utils/powershell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix:Web utils fix

Browse Source
This commit is contained in:
Ttt
2026-03-02 17:23:13 +08:00
parent 998a5f7c17
commit 2f3379042f
4 changed files with 504 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
logs/stderr.log Normal file
View File

@@ -0,0 +1,112 @@
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage
Send-DingTalkMessage : ? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: <20>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [System.Web.HttpUtility]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> E:\data\workspace\powershell\rdp_login_success_script.ps1:154 <20>ַ<EFBFBD>: 25
+ Send-DingTalkMessage -<2D><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD> $<24><>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Send-DingTalkMessage

212
logs/stdout.log Normal file
View File

@@ -0,0 +1,212 @@
========================================
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD>ط<EFBFBD><D8B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
========================================
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: DESKTOP-B3O1605
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>: 2026-03-02 17:07:16
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>3<EFBFBD><33>7<EFBFBD><37>10<31><30>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 5<><35>
========================================
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:53:41
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:53:40
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:53:14
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:53:13
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:45:50
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:45:49
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:43:17
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:43:16
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:29:14
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:29:12
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:14:11
[17:07:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:14:09
[17:07:49] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 17:07:45
[17:07:49] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 17:07:43
[17:09:27] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 17:09:25
[17:09:27] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 17:09:23
[17:10:04] <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><D0A3>Ѽ<EFBFBD><D1BC>ص<EFBFBD> 16 <20>ε<EFBFBD>¼
[17:15:01] <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><D0A3>Ѽ<EFBFBD><D1BC>ص<EFBFBD> 16 <20>ε<EFBFBD>¼
========================================
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD>ط<EFBFBD><D8B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
========================================
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: DESKTOP-B3O1605
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>: 2026-03-02 17:21:17
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>3<EFBFBD><33>7<EFBFBD><37>10<31><30>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 5<><35>
========================================
[17:21:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 17:09:25
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:18] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 17:09:23
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:19] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 17:07:45
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:19] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 17:07:43
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:19] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:53:41
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:19] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:53:40
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:19] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:53:14
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:19] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:53:13
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:19] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:45:50
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:19] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:45:49
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:19] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:43:17
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:20] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:43:16
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:20] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><EFBFBD><E1BBB0><EFBFBD><EFBFBD> <20><>Զ<EFBFBD>̻Ự<CCBB><E1BBB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:29:14
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok
[17:21:20] <20><><EFBFBD><EFBFBD>µ<EFBFBD>Զ<EFBFBD>̵<EFBFBD>¼
<20>û<EFBFBD>: DESKTOP-B3O1605\xiang
<20><><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC><EFBFBD><EFBFBD>NLA<4C><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4> <20><>ʹ<EFBFBD><CAB9>NLA<4C><41>֤<EFBFBD><D6A4>RDP<44><50><EFBFBD>ӣ<EFBFBD>
<20><>ԴIP: 115.236.13.24
ʱ<><CAB1>: 16:29:12
? <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: ok

2
rdp_login_success_script.ps1
View File

@@ -21,7 +21,7 @@ function Send-DingTalkMessage {
$hmacsha.key = [Text.Encoding]::UTF8.GetBytes($DingTalkSecret)
$signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
$signatureBase64 = [Convert]::ToBase64String($signature)
$encodedSignature = [System.Web.HttpUtility]::UrlEncode($signatureBase64)
$encodedSignature = [System.Net.WebUtility]::UrlEncode($signatureBase64)
# 完整的请求URL
$fullUrl = "$DingTalkWebhookUrl&timestamp=$timestamp&sign=$encodedSignature"

179
rdp_login_success_script_new.ps1 Normal file
View File

@@ -0,0 +1,179 @@
# 服务器登录监控脚本 - 完整版监控所有RDP相关登录类型
# 监控远程桌面登录并通过钉钉机器人推送通知(支持加签)
param (
[string]$DingTalkWebhookUrl = "https://oapi.dingtalk.com/robot/send?access_token=d28bd09159097d9cc5793a183990927ce637bd8addafb5e4586e2687ca317039",
[string]$DingTalkSecret = "SECd4bf3fb7703bd2826896deefa68d579e9945a67058ee9047ac5f8757ae800729"
)
# 钉钉消息发送函数(支持加签)
function Send-DingTalkMessage {
param(
[string]$消息内容
)
try {
# 计算签名
$timestamp = [DateTimeOffset]::Now.ToUnixTimeMilliseconds()
$stringToSign = "$timestamp`n$DingTalkSecret"
$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = [Text.Encoding]::UTF8.GetBytes($DingTalkSecret)
$signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
$signatureBase64 = [Convert]::ToBase64String($signature)
$encodedSignature = [System.Net.WebUtility]::UrlEncode($signatureBase64)
# 完整的请求URL
$fullUrl = "$DingTalkWebhookUrl&timestamp=$timestamp&sign=$encodedSignature"
$body = @{
msgtype = "text"
text = @{
content = $消息内容
}
} | ConvertTo-Json -Depth 10
$response = Invoke-RestMethod -Uri $fullUrl -Method Post -Body $body -ContentType "application/json; charset=utf-8"
Write-Host "✓ 钉钉消息发送成功: $($response.errmsg)" -ForegroundColor Green
} catch {
Write-Error "✗ 钉钉消息发送失败: $_"
}
}
# 登录类型说明
$登录类型说明 = @{
"2" = "交互式登录(本地控制台)"
"3" = "网络登录含NLA身份验证"
"4" = "批处理(计划任务)"
"5" = "服务登录"
"7" = "会话解锁"
"8" = "网络明文如IIS基本认证"
"9" = "新凭证RunAs"
"10" = "远程交互RDP无NLA"
"11" = "缓存交互(域凭据缓存)"
}
# 程序启动信息
Write-Host "========================================" -ForegroundColor Cyan
Write-Host " 服务器登录监控服务已启动" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
Write-Host "服务器名称: $env:COMPUTERNAME" -ForegroundColor Yellow
Write-Host "启动时间: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')" -ForegroundColor Yellow
Write-Host "监控类型: 所有远程桌面相关登录类型3、7、10" -ForegroundColor Yellow
Write-Host "检查间隔: 5秒" -ForegroundColor Yellow
Write-Host "========================================" -ForegroundColor Cyan
# 记录上次检查的时间
$上次检查时间 = (Get-Date).AddHours(-1)
# 记录已发送过的登录事件,避免重复通知
$已通知事件 = @{}
# 主循环
while ($true) {
try {
# 获取新的登录事件Event ID 4624
$事件列表 = Get-WinEvent -FilterHashtable @{
LogName = 'Security'
ID = 4624
StartTime = $上次检查时间
} -ErrorAction SilentlyContinue
foreach ($事件 in $事件列表) {
# 解析事件XML
$事件Xml = [xml]$事件.ToXml()
# 获取登录类型
$登录类型 = ($事件Xml.Event.EventData.Data | Where-Object {$_.Name -eq "LogonType"}).'#text'
# 监控所有可能的远程桌面相关登录类型3(NLA验证)、7(解锁)、10(传统RDP)
if ($登录类型 -eq "3" -or $登录类型 -eq "7" -or $登录类型 -eq "10") {
# 获取登录信息
$用户名 = ($事件Xml.Event.EventData.Data | Where-Object {$_.Name -eq "TargetUserName"}).'#text'
$域名 = ($事件Xml.Event.EventData.Data | Where-Object {$_.Name -eq "TargetDomainName"}).'#text'
$来源IP = ($事件Xml.Event.EventData.Data | Where-Object {$_.Name -eq "IpAddress"}).'#text'
$登录时间 = $事件.TimeCreated
$记录ID = $事件.RecordId
$登录GUID = ($事件Xml.Event.EventData.Data | Where-Object {$_.Name -eq "LogonGuid"}).'#text'
# 过滤本地IP和无效IP
$有效IP = $来源IP -and $来源IP -ne "127.0.0.1" -and $来源IP -ne "::1" -and $来源IP -ne "-"
if ($有效IP) {
# 生成唯一标识,避免重复通知
$事件标识 = "$记录ID-$来源IP-$用户名"
if (-not $已通知事件.ContainsKey($事件标识)) {
# 清理过旧的记录,避免内存溢出
if ($已通知事件.Count -gt 1000) {
$已通知事件.Clear()
}
# 处理空域名
if ([string]::IsNullOrEmpty($域名) -or $域名 -eq "-") {
$域名 = $env:COMPUTERNAME
}
# 获取登录类型说明
$类型说明 = if ($登录类型说明.ContainsKey($登录类型)) {
$登录类型说明[$登录类型]
} else {
"未知类型($登录类型)"
}
# 添加额外说明
$额外说明 = ""
if ($登录类型 -eq "3") {
$额外说明 = "使用NLA验证的RDP连接"
} elseif ($登录类型 -eq "7") {
$额外说明 = "(远程会话解锁)"
} elseif ($登录类型 -eq "10") {
$额外说明 = "传统RDP连接"
}
# 构建钉钉消息
$消息内容 = @"
🏢 $env:COMPUTERNAME
📅 $($登录时间.ToString('yyyy-MM-dd HH:mm:ss'))
👤 $域名\$用户名
🔑 $类型说明 $额外说明
🌐 IP$来源IP
📝 ID$记录ID
"@
# 显示日志
Write-Host "`n[$(Get-Date -Format 'HH:mm:ss')] 检测到新的远程登录" -ForegroundColor Yellow
Write-Host " 用户: $域名\$用户名" -ForegroundColor White
Write-Host " 类型: $类型说明 $额外说明" -ForegroundColor Cyan
Write-Host " 来源IP: $来源IP" -ForegroundColor White
Write-Host " 时间: $($登录时间.ToString('HH:mm:ss'))" -ForegroundColor White
# 发送钉钉通知
Send-DingTalkMessage -消息内容 $消息内容
# 记录已通知
$已通知事件[$事件标识] = $true
}
}
}
}
# 更新上次检查时间
$上次检查时间 = Get-Date
# 显示运行状态每5分钟显示一次
if (((Get-Date).Minute % 5) -eq 0 -and (Get-Date).Second -lt 5) {
Write-Host "[$(Get-Date -Format 'HH:mm:ss')] 监控运行中,已监控到 $($已通知事件.Count) 次登录" -ForegroundColor Gray
}
# 等待5秒后继续检查
Start-Sleep -Seconds 5
} catch {
Write-Error "监控过程发生错误: $_"
Write-Host "等待10秒后重试..." -ForegroundColor Red
Start-Sleep -Seconds 10
}
}