M'bungwe lomwe ndimagwira ntchito, ntchito zakutali ndizoletsedwa mwalamulo. Anali. Mpaka sabata yatha. Tsopano tinayenera kukhazikitsa njira yothetsera mwamsanga. Kuchokera kubizinesi - kusintha njira kukhala mtundu watsopano wantchito, kuchokera kwa ife - PKI yokhala ndi ma PIN ndi ma tokeni, VPN, kudula mitengo mwatsatanetsatane ndi zina zambiri.
Mwa zina, ndinali kukhazikitsa Remote Desktop Infrastructure aka Terminal Services. Tili ndi maulendo angapo a RDS m'malo osiyanasiyana a data. Chimodzi mwazolinga chinali kuthandiza ogwira nawo ntchito ochokera m'madipatimenti okhudzana ndi IT kuti agwirizane ndi magawo a ogwiritsa ntchito molumikizana. Monga mukudziwira, pali njira yokhazikika ya RDS Shadow ya izi, ndipo njira yosavuta yoperekera ndikupereka ufulu kwa oyang'anira am'deralo pa seva za RDS.
Ndimalemekeza komanso kuyamikira anzanga, koma ndine wadyera kwambiri pankhani yopereka ufulu wa admin. 🙂 Kwa iwo omwe amagwirizana ndi ine, chonde tsatirani odulidwawo.
Chabwino, ntchitoyo ndi yomveka, tsopano tiyeni tipite ku bizinesi.
mwatsatane 1
Tiyeni tipange gulu lachitetezo mu Active Directory RDP_Operators ndikuphatikizamo maakaunti a ogwiritsa ntchito omwe tikufuna kuwagawira maufulu:
Ngati muli ndi masamba angapo a AD, muyenera kudikirira mpaka afotokozedwenso kwa olamulira onse musanapite ku sitepe yotsatira. Izi nthawi zambiri sizitenga mphindi zosaposa 15.
mwatsatane 2
Tiyeni tipatse gulu ufulu wowongolera magawo omaliza pa seva iliyonse ya RDSH:
Set-RDSPermissions.ps1
$Group = "RDP_Operators"
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
ForEach ($Server in $Servers) {
#Делегируем право на теневые сессии
$WMIHandles = Get-WmiObject `
-Class "Win32_TSPermissionsSetting" `
-Namespace "rootCIMV2terminalservices" `
-ComputerName $Server `
-Authentication PacketPrivacy `
-Impersonation Impersonate
ForEach($WMIHandle in $WMIHandles)
{
If ($WMIHandle.TerminalName -eq "RDP-Tcp")
{
$retVal = $WMIHandle.AddAccount($Group, 2)
$opstatus = "успешно"
If ($retVal.ReturnValue -ne 0) {
$opstatus = "ошибка"
}
Write-Host ("Делегирование прав на теневое подключение группе " +
$Group + " на сервере " + $Server + ": " + $opstatus + "`r`n")
}
}
}
mwatsatane 3
Onjezani gulu ku gulu lapafupi Ogwiritsa Ntchito Akutali pa seva iliyonse ya RDSH. Ngati ma seva anu aphatikizidwa kukhala zosonkhanitsira magawo, ndiye kuti timachita izi pamlingo wosonkhanitsa:
Kuti script PS ikhale yosavuta kuyendetsa, tipanga chipolopolo chake ngati fayilo ya cmd yokhala ndi dzina lofanana ndi PS script:
RDSMmanagement.cmd
@ECHO OFF
powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1" %*
Timayika mafayilo onse mufoda yomwe idzafikiridwe ndi "oyang'anira" ndikuwapempha kuti alowenso. Tsopano, poyendetsa fayilo ya cmd, azitha kulumikizana ndi magawo a ogwiritsa ntchito ena mumtundu wa RDS Shadow ndikuwakakamiza kuti atuluke (izi zitha kukhala zothandiza ngati wogwiritsa ntchito sangathe kudziletsa yekha gawo "lopachikidwa").
Zikuwoneka motere:
Kwa "manager"
Kwa wogwiritsa ntchito
Ndemanga zingapo zomaliza
Malingaliro 1. Ngati gawo la ogwiritsa ntchito lomwe tikuyesera kuwongolera linayambika script isanakhazikitsidwe Set-RDSPermissions.ps1 pa seva, ndiye "woyang'anira" adzalandira cholakwika chofikira. Yankho apa ndi lodziwikiratu: dikirani mpaka wogwiritsa ntchitoyo alowe.
Malingaliro 2. Patatha masiku angapo tikugwira ntchito ndi RDP Shadow, tidawona cholakwika kapena mawonekedwe osangalatsa: pambuyo pa kutha kwa gawo la mthunzi, chilankhulo cha thireyi chimasowa kuti wogwiritsa ntchito alumikizike, ndikuchibwezeretsanso, wogwiritsa ntchitoyo ayenera kuyambiranso. -Lowani muakaunti. Monga momwe zikukhalira, sitili tokha: nthawi, два, atatu.
Ndizomwezo. Ndikufunirani inu ndi ma seva anu thanzi labwino. Monga nthawi zonse, ndikuyembekezera ndemanga zanu mu ndemanga ndikukupemphani kuti mutenge kafukufuku wamfupi pansipa.