原創:coolweis(coolweis)
來源:http://www.xfocus.org
如何在命令行下遠程安裝終端服務
by coolweis
[email protected]
在目前windows2000的遠程溢出不斷被發現的今天,入侵win2000已經不是什麼太困難的事情了,但是如何更好的利用和控制呢?介紹一個好方法:終端服務。但是很多機器沒有安裝終端服務,那麼我就給它裝一個。其實這是一個很簡單的事情。你需要做的僅僅是打三行命令而已。這裡有一個前提就是,你已經通過其他手段獲得了該機器的管理員或系統權限。那麼接下來我們要做的就是給他開個終端服務!
先講一下思路,思路很簡單,就是windows2000有無人職守安裝的工具,sysocmgr.exe。下面看看MSDN裡面關於這個工具的介紹:
How to Add or Remove windows 2000 Components with Sysocmgr.exe
--------------------------------------------------------------------------------
The information in this article applies to:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
--------------------------------------------------------------------------------
SUMMARY
This article describes how to add or remove Windows 2000 components with the Sysocmgr.exe tool.
MORE INFORMATION
You can use the Sysocmgr.exe tool at a command prompt to add or remove Windows 2000 components. You can use the following command-line switches with Sysocmgr.exe:
/i:path to Sysoc.inf file, where path to Sysoc.inf file is the full path to the Sysoc.inf file, for example:
c:\windows\inf\sysoc.inf
/u:path to answer file, where path to answer file is the full path to the answer file that contains a list of items to add or remove.
/q - runs Sysocmgr.exe in quiet mode (without display pages)
/r - suppresses reboot (if needed)
NOTE: This procedure does not work and is unsupported with Microsoft Fax Service, COM+, and Distributed Transaction Coordinator. These are core components that are not removable.
The answer file can be any Windows 2000 answer file and only parses the [Components] and [NetOptionalComponents] sections. An example file is shown below:
[Components]
Netoc = on
Reminst = on
Paint = off
pinball = off
Solitaire = off
[NetOptionalComponents]
lpdsvc = 1
SimpTcp = 1
wins = 1
To start the installation or uninstallation of these components using Sysocmgr.exe, type the following command (file saved as c:\ocm.txt):
sysocmgr /i: %windir%\inf\sysoc.inf /u:c:\ocm.txt
For more information, please refer to the unattended documentation.
需要了解更多內容請參看無人職守文檔。
我的思路就是利用這個工具進行無人職守安裝,在安裝過程中不需要交互,不顯示窗口,安裝完畢後不重新啟動計算機(最好不要隨便重新啟動人家的機器,如果需要可以不選這一選項)。終端服務安裝完畢後必須重新啟動後才有效。可以根據情況處理。
下面是安裝終端服務的具體做法。
首先,telnet到該機器上面(具體怎麼樣上去不需要我說了吧),然後在命令行下輸入如下三行命令:
c:\>echo [Components] > c:\aa
c:\>echo TSEnable = on >>c:\aa
c:\>sysocmgr /i:c:\winnt\inf\sysoc.inf /u:c:\aa /q /r
等待一段時間後這個sysocmgr運行完畢後就把這個終端服務裝好了。但是現在還不能啟動這個服務。如果不怕重新啟動的化,完全可以去掉/r參數,重新啟動後服務回自動啟動。還可以通過更改注冊表來改變終端服務監聽的端口號。至於如何更改就不是本文所涉及的了,網上有很多命令行下修改注冊表的工具。
到目前為止,基本上遠程命令行下安裝終端服務就介紹完了。其實這是很簡單的,不知到別人是否早就想到並實現了,我在這裡獻丑了。希望不要被拿來干壞事。