I loko o ka hui kahi aʻu e hana ai, ua pāpā ʻia ka hana mamao ma ke kumu. Ua. A hiki i ka pule i hala. I kēia manawa pono mākou e hoʻokō koke i kahi hoʻonā. Mai ka ʻoihana - hoʻololi i nā kaʻina hana i kahi ʻano hana hou, mai iā mākou - PKI me nā code PIN a me nā hōʻailona, VPN, kikoʻī kikoʻī a me nā mea hou aku.
Ma waena o nā mea ʻē aʻe, ke hoʻonohonoho nei au i ka Remote Desktop Infrastructure aka Terminal Services. Loaʻa iā mākou kekahi mau hoʻolālā RDS ma nā kikowaena data like ʻole. ʻO kekahi o nā pahuhopu e hiki ai i nā hoahana mai nā keʻena IT pili e hoʻopili i nā hui mea hoʻohana me ka launa pū. E like me kāu e ʻike ai, aia kahi ʻano hana RDS Shadow maʻamau no kēia, a ʻo ke ala maʻalahi loa e hāʻawi i ka hāʻawi ʻana i nā kuleana luna kūloko ma nā kikowaena RDS.
Mahalo a mahalo wau i kaʻu mau hoa hana, akā makemake nui wau i ka hāʻawi ʻana i nā kuleana admin. 🙂 No ka poʻe e ʻae mai iaʻu, e ʻoluʻolu e hahai i ka ʻoki.
ʻAe, ua maopopo ka hana, i kēia manawa e iho kākou i ka ʻoihana.
pani 1
E hana kākou i pūʻulu palekana ma Active Directory RDP_Operators a e hoʻokomo i loko o ia mau moʻolelo o kēlā mau mea hoʻohana a mākou e makemake ai e hāʻawi i nā kuleana:
$Users = @(
"UserLogin1",
"UserLogin2",
"UserLogin3"
)
$Group = "RDP_Operators"
New-ADGroup -Name $Group -GroupCategory Security -GroupScope DomainLocal
Add-ADGroupMember -Identity $Group -Members $Users
Inā loaʻa iā ʻoe nā pūnaewele AD he nui, pono ʻoe e kali a hiki i ka hana hou ʻana i nā mea hoʻokele domain āpau ma mua o ka neʻe ʻana i ka pae aʻe. ʻAʻole ʻoi aku kēia ma mua o 15 mau minuke.
pani 2
E hāʻawi i nā kuleana o ka hui e hoʻokele i nā kau palena ma kēlā me kēia kikowaena RDSH:
Set-RDSPermissions.ps1
$Group = "RDP_Operators"
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
ForEach ($Server in $Servers) {
#Делегируем право на теневые сессии
$WMIHandles = Get-WmiObject `
-Class "Win32_TSPermissionsSetting" `
-Namespace "rootCIMV2terminalservices" `
-ComputerName $Server `
-Authentication PacketPrivacy `
-Impersonation Impersonate
ForEach($WMIHandle in $WMIHandles)
{
If ($WMIHandle.TerminalName -eq "RDP-Tcp")
{
$retVal = $WMIHandle.AddAccount($Group, 2)
$opstatus = "успешно"
If ($retVal.ReturnValue -ne 0) {
$opstatus = "ошибка"
}
Write-Host ("Делегирование прав на теневое подключение группе " +
$Group + " на сервере " + $Server + ": " + $opstatus + "`r`n")
}
}
}
pani 3
Hoʻohui i ka hui i ka hui kūloko Nā mea hoʻohana papapihi mamao ma kēlā me kēia o nā kikowaena RDSH. Inā hoʻohui ʻia kāu mau kikowaena i nā hōʻiliʻili kau, a laila hana mākou i kēia ma ka pae hōʻiliʻili:
$Group = "RDP_Operators"
$CollectionName = "MyRDSCollection"
[String[]]$CurrentCollectionGroups = @(Get-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup).UserGroup
Set-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup ($CurrentCollectionGroups + $Group)
No nā kikowaena hoʻokahi a mākou e hoʻohana ai , e kali ana e hoʻohana ʻia ma nā kikowaena. ʻO ka poʻe palaualelo e kali hiki ke wikiwiki i ke kaʻina hana me ka hoʻohana ʻana i ka gpupdate kahiko maikaʻi, ʻoi aku ka maikaʻi .
pani 4
E hoʻomākaukau kākou i kēia palapala PS no nā "managers":
RDSManagement.ps1
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
function Invoke-RDPSessionLogoff {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
logoff $SessionID /server:$ComputerName /v 2>&1
}
function Invoke-RDPShadowSession {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
mstsc /shadow:$SessionID /v:$ComputerName /control 2>&1
}
Function Get-LoggedOnUser {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName="localhost"
)
$ErrorActionPreference = "Stop"
Test-Connection $ComputerName -Count 1 | Out-Null
quser /server:$ComputerName 2>&1 | Select-Object -Skip 1 | ForEach-Object {
$CurrentLine = $_.Trim() -Replace "s+"," " -Split "s"
$HashProps = @{
UserName = $CurrentLine[0]
ComputerName = $ComputerName
}
If ($CurrentLine[2] -eq "Disc") {
$HashProps.SessionName = $null
$HashProps.Id = $CurrentLine[1]
$HashProps.State = $CurrentLine[2]
$HashProps.IdleTime = $CurrentLine[3]
$HashProps.LogonTime = $CurrentLine[4..6] -join " "
$HashProps.LogonTime = $CurrentLine[4..($CurrentLine.GetUpperBound(0))] -join " "
}
else {
$HashProps.SessionName = $CurrentLine[1]
$HashProps.Id = $CurrentLine[2]
$HashProps.State = $CurrentLine[3]
$HashProps.IdleTime = $CurrentLine[4]
$HashProps.LogonTime = $CurrentLine[5..($CurrentLine.GetUpperBound(0))] -join " "
}
New-Object -TypeName PSCustomObject -Property $HashProps |
Select-Object -Property UserName, ComputerName, SessionName, Id, State, IdleTime, LogonTime
}
}
$UserLogin = Read-Host -Prompt "Введите логин пользователя"
Write-Host "Поиск RDP-сессий пользователя на серверах..."
$SessionList = @()
ForEach ($Server in $Servers) {
$TargetSession = $null
Write-Host " Опрос сервера $Server"
Try {
$TargetSession = Get-LoggedOnUser -ComputerName $Server | Where-Object {$_.UserName -eq $UserLogin}
}
Catch {
Write-Host "Ошибка: " $Error[0].Exception.Message -ForegroundColor Red
Continue
}
If ($TargetSession) {
Write-Host " Найдена сессия с ID $($TargetSession.ID) на сервере $Server" -ForegroundColor Yellow
Write-Host " Что будем делать?"
Write-Host " 1 - подключиться к сессии"
Write-Host " 2 - завершить сессию"
Write-Host " 0 - ничего"
$Action = Read-Host -Prompt "Введите действие"
If ($Action -eq "1") {
Invoke-RDPShadowSession -ComputerName $Server -SessionID $TargetSession.ID
}
ElseIf ($Action -eq "2") {
Invoke-RDPSessionLogoff -ComputerName $Server -SessionID $TargetSession.ID
}
Break
}
Else {
Write-Host " сессий не найдено"
}
}
I mea e maʻalahi ai ka holo ʻana o ka palapala PS, e hana mākou i pūpū no ia ma ke ʻano o kahi faila cmd me ka inoa like me ka palapala PS:
RDSManagement.cmd
@ECHO OFF
powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1" %*
Hoʻokomo mākou i nā faila ʻelua i loko o kahi waihona e hiki ke loaʻa i nā "managers" a noi iā lākou e komo hou. I kēia manawa, ma ka holo ʻana i ka faila cmd, hiki iā lākou ke hoʻopili i nā hui o nā mea hoʻohana ʻē aʻe i ke ʻano RDS Shadow a hoʻoikaika iā lākou e haʻalele (hiki ke hoʻohana ʻia inā ʻaʻole hiki i ka mea hoʻohana ke hoʻopau kūʻokoʻa i kahi hālāwai "kau").
Penei e like ai:
No ka "manakia"
No ka mea hoʻohana
He mau manaʻo hope loa
Nuance 1. Inā hoʻomaka ka hālāwai hoʻohana a mākou e hoʻāʻo nei e loaʻa ka mana ma mua o ka hoʻokō ʻia ʻana o ka script Set-RDSPermissions.ps1 ma ke kikowaena, a laila e loaʻa i ka "manager" kahi hewa komo. ʻIke ʻia ka hoʻonā ma aneʻi: e kali a hiki i ka hoʻokele ʻana o ka mea hoʻohana.
Nuance 2. Ma hope o kekahi mau lā o ka hana ʻana me RDP Shadow, ua ʻike mākou i kahi kikoʻī hoihoi a i ʻole hiʻohiʻona: ma hope o ka pau ʻana o ke kau malu, nalo ka pahu ʻōlelo i loko o ka pā no ka mea hoʻohana e pili ana, a no ka hoʻihoʻi ʻana, pono ka mea hoʻohana e hana hou. -ke komo. E like me ka mea i ʻike ʻia, ʻaʻole mākou wale nō: , , .
ʻo ia wale nō. Makemake au iā ʻoe a me kāu mau kikowaena i ke olakino maikaʻi. E like me nā manawa a pau, ke kakali nei au i kāu manaʻo i nā manaʻo a noi iā ʻoe e lawe i ka noiʻi pōkole ma lalo.
Pūnaewele
Hiki i nā mea hoʻohana i hoʻopaʻa inoa ʻia ke komo i ka noiʻi. , e 'oluʻolu.
He aha kāu e hoʻohana ai?
-
8,1%AMMYY Lunahooponopono5
-
17,7%AnyDesk11
-
9,7%DameWare6
-
24,2%Radmin15
-
14,5%RDS Shadow9
-
1,6%Kokua wikiwiki / kōkua mamao Windows1
-
38,7%Pūʻulu Nānā24
-
32,3%VNC20
-
32,3%'ē aʻe20
-
3,2%LiteManager2
62 mea hoʻohana i koho. Ua hōʻole nā mea hoʻohana 22.
Source: www.habr.com