Na nzukọ ebe m na-arụ ọrụ, amachibidoro ịrụ ọrụ n'ime ime n'ụkpụrụ. bụ. Ruo izu gara aga. Ugbu a, anyị ga-eme ngwa ngwa mejuputa a ngwọta. Site na azụmahịa - ịmegharị usoro na usoro ọrụ ọhụrụ, site na anyị - PKI nwere koodu PIN na akara, VPN, ndekọ ndekọ zuru ezu na ọtụtụ ndị ọzọ.
N'ime ihe ndị ọzọ, m na-ahazi Remote Desktop Infrastructure aka Terminal Services. Anyị nwere ọtụtụ ntinye RDS na ebe data dị iche iche. Otu n'ime ebumnuche ahụ bụ ime ka ndị ọrụ ibe sitere na ngalaba IT metụtara jikọọ na nnọkọ ndị ọrụ na mmekọrịta. Dị ka ị maara, enwere ọkọlọtọ RDS Shadow usoro maka nke a, ụzọ kachasị mfe iji nyefee ya bụ inye ikike nchịkwa mpaghara na sava RDS.
Ana m akwanyere ndị ọrụ ibe m ùgwù ma jiri m kpọrọ ihe, mana enwere m anyaukwu ma a bịa n'inyefe ikike nchịkwa. 🙂 Maka ndị kwenyere na m, biko soro ịkpụ.
Ọfọn, ọrụ ahụ doro anya, ugbu a ka anyị gbadaa n'azụmahịa.
kwụpụ 1
Ka anyị mepụta otu nchekwa na Active Directory Ndị na-arụ ọrụ RDP ma tinye n'ime ya akaụntụ nke ndị ọrụ anyị chọrọ inyefe ikike:
$Users = @(
"UserLogin1",
"UserLogin2",
"UserLogin3"
)
$Group = "RDP_Operators"
New-ADGroup -Name $Group -GroupCategory Security -GroupScope DomainLocal
Add-ADGroupMember -Identity $Group -Members $Users
Ọ bụrụ na ị nwere ọtụtụ saịtị AD, ị ga-echere ruo mgbe emegharịrị ya na ndị na-ahụ maka ngalaba niile tupu ịga n'ihu na nzọụkwụ ọzọ. Nke a na-ewekarị ihe karịrị nkeji iri na ise.
kwụpụ 2
Ka anyị nye otu a ikike ijikwa nnọkọ ọnụ na nke ọ bụla n'ime sava RDSH:
Tọọ-RDSpermissions.ps1
$Group = "RDP_Operators"
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
ForEach ($Server in $Servers) {
#Делегируем право на теневые сессии
$WMIHandles = Get-WmiObject `
-Class "Win32_TSPermissionsSetting" `
-Namespace "rootCIMV2terminalservices" `
-ComputerName $Server `
-Authentication PacketPrivacy `
-Impersonation Impersonate
ForEach($WMIHandle in $WMIHandles)
{
If ($WMIHandle.TerminalName -eq "RDP-Tcp")
{
$retVal = $WMIHandle.AddAccount($Group, 2)
$opstatus = "успешно"
If ($retVal.ReturnValue -ne 0) {
$opstatus = "ошибка"
}
Write-Host ("Делегирование прав на теневое подключение группе " +
$Group + " на сервере " + $Server + ": " + $opstatus + "`r`n")
}
}
}
kwụpụ 3
Tinye otu na otu mpaghara Ndị ọrụ Desktọpụ dịpụrụ adịpụ na sava RDSH ọ bụla. Ọ bụrụ na ejikọta sava gị na mkpokọta nnọkọ, mgbe ahụ anyị na-eme nke a na ọkwa nchịkọta:
$Group = "RDP_Operators"
$CollectionName = "MyRDSCollection"
[String[]]$CurrentCollectionGroups = @(Get-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup).UserGroup
Set-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup ($CurrentCollectionGroups + $Group)
Maka otu sava anyị na-eji , na-echere ka etinyere ya na sava. Ndị dị umengwụ ichere nwere ike ime ngwa ngwa site na iji ezigbo gpupdate ochie, ọkacha mma .
kwụpụ 4
Ka anyị dozie edemede PS a maka "ndị njikwa":
RDSManagement.ps1
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
function Invoke-RDPSessionLogoff {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
logoff $SessionID /server:$ComputerName /v 2>&1
}
function Invoke-RDPShadowSession {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
mstsc /shadow:$SessionID /v:$ComputerName /control 2>&1
}
Function Get-LoggedOnUser {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName="localhost"
)
$ErrorActionPreference = "Stop"
Test-Connection $ComputerName -Count 1 | Out-Null
quser /server:$ComputerName 2>&1 | Select-Object -Skip 1 | ForEach-Object {
$CurrentLine = $_.Trim() -Replace "s+"," " -Split "s"
$HashProps = @{
UserName = $CurrentLine[0]
ComputerName = $ComputerName
}
If ($CurrentLine[2] -eq "Disc") {
$HashProps.SessionName = $null
$HashProps.Id = $CurrentLine[1]
$HashProps.State = $CurrentLine[2]
$HashProps.IdleTime = $CurrentLine[3]
$HashProps.LogonTime = $CurrentLine[4..6] -join " "
$HashProps.LogonTime = $CurrentLine[4..($CurrentLine.GetUpperBound(0))] -join " "
}
else {
$HashProps.SessionName = $CurrentLine[1]
$HashProps.Id = $CurrentLine[2]
$HashProps.State = $CurrentLine[3]
$HashProps.IdleTime = $CurrentLine[4]
$HashProps.LogonTime = $CurrentLine[5..($CurrentLine.GetUpperBound(0))] -join " "
}
New-Object -TypeName PSCustomObject -Property $HashProps |
Select-Object -Property UserName, ComputerName, SessionName, Id, State, IdleTime, LogonTime
}
}
$UserLogin = Read-Host -Prompt "Введите логин пользователя"
Write-Host "Поиск RDP-сессий пользователя на серверах..."
$SessionList = @()
ForEach ($Server in $Servers) {
$TargetSession = $null
Write-Host " Опрос сервера $Server"
Try {
$TargetSession = Get-LoggedOnUser -ComputerName $Server | Where-Object {$_.UserName -eq $UserLogin}
}
Catch {
Write-Host "Ошибка: " $Error[0].Exception.Message -ForegroundColor Red
Continue
}
If ($TargetSession) {
Write-Host " Найдена сессия с ID $($TargetSession.ID) на сервере $Server" -ForegroundColor Yellow
Write-Host " Что будем делать?"
Write-Host " 1 - подключиться к сессии"
Write-Host " 2 - завершить сессию"
Write-Host " 0 - ничего"
$Action = Read-Host -Prompt "Введите действие"
If ($Action -eq "1") {
Invoke-RDPShadowSession -ComputerName $Server -SessionID $TargetSession.ID
}
ElseIf ($Action -eq "2") {
Invoke-RDPSessionLogoff -ComputerName $Server -SessionID $TargetSession.ID
}
Break
}
Else {
Write-Host " сессий не найдено"
}
}
Iji mee ka script PS dabara adaba iji na-agba ọsọ, anyị ga-emepụta shei maka ya n'ụdị faịlụ cmd nwere otu aha dị ka script PS:
RDSManagement.cmd
@ECHO OFF
powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1" %*
Anyị na-etinye faịlụ abụọ ahụ na nchekwa nke "ndị njikwa" ga-enweta ma rịọ ha ka ha banyeghachi. Ugbu a, site na iji faịlụ cmd, ha ga-enwe ike ijikọ na nnọkọ nke ndị ọrụ ndị ọzọ na ọnọdụ Shadow RDS ma manye ha ka ha pụọ (nke a nwere ike ịba uru mgbe onye ọrụ enweghị ike ịkwụsị n'onwe ya nnọkọ "nkwudo").
Ọ dị ka nke a:
Maka "onye njikwa"
Maka onye ọrụ
Okwu ikpeazụ ole na ole
Nuance 1. Ọ bụrụ na ebidola nnọkọ onye ọrụ nke anyị na-agbalị ịnweta njikwa tupu emee ihe ederede Set-RDSPermissions.ps1 na sava ahụ, “onye njikwa” ahụ ga-enweta njehie ohere. Ihe ngwọta ebe a doro anya: chere ruo mgbe onye ọrụ jisiri abanye.
Nuance 2. Mgbe ọtụtụ ụbọchị nke ịrụ ọrụ na RDP Shadow, anyị hụrụ otu ahụhụ ma ọ bụ njirimara na-adọrọ mmasị: mgbe njedebe nke nnọkọ onyinyo ahụ gasịrị, ogwe asụsụ dị na tray ahụ na-apụ n'anya maka ejikọrọ onye ọrụ, na iji nwetaghachi ya, onye ọrụ kwesịrị ịmaliteghachi. -banye. Dị ka ọ dị, anyị anọghị naanị anyị: , , .
Ọ gwụla. A na m arị gị na ndị sava gị ezi ahụ ike. Dị ka mgbe niile, a na m atụ anya nzaghachi gị na nkwupụta ma rịọ gị ka ị mee nyocha dị mkpirikpi n'okpuru.
Isi mmalite
Naanị ndị ọrụ edebanyere aha nwere ike isonye na nyocha a. , Biko.
Kedu ihe ị na-eji?
-
8,1%AMMYY Admin5
-
17,7%AnyDesk11
-
9,7%DameWare6
-
24,2%Radmin15
-
14,5%RDS onyinyo9
-
1,6%Enyemaka ngwa ngwa / Windows Remote Assistance1
-
38,7%TeamViewer24
-
32,3%VNC20
-
32,3%ndị ọzọ20
-
3,2%LiteManager2
Ndị ọrụ 62 họpụtara. Ndị ọrụ 22 anabataghị.
isi: www.habr.com