开启远程 telnet 服务

@echo off
if "%1" equ "/?" goto :help

set "host=%1"
set "port=%4"
set "ntlm=%5"
set "item=software\microsoft\telnetserver\1.0"

set "wmic_regedit=wmic /node:"%host:~2%" /user:"%2" /password:"%~3" /namespace:\\root\default path stdregprov call"
set "wmic_service=wmic /node:"%host:~2%" /user:"%2" /password:"%~3" /namespace:\\root\cimv2 path win32_service.name"

if "%port%" equ "" set "port=23"
if "%ntlm%" equ "" set "ntlm=01"

if %ntlm% gtr 0002 echo.NTLM validation way error, allowable value 0,1,2 & exit /b
if %port% gtr 1024 echo.Connection port error, should be less than 1024. & exit /b

if "%ntlm%" equ "0" set "ntlm=4"
if "%ntlm%" equ "1" set "ntlm=6"
if "%ntlm%" equ "2" set "ntlm=2"

cls
call :help
echo.-------------------------------------------------------------------------------
echo.Connect to %host:~2% ...
wmic /node:"%host:~2%" /user:"%2" /password:"%~3" os get name >nul 2>nul

if not "%errorlevel%" == "0" (
if "%errorlevel%" == "-2147023174" Echo.RPC server is invalid.
if "%errorlevel%" == "-2147024891" Echo.Access denied.
if "%errorlevel%" == "-2145386480" Echo.Network is disconnected.
if "%errorlevel%" == "-2147023665" Echo.Network problems.
if "%errorlevel%" == "-2147217308" Echo.User credentials cannot be used for local connections.
rem Other Error Codes ...
exit /b
)

set "Function,#1=for /f "usebackq skip=6 tokens=3 delims= " %%a in (`"%wmic_regedit% getdwordvalue ^^^&h80000002^,"%item%"^,"#1""`) do (set returnvalue=%%a)"
set "Function,#2=for /f "usebackq skip=1 tokens=1,2 delims= " %%a in (`"%wmic_service%='#2' get startmode,state /value"`) do (call set #2_%%a & call set #2_%%b)"

%Function,#1:#1=telnetport%
set default_port=%returnvalue:~0,-1%

%Function,#1:#1=securitymechanism%
set default_ntlm=%returnvalue:~0,-1%

%Function,#2:#2=tlntsvr% >nul 2>nul
if "%tlntsvr_startmode%" equ "" echo.Maybe Telnet service has not been installed in remote host. & exit /b

%Function,#2:#2=ntlmssp% >nul 2>nul

set "change_port=%wmic_regedit% setdwordvalue ^&h80000002,"%item%","telnetport","%port%""
set "change_ntlm=%wmic_regedit% setdwordvalue ^&h80000002,"%item%","securitymechanism","%ntlm%""

for /f "usebackq skip=5 tokens=3 delims= " %%a in (`"%change_port%"`) do (set change_port_return=%%a)
if not "%change_port_return%" equ "0;" echo.Error...%change_port_return%Change the connection port failure. & exit /b

for /f "usebackq skip=5 tokens=3 delims= " %%a in (`"%change_ntlm%"`) do (set change_ntlm_return=%%a)
if not "%change_ntlm_return%" equ "0;" echo.Error...%change_ntlm_return%Change NTLM validation failure. & exit /b

%wmic_service%='ntlmssp' call changestartmode >nul 2>nul
%wmic_service%='tlntsvr' call changestartmode >nul 2>nul

%wmic_service%='ntlmssp' call startservice>nul 2>nul
%wmic_service%='tlntsvr' call stopservice >nul 2>nul

for /f "usebackq skip=4 tokens=3 delims= " %%a in (`"%wmic_service%='tlntsvr' call startservice"`) do (set return=%%a)
if not "%return%" equ "0;" echo.Error...%return%telnet Service cannot start. & exit /b

if exist %windir%\system32\telnet.exe (telnet %host:~2% %port%) else (echo.'telnet.exe' file missing.)

if "%6" == "/r" (
echo.
echo.Restore default configuration ...
%wmic_regedit% setdwordvalue ^&h80000002,"%item%","telnetport","%default_port%" >nul 2>nul
%wmic_regedit% setdwordvalue ^&h80000002,"%item%","securitymechanism","%default_ntlm%" >nul 2>nul

%wmic_service%='ntlmssp' call changestartmode %ntlmssp_startmode% >nul 2>nul
%wmic_service%='tlntsvr' call changestartmode %tlntsvr_startmode% >nul 2>nul

%wmic_service%='tlntsvr' call stopservice >nul 2>nul
if /i "%tlntsvr_state: =%" equ "Running" %wmic_service%='tlntsvr' call startservice>nul 2>nul
if /i "%ntlmssp_state: =%" equ "Stopped" %wmic_service%='ntlmssp' call stopservice >nul 2>nul
)
exit /b

:help
cls
echo.
echo.       作者:veterans      e-mail:lxzzr@21cn.com             2010/02/07/21:00
echo.
echo.       这是一个以标准方式开启远程 telnet 服务的脚本.
echo.       需要 rpc 服务支持及管理员权限,不依赖 ipc 服务,可以自定义 ntlm 验证方式及连接端口,默认连接端口:23.
echo.
echo.       ntlm 验证方式:
echo.                    0.不使用 ntlm 验证;
echo.                    1.先使用 ntlm 验证,如果失败再使用用户名和密码 (默认);
echo.                    2.只使用 ntlm 验证;
echo.
echo.       如果指定了 /r 参数,那么则在退出时恢复远程主机的默认配置.
echo.
echo.       格式: %~n0 \\远程ip ^<用户名^> ^<密码^> telnet端口 ntlm验证方式 /r
goto :eof