Hauv lub koom haum uas kuv ua haujlwm, kev ua haujlwm nyob deb yog txwv tsis pub ua raws li txoj cai. Yog. Txog rau lub lim tiam dhau los. Tam sim no peb yuav tsum maj nrawm ua qhov kev daws teeb meem. Los ntawm kev lag luam - hloov cov txheej txheem mus rau hom haujlwm tshiab, los ntawm peb - PKI nrog PIN codes thiab tokens, VPN, cov ncauj lus kom ntxaws thiab ntau ntxiv.
Ntawm lwm yam, Kuv tab tom teeb tsa Chaw Taws Teeb Nruab Nrab Desktop Infrastructure aka Terminal Services. Peb muaj ntau lub RDS xa tawm hauv cov chaw sib txawv. Ib qho ntawm cov hom phiaj yog los pab cov npoj yaig los ntawm cov koom haum IT cuam tshuam los txuas rau cov neeg siv kev sib tham sib tham. Raws li koj paub, muaj tus qauv RDS Duab Ntxoo txheej txheem rau qhov no, thiab txoj hauv kev yooj yim tshaj plaws los xaiv nws yog muab cov cai tswj hwm hauv zos ntawm RDS servers.
Kuv hwm thiab saib xyuas kuv cov npoj yaig, tab sis kuv siab hlob heev thaum nws los muab cov cai rau admin. 🙂 Rau cov neeg pom zoo nrog kuv, thov ua raws li kev txiav.
Zoo, txoj haujlwm yog qhov tseeb, tam sim no cia peb nqis mus ua lag luam.
kauj ruam 1
Cia peb tsim ib pawg kev ruaj ntseg hauv Active Directory RDP_Operators thiab suav nrog rau hauv nws cov nyiaj ntawm cov neeg siv uas peb xav kom delegate txoj cai:
$Users = @(
"UserLogin1",
"UserLogin2",
"UserLogin3"
)
$Group = "RDP_Operators"
New-ADGroup -Name $Group -GroupCategory Security -GroupScope DomainLocal
Add-ADGroupMember -Identity $Group -Members $Users
Yog tias koj muaj ntau qhov chaw AD, koj yuav tsum tau tos kom txog thaum nws rov ua dua rau txhua tus tswj hwm sau npe ua ntej mus rau kauj ruam tom ntej. Qhov no feem ntau siv tsis pub dhau 15 feeb.
kauj ruam 2
Cia peb muab cov cai rau pab pawg los tswj cov ntu ntu ntawm txhua tus RDSH servers:
Teem-RDSPermissions.ps1
$Group = "RDP_Operators"
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
ForEach ($Server in $Servers) {
#Делегируем право на теневые сессии
$WMIHandles = Get-WmiObject `
-Class "Win32_TSPermissionsSetting" `
-Namespace "rootCIMV2terminalservices" `
-ComputerName $Server `
-Authentication PacketPrivacy `
-Impersonation Impersonate
ForEach($WMIHandle in $WMIHandles)
{
If ($WMIHandle.TerminalName -eq "RDP-Tcp")
{
$retVal = $WMIHandle.AddAccount($Group, 2)
$opstatus = "успешно"
If ($retVal.ReturnValue -ne 0) {
$opstatus = "ошибка"
}
Write-Host ("Делегирование прав на теневое подключение группе " +
$Group + " на сервере " + $Server + ": " + $opstatus + "`r`n")
}
}
}
kauj ruam 3
Ntxiv cov pab pawg hauv zos Cov neeg siv tej thaj chaw deb Desktop ntawm txhua tus RDSH servers. Yog tias koj cov servers tau muab tso rau hauv kev sib tham sau, ces peb ua qhov no ntawm qib sau:
$Group = "RDP_Operators"
$CollectionName = "MyRDSCollection"
[String[]]$CurrentCollectionGroups = @(Get-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup).UserGroup
Set-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup ($CurrentCollectionGroups + $Group)
Rau ib lub servers peb siv , tos kom nws siv rau ntawm cov servers. Cov neeg uas tub nkees heev tos tuaj yeem ua kom cov txheej txheem siv cov qub gpupdate, nyiam dua .
kauj ruam 4
Cia peb npaj cov ntawv PS nram qab no rau "tus tswj hwm":
RDSManagement.ps1
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
function Invoke-RDPSessionLogoff {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
logoff $SessionID /server:$ComputerName /v 2>&1
}
function Invoke-RDPShadowSession {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
mstsc /shadow:$SessionID /v:$ComputerName /control 2>&1
}
Function Get-LoggedOnUser {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName="localhost"
)
$ErrorActionPreference = "Stop"
Test-Connection $ComputerName -Count 1 | Out-Null
quser /server:$ComputerName 2>&1 | Select-Object -Skip 1 | ForEach-Object {
$CurrentLine = $_.Trim() -Replace "s+"," " -Split "s"
$HashProps = @{
UserName = $CurrentLine[0]
ComputerName = $ComputerName
}
If ($CurrentLine[2] -eq "Disc") {
$HashProps.SessionName = $null
$HashProps.Id = $CurrentLine[1]
$HashProps.State = $CurrentLine[2]
$HashProps.IdleTime = $CurrentLine[3]
$HashProps.LogonTime = $CurrentLine[4..6] -join " "
$HashProps.LogonTime = $CurrentLine[4..($CurrentLine.GetUpperBound(0))] -join " "
}
else {
$HashProps.SessionName = $CurrentLine[1]
$HashProps.Id = $CurrentLine[2]
$HashProps.State = $CurrentLine[3]
$HashProps.IdleTime = $CurrentLine[4]
$HashProps.LogonTime = $CurrentLine[5..($CurrentLine.GetUpperBound(0))] -join " "
}
New-Object -TypeName PSCustomObject -Property $HashProps |
Select-Object -Property UserName, ComputerName, SessionName, Id, State, IdleTime, LogonTime
}
}
$UserLogin = Read-Host -Prompt "Введите логин пользователя"
Write-Host "Поиск RDP-сессий пользователя на серверах..."
$SessionList = @()
ForEach ($Server in $Servers) {
$TargetSession = $null
Write-Host " Опрос сервера $Server"
Try {
$TargetSession = Get-LoggedOnUser -ComputerName $Server | Where-Object {$_.UserName -eq $UserLogin}
}
Catch {
Write-Host "Ошибка: " $Error[0].Exception.Message -ForegroundColor Red
Continue
}
If ($TargetSession) {
Write-Host " Найдена сессия с ID $($TargetSession.ID) на сервере $Server" -ForegroundColor Yellow
Write-Host " Что будем делать?"
Write-Host " 1 - подключиться к сессии"
Write-Host " 2 - завершить сессию"
Write-Host " 0 - ничего"
$Action = Read-Host -Prompt "Введите действие"
If ($Action -eq "1") {
Invoke-RDPShadowSession -ComputerName $Server -SessionID $TargetSession.ID
}
ElseIf ($Action -eq "2") {
Invoke-RDPSessionLogoff -ComputerName $Server -SessionID $TargetSession.ID
}
Break
}
Else {
Write-Host " сессий не найдено"
}
}
Txhawm rau ua kom PS tsab ntawv yooj yim khiav, peb yuav tsim lub plhaub rau nws hauv daim ntawv cmd nrog tib lub npe raws li tsab ntawv PS:
RDSManagement.cmd
@ECHO OFF
powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1" %*
Peb muab ob qho ntaub ntawv tso rau hauv ib daim nplaub tshev uas yuav nkag mus rau "tus tswj hwm" thiab hais kom lawv rov nkag mus. Tam sim no, los ntawm kev khiav cov ntaub ntawv cmd, lawv yuav tuaj yeem txuas mus rau cov kev sib tham ntawm lwm tus neeg siv hauv RDS Duab Ntxoo hom thiab yuam kom lawv tawm (qhov no tuaj yeem pab tau thaum tus neeg siv tsis tuaj yeem txiav txim siab "dai" kev sib tham).
Nws zoo li qhov no:
Rau "tus thawj tswj hwm"
Rau tus neeg siv
Ob peb nqe lus kawg
Nuance 1. Yog tias cov neeg siv kev sib tham uas peb tab tom sim kom tau txais kev tswj hwm tau pib ua ntej Set-RDSPermissions.ps1 tsab ntawv raug tua ntawm tus neeg rau zaub mov, ces "tus thawj tswj" yuav tau txais qhov yuam kev nkag. Qhov kev daws teeb meem ntawm no yog pom tseeb: tos kom txog thaum tus neeg siv tswj tau nkag rau hauv.
Nuance 2. Tom qab ob peb hnub ntawm kev ua haujlwm nrog RDP Duab Ntxoo, peb pom cov kab laum nthuav lossis cov yam ntxwv: tom qab qhov kawg ntawm kev sib tham duab ntxoov ntxoo, cov lus bar hauv lub tais ploj mus rau tus neeg siv txuas nrog, thiab kom tau txais nws rov qab, tus neeg siv yuav tsum rov qab los. - nkag mus. Raws li nws hloov tawm, peb tsis nyob ib leeg: , , .
Yog tag nrho. Kuv xav kom koj thiab koj cov servers noj qab nyob zoo. Raws li ib txwm muaj, kuv tos ntsoov rau koj cov lus pom hauv cov lus thiab hais kom koj ua cov lus nug luv luv hauv qab no.
Cov chaw
Tsuas yog cov neeg siv sau npe tuaj yeem koom nrog hauv daim ntawv ntsuam xyuas. thov.
Koj siv dab tsi?
-
8,1%UAS Admin 5
-
17,7%AnyDesk 11
-
9,7%DameWare 6
-
24,2%Radmin 15
-
14,5%RDS Duab ntxoov ntxoo 9
-
1,6%Quick Assist / Windows Remote Assistance1
-
38,7%TeamViewer 24
-
32,3%VNC20
-
32,3%lwm 20
-
3,2%LiteManager 2
62 cov neeg siv pov npav. 22 cov neeg siv tau txwv.
Tau qhov twg los: www.hab.com