echo Windows Registry Editor Version 5.00>3389.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]>>3389.reg
echo "fDenyTSConnections"=dword:00000000>>3389.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]>>3389.reg
echo "PortNumber"=dword:00000d3d>>3389.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]>>3389.reg
echo "PortNumber"=dword:00000d3d>>3389.reg
regedit /s 3389.reg
del 3389.reg
--------------------------------------------
close.bat
echo Windows Registry Editor Version 5.00>3389.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]>>3389.reg
echo "fDenyTSConnections"=dword:00000001>>3389.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]>>3389.reg
echo "PortNumber"=dword:00000d3d>>3389.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]>>3389.reg
echo "PortNumber"=dword:00000d3d>>3389.reg
regedit /s 3389.reg
del 3389.reg
解释一下open.bat是开启远程桌面 close.bat是关闭远程桌面,比较一下只有两个键值不同。这两个注册表也可以适用用在本机直接运行就可以开启或关闭本机的远程桌面。
安全建议:开启 3389 端口后,建议立即在防火墙中限制允许访问的 IP 地址范围,避免被互联网上的扫描器发现。
以管理员身份运行 CMD,将 RDP 防火墙规则限制为指定 IP(将"你的IP地址"替换为实际允许连接的IP或IP段):
rem 删除默认的所有来源规则(可选)
netsh advfirewall firewall delete rule name="Remote Desktop" protocol=TCP localport=3389
rem 新建只允许指定IP访问的规则
netsh advfirewall firewall add rule name="RDP-Restricted" dir=in action=allow protocol=TCP localport=3389 remoteip=你的IP地址
也可以修改默认 RDP 端口(降低扫描风险):REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 33890 /f
(将端口改为 33890,之后连接时输入 IP:33890)