "Firewall Rule: Not found" -ForegroundColor Red
}

# 验证用户状态
$adminStatus = Get-LocalUser -Name "Administrator"
Write-Host "Administrator Status: $($adminStatus.Enabled)" -ForegroundColor $(if(-not $adminStatus.Enabled){"Green"}else{"Red"})

$newUser = Get-LocalUser -Name "guboysky" -ErrorAction SilentlyContinue
if ($newUser) {
    Write-Host "guboysky User: Created" -ForegroundColor Green
    Write-Host "guboysky Password Never Expires: $($newUser.PasswordNeverExpires)" -ForegroundColor Green
} else {
    Write-Host "guboysky User: Not found" -ForegroundColor Red
}

# 验证管理员组成员
$isAdmin = (Get-LocalGroupMember -Group "Administrators" | Where-Object {$_.Name -like "*guboysky"}).Count -gt 0
Write-Host "guboysky in Administrators group: $isAdmin" -ForegroundColor $(if($isAdmin){"Green"}else{"Red"})

Write-Host "Configuration Complete!" -ForegroundColor Green
Write-Host "=" * 50 -ForegroundColor Cyan
Write-Host "New Remote Desktop Connection Info:" -ForegroundColor Yellow
Write-Host "Server Address: YourServerIP:25701" -ForegroundColor White
Write-Host "Username: guboysky" -ForegroundColor White
Write-Host "Password: ovh-64(Fr)6479862" -ForegroundColor White
Write-Host "=" * 50 -ForegroundColor Cyan

Write-Host "Important Notes:" -ForegroundColor Red
Write-Host "1. Please test login with new user guboysky immediately" -ForegroundColor Yellow
Write-Host "2. Keep the password secure" -ForegroundColor Yellow
Write-Host "3. If connection fails, check firewall and network settings" -ForegroundColor Yellow

连接测试:

完成配置后,使用以下信息连接:

  • 地址: 您的服务器IP:25701
  • 用户名: guboysky
  • 密码: ovh-64(Fr)6479862
文章目录