ProHoster > ื‘ืœื•ื’ > ืžื™ื ื”ืœ > ื”ืืฆืœืช ื ื™ื”ื•ืœ ืžืคื’ืฉื™ RDP

ื”ืืฆืœืช ื ื™ื”ื•ืœ ืžืคื’ืฉื™ RDP

ื”ืืฆืœืช ื ื™ื”ื•ืœ ืžืคื’ืฉื™ RDP
ื‘ืืจื’ื•ืŸ ื‘ื• ืื ื™ ืขื•ื‘ื“, ืขื‘ื•ื“ื” ืžืจื—ื•ืง ืืกื•ืจื” ืขืงืจื•ื ื™ืช. ื”ื™ื”. ืขื“ ืฉื‘ื•ืข ืฉืขื‘ืจ. ื›ืขืช ื”ื™ื™ื ื• ืฆืจื™ื›ื™ื ืœื™ื™ืฉื ื‘ื“ื—ื™ืคื•ืช ืคืชืจื•ืŸ. ืžื”ืขืกืง - ื”ืชืืžืช ืชื”ืœื™ื›ื™ื ืœืคื•ืจืžื˜ ืขื‘ื•ื“ื” ื—ื“ืฉ, ืžืื™ืชื ื• - PKI ืขื ืงื•ื“ื™ PIN ื•ืืกื™ืžื•ื ื™ื, VPN, ืจื™ืฉื•ื ืžืคื•ืจื˜ ื•ืขื•ื“ ื•ืขื•ื“.
ื‘ื™ืŸ ื”ื™ืชืจ, ื”ื’ื“ืจืชื™ ืชืฉืชื™ืช ืœืฉื•ืœื—ืŸ ืขื‘ื•ื“ื” ืžืจื•ื—ืง, ื”ื™ื“ื•ืข ื‘ืฉื Terminal Services. ื™ืฉ ืœื ื• ืžืกืคืจ ืคืจื™ืกื•ืช RDS ื‘ืžืจื›ื–ื™ ื ืชื•ื ื™ื ืฉื•ื ื™ื. ืื—ืช ื”ืžื˜ืจื•ืช ื”ื™ื™ืชื” ืœืืคืฉืจ ืœืขืžื™ืชื™ื ืžืžื—ืœืงื•ืช IT ืงืฉื•ืจื•ืช ืœื”ืชื—ื‘ืจ ืœืžืคื’ืฉื™ ืžืฉืชืžืฉื™ื ื‘ืื•ืคืŸ ืื™ื ื˜ืจืืงื˜ื™ื‘ื™. ื›ื™ื“ื•ืข, ืงื™ื™ื ืžื ื’ื ื•ืŸ RDS Shadow ืกื˜ื ื“ืจื˜ื™ ืœื›ืš, ื•ื”ื“ืจืš ื”ืงืœื” ื‘ื™ื•ืชืจ ืœื”ืืฆื™ืœ ืื•ืชื• ื”ื™ื ืœืชืช ื–ื›ื•ื™ื•ืช ืžื ื”ืœ ืžืงื•ืžื™ ืขืœ ืฉืจืชื™ RDS.
ืื ื™ ืžื›ื‘ื“ ื•ืžืขืจื™ืš ืืช ืขืžื™ืชื™ื™, ืื‘ืœ ืื ื™ ืžืื•ื“ ืชืื‘ ื‘ืฆืข ื‘ื›ืœ ื”ื ื•ื’ืข ืœื—ืœื•ืงืช ื–ื›ื•ื™ื•ืช ืžื ื”ืœ. ๐Ÿ™‚ ืœืžื™ ืฉืžืกื›ื™ื ืื™ืชื™, ืื ื ืขืงื•ื‘ ืื—ืจ ื”ื’ื–ืจื”.

ื•ื‘ื›ืŸ, ื”ืžืฉื™ืžื” ื‘ืจื•ืจื”, ืขื›ืฉื™ื• ื‘ื•ืื• ื ื™ื’ืฉ ืœืขื ื™ื™ื ื™ื.

ืฉืœื‘ 1

ื‘ื•ืื• ื ื™ืฆื•ืจ ืงื‘ื•ืฆืช ืื‘ื˜ื—ื” ื‘-Active Directory RDP_Operators ื•ืœื›ืœื•ืœ ื‘ื• ืืช ื”ื—ืฉื‘ื•ื ื•ืช ืฉืœ ืื•ืชื ืžืฉืชืžืฉื™ื ืฉืืœื™ื”ื ืื ื• ืจื•ืฆื™ื ืœื”ืืฆื™ืœ ื–ื›ื•ื™ื•ืช:

$Users = @(
    "UserLogin1",
    "UserLogin2",
    "UserLogin3"
)
$Group = "RDP_Operators"
New-ADGroup -Name $Group -GroupCategory Security -GroupScope DomainLocal
Add-ADGroupMember -Identity $Group -Members $Users

ืื ื™ืฉ ืœืš ืืชืจื™ AD ืžืจื•ื‘ื™ื, ืชืฆื˜ืจืš ืœื”ืžืชื™ืŸ ืขื“ ืฉื”ื•ื ื™ืฉื•ื›ืคืœ ืœื›ืœ ื‘ืงืจื™ ื”ืชื—ื•ื ืœืคื ื™ ืฉืชืžืฉื™ืš ืœืฉืœื‘ ื”ื‘ื. ื–ื” ืœื•ืงื— ื‘ื“ืจืš ื›ืœืœ ืœื ื™ื•ืชืจ ืž-15 ื“ืงื•ืช.

ืฉืœื‘ 2

ื‘ื•ืื• ื ื™ืชืŸ ืœืงื‘ื•ืฆื” ื–ื›ื•ื™ื•ืช ืœื ื”ืœ ื”ืคืขืœื•ืช ืžืกื•ืฃ ื‘ื›ืœ ืื—ื“ ืžืฉืจืชื™ ื”-RDSH:

Set-RDSPermissions.ps1

$Group = "RDP_Operators"
$Servers = @(
    "RDSHost01",
    "RDSHost02",
    "RDSHost03"
)
ForEach ($Server in $Servers) {
    #ะ”ะตะปะตะณะธั€ัƒะตะผ ะฟั€ะฐะฒะพ ะฝะฐ ั‚ะตะฝะตะฒั‹ะต ัะตััะธะธ
    $WMIHandles = Get-WmiObject `
        -Class "Win32_TSPermissionsSetting" `
        -Namespace "rootCIMV2terminalservices" `
        -ComputerName $Server `
        -Authentication PacketPrivacy `
        -Impersonation Impersonate
    ForEach($WMIHandle in $WMIHandles)
    {
        If ($WMIHandle.TerminalName -eq "RDP-Tcp")
        {
        $retVal = $WMIHandle.AddAccount($Group, 2)
        $opstatus = "ัƒัะฟะตัˆะฝะพ"
        If ($retVal.ReturnValue -ne 0) {
            $opstatus = "ะพัˆะธะฑะบะฐ"
        }
        Write-Host ("ะ”ะตะปะตะณะธั€ะพะฒะฐะฝะธะต ะฟั€ะฐะฒ ะฝะฐ ั‚ะตะฝะตะฒะพะต ะฟะพะดะบะปัŽั‡ะตะฝะธะต ะณั€ัƒะฟะฟะต " +
            $Group + " ะฝะฐ ัะตั€ะฒะตั€ะต " + $Server + ": " + $opstatus + "`r`n")
        }
    }
}

ืฉืœื‘ 3

ื”ื•ืกืฃ ืืช ื”ืงื‘ื•ืฆื” ืœืงื‘ื•ืฆื” ื”ืžืงื•ืžื™ืช ืžืฉืชืžืฉื™ ืฉื•ืœื—ืŸ ืขื‘ื•ื“ื” ืžืจื•ื—ืง ื‘ื›ืœ ืื—ื“ ืžืฉืจืชื™ ื”-RDSH. ืื ื”ืฉืจืชื™ื ืฉืœืš ืžืฉื•ืœื‘ื™ื ืœืื•ืกืคื™ ื”ืคืขืœื”, ืื ื• ืขื•ืฉื™ื ื–ืืช ื‘ืจืžืช ื”ืื™ืกื•ืฃ:

$Group = "RDP_Operators"
$CollectionName = "MyRDSCollection"
[String[]]$CurrentCollectionGroups = @(Get-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup).UserGroup
Set-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup ($CurrentCollectionGroups + $Group)

ืขื‘ื•ืจ ืฉืจืชื™ื ื‘ื•ื“ื“ื™ื ืื ื• ืžืฉืชืžืฉื™ื ืžื“ื™ื ื™ื•ืช ืงื‘ื•ืฆืชื™ืช, ืžืžืชื™ืŸ ืœื™ื™ืฉื•ื ื‘ืฉืจืชื™ื. ืžื™ ืฉืžืชืขืฆืœ ืœื—ื›ื•ืช ื™ื›ื•ืœ ืœื”ืื™ืฅ ืืช ื”ืชื”ืœื™ืš ื‘ืืžืฆืขื•ืช gpupdate ื”ื™ืฉืŸ ื•ื”ื˜ื•ื‘, ืจืฆื•ื™ ื‘ืื•ืคืŸ ืžืจื›ื–ื™.

ืฉืœื‘ 4

ื‘ื•ืื• ื ื›ื™ืŸ ืืช ื”ืชืกืจื™ื˜ ื”ื‘ื ืœ-PS ืขื‘ื•ืจ "ืžื ื”ืœื™ื":

RDSManagement.ps1

$Servers = @(
    "RDSHost01",
    "RDSHost02",
    "RDSHost03"
)

function Invoke-RDPSessionLogoff {
    Param(
        [parameter(Mandatory=$True, Position=0)][String]$ComputerName,
        [parameter(Mandatory=$true, Position=1)][String]$SessionID
    )
    $ErrorActionPreference = "Stop"
    logoff $SessionID /server:$ComputerName /v 2>&1
}

function Invoke-RDPShadowSession {
    Param(
        [parameter(Mandatory=$True, Position=0)][String]$ComputerName,
        [parameter(Mandatory=$true, Position=1)][String]$SessionID
    )
    $ErrorActionPreference = "Stop"
    mstsc /shadow:$SessionID /v:$ComputerName /control 2>&1
}

Function Get-LoggedOnUser {
    Param(
        [parameter(Mandatory=$True, Position=0)][String]$ComputerName="localhost"
    )
    $ErrorActionPreference = "Stop"
    Test-Connection $ComputerName -Count 1 | Out-Null
    quser /server:$ComputerName 2>&1 | Select-Object -Skip 1 | ForEach-Object {
        $CurrentLine = $_.Trim() -Replace "s+"," " -Split "s"
        $HashProps = @{
            UserName = $CurrentLine[0]
            ComputerName = $ComputerName
        }
        If ($CurrentLine[2] -eq "Disc") {
            $HashProps.SessionName = $null
            $HashProps.Id = $CurrentLine[1]
            $HashProps.State = $CurrentLine[2]
            $HashProps.IdleTime = $CurrentLine[3]
            $HashProps.LogonTime = $CurrentLine[4..6] -join " "
            $HashProps.LogonTime = $CurrentLine[4..($CurrentLine.GetUpperBound(0))] -join " "
        }
        else {
            $HashProps.SessionName = $CurrentLine[1]
            $HashProps.Id = $CurrentLine[2]
            $HashProps.State = $CurrentLine[3]
            $HashProps.IdleTime = $CurrentLine[4]
            $HashProps.LogonTime = $CurrentLine[5..($CurrentLine.GetUpperBound(0))] -join " "
        }
        New-Object -TypeName PSCustomObject -Property $HashProps |
        Select-Object -Property UserName, ComputerName, SessionName, Id, State, IdleTime, LogonTime
    }
}

$UserLogin = Read-Host -Prompt "ะ’ะฒะตะดะธั‚ะต ะปะพะณะธะฝ ะฟะพะปัŒะทะพะฒะฐั‚ะตะปั"
Write-Host "ะŸะพะธัะบ RDP-ัะตััะธะน ะฟะพะปัŒะทะพะฒะฐั‚ะตะปั ะฝะฐ ัะตั€ะฒะตั€ะฐั…..."
$SessionList = @()
ForEach ($Server in $Servers) {
    $TargetSession = $null
    Write-Host "  ะžะฟั€ะพั ัะตั€ะฒะตั€ะฐ $Server"
    Try {
        $TargetSession = Get-LoggedOnUser -ComputerName $Server | Where-Object {$_.UserName -eq $UserLogin}
    }
    Catch {
        Write-Host "ะžัˆะธะฑะบะฐ: " $Error[0].Exception.Message -ForegroundColor Red
        Continue
    }
    If ($TargetSession) {
        Write-Host "    ะะฐะนะดะตะฝะฐ ัะตััะธั ั ID $($TargetSession.ID) ะฝะฐ ัะตั€ะฒะตั€ะต $Server" -ForegroundColor Yellow
        Write-Host "    ะงั‚ะพ ะฑัƒะดะตะผ ะดะตะปะฐั‚ัŒ?"
        Write-Host "      1 - ะฟะพะดะบะปัŽั‡ะธั‚ัŒัั ะบ ัะตััะธะธ"
        Write-Host "      2 - ะทะฐะฒะตั€ัˆะธั‚ัŒ ัะตััะธัŽ"
        Write-Host "      0 - ะฝะธั‡ะตะณะพ"
        $Action = Read-Host -Prompt "ะ’ะฒะตะดะธั‚ะต ะดะตะนัั‚ะฒะธะต"
        If ($Action -eq "1") {
            Invoke-RDPShadowSession -ComputerName $Server -SessionID $TargetSession.ID
        }
        ElseIf ($Action -eq "2") {
            Invoke-RDPSessionLogoff -ComputerName $Server -SessionID $TargetSession.ID
        }
        Break
    }
    Else {
        Write-Host "    ัะตััะธะน ะฝะต ะฝะฐะนะดะตะฝะพ"
    }
}

ื›ื“ื™ ืœื”ืคื•ืš ืืช ืกืงืจื™ืคื˜ ื”-PS ื ื•ื— ืœื”ืคืขืœื”, ื ื™ืฆื•ืจ ืขื‘ื•ืจื• ืžืขื˜ืคืช ื‘ืฆื•ืจืช ืงื•ื‘ืฅ cmd ืขื ืฉื ื–ื”ื” ืœื–ื” ืฉืœ ื”ืกืงืจื™ืคื˜ ืฉืœ PS:

RDSManagement.cmd

@ECHO OFF
powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1" %*

ืื ื—ื ื• ืฉืžื™ื ืืช ืฉื ื™ ื”ืงื‘ืฆื™ื ื‘ืชื™ืงื™ื™ื” ืฉืชื”ื™ื” ื ื’ื™ืฉื” ืœ"ืžื ื”ืœื™ื" ื•ืžื‘ืงืฉื™ื ืžื”ื ืœื”ืชื—ื‘ืจ ืžื—ื“ืฉ. ื›ืขืช, ืขืœ ื™ื“ื™ ื”ืคืขืœืช ืงื•ื‘ืฅ ื”-cmd, ื”ื ื™ื•ื›ืœื• ืœื”ืชื—ื‘ืจ ืœื”ืคืขืœื•ืช ืฉืœ ืžืฉืชืžืฉื™ื ืื—ืจื™ื ื‘ืžืฆื‘ RDS Shadow ื•ืœืืœืฅ ืื•ืชื ืœื”ืชื ืชืง (ื–ื” ื™ื›ื•ืœ ืœื”ื™ื•ืช ืฉื™ืžื•ืฉื™ ื›ืืฉืจ ื”ืžืฉืชืžืฉ ืื™ื ื• ื™ื›ื•ืœ ืœืกื™ื™ื ื‘ืื•ืคืŸ ืขืฆืžืื™ ืกืฉืŸ "ืชืœื•ื™").

ื–ื” ื ืจืื” ื‘ืขืจืš ื›ืš:

ืขื‘ื•ืจ "ื”ืžื ื”ืœ"ื”ืืฆืœืช ื ื™ื”ื•ืœ ืžืคื’ืฉื™ RDP

ืขื‘ื•ืจ ื”ืžืฉืชืžืฉื”ืืฆืœืช ื ื™ื”ื•ืœ ืžืคื’ืฉื™ RDP

ื›ืžื” ื”ืขืจื•ืช ืื—ืจื•ื ื•ืช

ื ื™ื•ืื ืก 1. ืื ื”ืคืขืœืช ื”ืžืฉืชืžืฉ ืฉืืœื™ื• ืื ื• ืžื ืกื™ื ืœื”ืฉื™ื’ ืฉืœื™ื˜ื” ื”ื•ืฉืงื” ืœืคื ื™ ืฉื”ืกืงืจื™ืคื˜ Set-RDSPermissions.ps1 ื”ื•ืคืขืœ ื‘ืฉืจืช, ืื– ื”"ืžื ื”ืœ" ื™ืงื‘ืœ ืฉื’ื™ืืช ื’ื™ืฉื”. ื”ืคืชืจื•ืŸ ื›ืืŸ ื‘ืจื•ืจ: ื”ืžืชืŸ ืขื“ ืฉื”ืžืฉืชืžืฉ ื”ืžื ื•ื”ืœ ื™ื™ื›ื ืก.

ื ื™ื•ืื ืก 2. ืœืื—ืจ ืžืกืคืจ ื™ืžื™ื ืฉืœ ืขื‘ื•ื“ื” ืขื RDP Shadow, ืฉืžื ื• ืœื‘ ืœื‘ืื’ ืื• ืชื›ื•ื ื” ืžืขื ื™ื™ื ืช: ืœืื—ืจ ืกื™ื•ื ืกืฉืŸ ื”ืฆืœ, ืกืจื’ืœ ื”ืฉืคื” ื‘ืžื’ืฉ ื ืขืœื ืขื‘ื•ืจ ื”ืžืฉืชืžืฉ ืฉืืœื™ื• ืžื—ื•ื‘ืจ, ื•ื›ื“ื™ ืœื”ื—ื–ื™ืจ ืื•ืชื•, ื”ืžืฉืชืžืฉ ืฆืจื™ืš ืœื—ื–ื•ืจ -ื”ืชื—ื‘ืจื•ืช. ื›ืคื™ ืฉืžืชื‘ืจืจ, ืื ื—ื ื• ืœื ืœื‘ื“: ื–ืžืŸ, ะดะฒะฐ, ืฉืœื•ืฉ.

ื–ื” ื”ื›ืœ. ืื ื™ ืžืื—ืœ ืœืš ื•ืœืฉืจืชื™ื ืฉืœืš ื‘ืจื™ืื•ืช ื˜ื•ื‘ื”. ื›ืžื• ืชืžื™ื“, ืื ื™ ืžืฆืคื” ืœืžืฉื•ื‘ ืฉืœืš ื‘ืชื’ื•ื‘ื•ืช ื•ืžื‘ืงืฉ ืžืžืš ืœืงื—ืช ืืช ื”ืกืงืจ ื”ืงืฆืจ ืœืžื˜ื”.

ืžืงื•ืจื•ืช

ืจืง ืžืฉืชืžืฉื™ื ืจืฉื•ืžื™ื ื™ื›ื•ืœื™ื ืœื”ืฉืชืชืฃ ื‘ืกืงืจ. ืœื”ืชื—ื‘ืจื‘ื‘ืงืฉื”.

ื‘ืžื” ืืชื” ืžืฉืชืžืฉ?

  • 8,1%AMMYY Admin5

  • 17,7%AnyDesk11

  • 9,7%DameWare6

  • 24,2%Radmin15

  • 14,5%RDS Shadow9

  • 1,6%ืกื™ื•ืข ืžื”ื™ืจ / ืกื™ื•ืข ืžืจื—ื•ืง ืฉืœ Windows1

  • 38,7%TeamViewer24

  • 32,3%VNC20

  • 32,3%ืื—ืจ20

  • 3,2%LiteManager2

62 ืžืฉืชืžืฉื™ื ื”ืฆื‘ื™ืขื•. 22 ืžืฉืชืžืฉื™ื ื ืžื ืขื•.

ืžืงื•ืจ: www.habr.com

ื”ื•ืกืคืช ืชื’ื•ื‘ื”