In ordinatione ubi laboro, remotum opus prohibetur in principio. Erat. Usque ad diem sabbati. Nunc solutionem peragendam instanter habuimus. Ex negotio - accommodando processuum ad novam formationem operis, a nobis - PKI cum codicibus PIN et signis, VPN, colligationem et multo plura.
Inter alia, Desktop infrastructuram remotam aka Terminal Services instituebam. Plures RDS operas habemus in diversis centris notitiis. Una proposita erat ut collegas ex actis IT Dicasteriis coniungere ad sessiones usorum interactive. Ut scis, vexillum RDS Shadow ad hoc mechanismum est, et via facillima delegandi est administratori locali iura dare servientibus RDS.
Collegas meos colam et aestimo, sed sum nimis avarus cum adveniens admin iura tradendi. Nam qui assentior mihi, sectari placet.
Bene, negotium patet, nunc ad negotia descendamus.
1 step
Faciamus securitatem coetus in Active Directory RDP_Operators et in ea rationes utentium utentium, quibus iura delegare volumus;
$Users = @(
"UserLogin1",
"UserLogin2",
"UserLogin3"
)
$Group = "RDP_Operators"
New-ADGroup -Name $Group -GroupCategory Security -GroupScope DomainLocal
Add-ADGroupMember -Identity $Group -Members $Users
Si plures AD sites habes, exspectare debes, donec omnibus dominiis moderatoribus replicatur antequam ad gradum proximum progrediaris. Hoc plerumque non plus quam XV minuta.
2 step
Demus coetui iura disponendi sessiones terminales in singulis RDSH servientibus:
Set-RDSPermissions.ps1
$Group = "RDP_Operators"
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
ForEach ($Server in $Servers) {
#ΠΠ΅Π»Π΅Π³ΠΈΡΡΠ΅ΠΌ ΠΏΡΠ°Π²ΠΎ Π½Π° ΡΠ΅Π½Π΅Π²ΡΠ΅ ΡΠ΅ΡΡΠΈΠΈ
$WMIHandles = Get-WmiObject `
-Class "Win32_TSPermissionsSetting" `
-Namespace "rootCIMV2terminalservices" `
-ComputerName $Server `
-Authentication PacketPrivacy `
-Impersonation Impersonate
ForEach($WMIHandle in $WMIHandles)
{
If ($WMIHandle.TerminalName -eq "RDP-Tcp")
{
$retVal = $WMIHandle.AddAccount($Group, 2)
$opstatus = "ΡΡΠΏΠ΅ΡΠ½ΠΎ"
If ($retVal.ReturnValue -ne 0) {
$opstatus = "ΠΎΡΠΈΠ±ΠΊΠ°"
}
Write-Host ("ΠΠ΅Π»Π΅Π³ΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ ΠΏΡΠ°Π² Π½Π° ΡΠ΅Π½Π΅Π²ΠΎΠ΅ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π³ΡΡΠΏΠΏΠ΅ " +
$Group + " Π½Π° ΡΠ΅ΡΠ²Π΅ΡΠ΅ " + $Server + ": " + $opstatus + "`r`n")
}
}
}
3 step
Addere coetus ad loci group Remota Desktop Users singulis RDSH servientibus. Si servitores tui in collectionibus sessionibus componantur, hoc in gradu collectionis facimus:
$Group = "RDP_Operators"
$CollectionName = "MyRDSCollection"
[String[]]$CurrentCollectionGroups = @(Get-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup).UserGroup
Set-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup ($CurrentCollectionGroups + $Group)
Pro uno servers utimur expectans applicandum servientibus. Qui etiam pigri sunt exspectandi processum accelerare possunt utendi bonae aetatis gupdate, potius .
4 step
Praeparent sequentia PS pro "procuratoribus":
RDSManagement.ps1
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
function Invoke-RDPSessionLogoff {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
logoff $SessionID /server:$ComputerName /v 2>&1
}
function Invoke-RDPShadowSession {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
mstsc /shadow:$SessionID /v:$ComputerName /control 2>&1
}
Function Get-LoggedOnUser {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName="localhost"
)
$ErrorActionPreference = "Stop"
Test-Connection $ComputerName -Count 1 | Out-Null
quser /server:$ComputerName 2>&1 | Select-Object -Skip 1 | ForEach-Object {
$CurrentLine = $_.Trim() -Replace "s+"," " -Split "s"
$HashProps = @{
UserName = $CurrentLine[0]
ComputerName = $ComputerName
}
If ($CurrentLine[2] -eq "Disc") {
$HashProps.SessionName = $null
$HashProps.Id = $CurrentLine[1]
$HashProps.State = $CurrentLine[2]
$HashProps.IdleTime = $CurrentLine[3]
$HashProps.LogonTime = $CurrentLine[4..6] -join " "
$HashProps.LogonTime = $CurrentLine[4..($CurrentLine.GetUpperBound(0))] -join " "
}
else {
$HashProps.SessionName = $CurrentLine[1]
$HashProps.Id = $CurrentLine[2]
$HashProps.State = $CurrentLine[3]
$HashProps.IdleTime = $CurrentLine[4]
$HashProps.LogonTime = $CurrentLine[5..($CurrentLine.GetUpperBound(0))] -join " "
}
New-Object -TypeName PSCustomObject -Property $HashProps |
Select-Object -Property UserName, ComputerName, SessionName, Id, State, IdleTime, LogonTime
}
}
$UserLogin = Read-Host -Prompt "ΠΠ²Π΅Π΄ΠΈΡΠ΅ Π»ΠΎΠ³ΠΈΠ½ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ"
Write-Host "ΠΠΎΠΈΡΠΊ RDP-ΡΠ΅ΡΡΠΈΠΉ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ Π½Π° ΡΠ΅ΡΠ²Π΅ΡΠ°Ρ
..."
$SessionList = @()
ForEach ($Server in $Servers) {
$TargetSession = $null
Write-Host " ΠΠΏΡΠΎΡ ΡΠ΅ΡΠ²Π΅ΡΠ° $Server"
Try {
$TargetSession = Get-LoggedOnUser -ComputerName $Server | Where-Object {$_.UserName -eq $UserLogin}
}
Catch {
Write-Host "ΠΡΠΈΠ±ΠΊΠ°: " $Error[0].Exception.Message -ForegroundColor Red
Continue
}
If ($TargetSession) {
Write-Host " ΠΠ°ΠΉΠ΄Π΅Π½Π° ΡΠ΅ΡΡΠΈΡ Ρ ID $($TargetSession.ID) Π½Π° ΡΠ΅ΡΠ²Π΅ΡΠ΅ $Server" -ForegroundColor Yellow
Write-Host " Π§ΡΠΎ Π±ΡΠ΄Π΅ΠΌ Π΄Π΅Π»Π°ΡΡ?"
Write-Host " 1 - ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠΈΡΡΡΡ ΠΊ ΡΠ΅ΡΡΠΈΠΈ"
Write-Host " 2 - Π·Π°Π²Π΅ΡΡΠΈΡΡ ΡΠ΅ΡΡΠΈΡ"
Write-Host " 0 - Π½ΠΈΡΠ΅Π³ΠΎ"
$Action = Read-Host -Prompt "ΠΠ²Π΅Π΄ΠΈΡΠ΅ Π΄Π΅ΠΉΡΡΠ²ΠΈΠ΅"
If ($Action -eq "1") {
Invoke-RDPShadowSession -ComputerName $Server -SessionID $TargetSession.ID
}
ElseIf ($Action -eq "2") {
Invoke-RDPSessionLogoff -ComputerName $Server -SessionID $TargetSession.ID
}
Break
}
Else {
Write-Host " ΡΠ΅ΡΡΠΈΠΉ Π½Π΅ Π½Π°ΠΉΠ΄Π΅Π½ΠΎ"
}
}
Ad currendum congruum scribendum PS, concham efficiemus pro ea in modum fasciculi cmdalis eiusdem nominis ac PS script;
RDSManagement.cmd
@ECHO OFF
powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1" %*
Ambas tabellas in folder ponemus quod "procuratores" pervium erit et eas ad re-login petendum. Nunc, cmd fasciculum decurrentes, sessionibus aliorum utentium in RDS Shadow modum coniungere valebunt et eas ad logandum cogunt (quod utile esse potest cum usor sine sessione "tentorium" terminare non potest.
Spectat aliquid simile hoc;
Nam "procurator"
Nam user
Paucis commentaria finalia
Nuance 1. Si usoris sessionem cui imperium obtinere conamur ante Institutum RDSPermissions.ps1 scriptum factum est in servo, tunc "procurator" errorem accessum accipiet. Solutio hic manifesta est: exspecta donec acta usoris administrata in.
Nuance 2. Post aliquot dies cum RDP Shadow laborandum est, cimex vel pluma interesting animadvertimus: post finem sessionis umbrae, lingua in lance evanescit pro usuario coniuncta et ut eam recipiat, usor debet re. -login. Quod evenit, soli non sumus; , , .
Id omne. Opto tibi tuisque servis bene valere. Ut semper, tuas opiniones in commentationibus exspecto et te rogo ut brevem extensionem infra accipias.
fontibus
Tantum usores descripserunt in aliquet participare possunt. Te gratissimum esse.
Quid uteris?
-
8,1%AMMYY Admin5
-
17,7%AnyDesk11
-
9,7%DameWare6
-
24,2%Radmin15
-
14,5%RDS Shadow9
-
1,6%Velox Adiuva / Fenestra Longinquus Assistance1
-
38,7%TeamViewer24
-
32,3%VNC20
-
32,3%other20
-
3,2%LiteManager2
62 utentes censuerunt. 22 utentes abstinuerunt.
Source: www.habr.com