问题
I'm trying to write a script to log the IP address of the Windows client from which the user initiated Remote Desktop to log in to the Windows Server. How to capture the IP address of the client in the Server?
回答1:
So, you ignore proxy...
- using environment var: CLIENTNAME in domain you can resolve it back to IP
without domain controller:
- using WMI script you can get to Event Log, source: Security, look for category Logon/Logoff where username = environment variable USERNAME
回答2:
If you want to use "pure" Powershell 2.0:
$Wtsapi32 = @'
using System;
using System.Text;
using System.Runtime.InteropServices;
namespace Wtsapi32 {
public enum WTS_INFO_CLASS
{
WTSInitialProgram,
WTSApplicationName,
WTSWorkingDirectory,
WTSOEMId,
WTSSessionId,
WTSUserName,
WTSWinStationName,
WTSDomainName,
WTSConnectState,
WTSClientBuildNumber,
WTSClientName,
WTSClientDirectory,
WTSClientProductId,
WTSClientHardwareId,
WTSClientAddress,
WTSClientDisplay,
WTSClientProtocolType
};
[StructLayout(LayoutKind.Sequential)]
public struct WTS_CLIENT_ADDRESS
{
public uint AddressFamily;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 20)]
public byte[] Address;
}
public class PS {
public const IntPtr WTS_CURRENT_SERVER_HANDLE = IntPtr.Zero;
public const int WTS_CURRENT_SESSION = -1;
[DllImport("wtsapi32.dll", EntryPoint="WTSQuerySessionInformation")]
public static extern bool WTSQuerySessionInformation(
System.IntPtr hServer,
int sessionId,
WTS_INFO_CLASS wtsInfoClass,
out System.IntPtr ppBuffer,
out uint pBytesReturned);
[DllImport("wtsapi32.dll", EntryPoint="WTSFreeMemory")]
public static extern void WTSFreeMemory(
IntPtr memory);
}
}
'@
Add-Type -TypeDefinition $Wtsapi32
回答3:
If you are using PowerShell or a .NET language, the trunk version of the Cassia library supports this -- just grab the latest build from the build server (login as a guest and use the artifacts link). To print the remote addresses of all sessions on the local server, you might use something like the following:
ITerminalServicesManager manager = new TerminalServicesManager();
foreach (ITerminalServicesSession session in manager.GetLocalServer().GetSessions())
{
IPEndPoint ipEndPoint = session.RemoteEndPoint as IPEndPoint;
if (ipEndPoint != null)
{
Console.WriteLine(ipEndPoint.Address);
}
}
来源:https://stackoverflow.com/questions/1510093/how-to-get-the-ip-address-of-the-remote-desktop-client