// FindADPC.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。//#include #ifndef UNICODE#define UNICODE#endif#pragma comment(lib, "Netapi32.lib")#pragma warning(disable:4996)#include #include #include #include #include int session_enum(LPTSTR pszServerName) { NET_API_STATUS nStatus; LPSESSION_INFO_10 pBuf = NULL; LPSESSION_INFO_10 pTmpBuf; DWORD dwLevel = 10; DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH; DWORD dwEntriesRead = 0; DWORD dwTotalEntries = 0; DWORD dwResumeHandle = 0; DWORD i; DWORD dwTotalCount = 0; do { nStatus = NetSessionEnum(pszServerName, NULL, NULL, dwLevel, (LPBYTE*)&pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries, &dwResumeHandle); if ((nStatus == NERR_Success) || (nStatus == ERROR_MORE_DATA)) { if ((pTmpBuf = pBuf) != NULL) { for (i = 0; (i sesi10_cname, pTmpBuf->sesi10_username); pTmpBuf++; dwTotalCount++; } } } else fprintf(stderr, "A system error has occurred: %d", nStatus); if (pBuf != NULL) { NetApiBufferFree(pBuf); pBuf = NULL; } }while (nStatus == ERROR_MORE_DATA); if (pBuf != NULL) NetApiBufferFree(pBuf); return 0;}int wmain(int argc, wchar_t* argv[]){ if (argc == 1) { printf("Using: FindADPC.exe \dc1 "); return 0; } while (true) { for (size_t i = 0; i < argc; i++) { if (i == 0) { continue; } session_enum(argv[i]); } Sleep(5000); } return 0;}
实现效果
奇域
奇域是一个专注于中式美学的国风AI绘画创作平台
30 查看详情
查询域控4624登录成功日志 代码语言:javascript代码运行次数:0运行复制
using System;using System.Collections.Generic;using System.Diagnostics;using System.Linq;using System.Text;namespace EventLog4624{ class Program { static void Main(string[] args) { EventLog_4624(); } public static string MidStrEx(string sourse, string startstr, string endstr) { string result = string.Empty; int startindex, endindex; startindex = sourse.IndexOf(startstr); if (startindex == -1) return result; string tmpstr = sourse.Substring(startindex + startstr.Length); endindex = tmpstr.IndexOf(endstr); if (endindex == -1) return result; result = tmpstr.Remove(endindex); return result; } public static void EventLog_4624() { EventLog log = new EventLog("Security"); var entries = log.Entries.Cast().Where(x => x.InstanceId == 4624); entries.Select(x => new { x.MachineName, x.Site, x.Source, x.Message, x.TimeGenerated }).ToList(); foreach (EventLogEntry log1 in entries) { string text = log1.Message; string ipaddress = MidStrEx(text, " 源网络地址: ", " 源端口:"); string username = MidStrEx(text, "新登录:", "进程信息:"); username = MidStrEx(username, " 帐户名: ", " 帐户域: "); DateTime Time = log1.TimeGenerated; if (ipaddress.Length >= 7) { Console.WriteLine("-----------------------------------"); Console.WriteLine("Time: " + Time); Console.WriteLine("Username: " + username.Replace("", "").Replace(" ", "").Replace("", "").Replace("", "")); Console.WriteLine("Remote IP: " + ipaddress.Replace("", "").Replace(" ", "").Replace("", "").Replace("", "")); } } } }}
gpo下发query user写log到sysvol
GPO(Group Policy Object)是 Windows 中的一种管理技术,用于管理域中用户和计算机的设置。通过 GPO,管理员可以下发策略来配置用户和计算机的系统设置,以实现统一的管理和控制。
在 GPO 管理环境下,管理员可以使用 query user 命令来查询当前连接到计算机的用户的信息。query user 命令可以查询用户的登录时间、登录状态、连接状态等信息。
管理员可以将 query user 命令的输出写入到 sysvol 目录中,以便对用户登录情况进行记录和统计。sysvol 目录是 Windows 中一个共享目录,用于存储域控制器上的组策略文件。管理员可以将 query user 命令的输出信息写入到 sysvol 目录中,以便通过域控制器来管理和访问这些信息。
微信扫一扫 
支付宝扫一扫 
