M'bungwe lomwe ndimagwira ntchito, ntchito zakutali ndizoletsedwa mwalamulo. Anali. Mpaka sabata yatha. Tsopano tinayenera kukhazikitsa njira yothetsera mwamsanga. Kuchokera kubizinesi - kusintha njira kukhala mtundu watsopano wantchito, kuchokera kwa ife - PKI yokhala ndi ma PIN ndi ma tokeni, VPN, kudula mitengo mwatsatanetsatane ndi zina zambiri.
Mwa zina, ndinali kukhazikitsa Remote Desktop Infrastructure aka Terminal Services. Tili ndi maulendo angapo a RDS m'malo osiyanasiyana a data. Chimodzi mwazolinga chinali kuthandiza ogwira nawo ntchito ochokera m'madipatimenti okhudzana ndi IT kuti agwirizane ndi magawo a ogwiritsa ntchito molumikizana. Monga mukudziwira, pali njira yokhazikika ya RDS Shadow ya izi, ndipo njira yosavuta yoperekera ndikupereka ufulu kwa oyang'anira am'deralo pa seva za RDS.
Ndimalemekeza komanso kuyamikira anzanga, koma ndine wadyera kwambiri pankhani yopereka ufulu wa admin. 🙂 Kwa iwo omwe amagwirizana ndi ine, chonde tsatirani odulidwawo.
Chabwino, ntchitoyo ndi yomveka, tsopano tiyeni tipite ku bizinesi.
mwatsatane 1
Tiyeni tipange gulu lachitetezo mu Active Directory RDP_Operators ndikuphatikizamo maakaunti a ogwiritsa ntchito omwe tikufuna kuwagawira maufulu:
$Users = @(
"UserLogin1",
"UserLogin2",
"UserLogin3"
)
$Group = "RDP_Operators"
New-ADGroup -Name $Group -GroupCategory Security -GroupScope DomainLocal
Add-ADGroupMember -Identity $Group -Members $Users
Ngati muli ndi masamba angapo a AD, muyenera kudikirira mpaka afotokozedwenso kwa olamulira onse musanapite ku sitepe yotsatira. Izi nthawi zambiri sizitenga mphindi zosaposa 15.
mwatsatane 2
Tiyeni tipatse gulu ufulu wowongolera magawo omaliza pa seva iliyonse ya RDSH:
Set-RDSPermissions.ps1
$Group = "RDP_Operators"
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
ForEach ($Server in $Servers) {
#Делегируем право на теневые сессии
$WMIHandles = Get-WmiObject `
-Class "Win32_TSPermissionsSetting" `
-Namespace "rootCIMV2terminalservices" `
-ComputerName $Server `
-Authentication PacketPrivacy `
-Impersonation Impersonate
ForEach($WMIHandle in $WMIHandles)
{
If ($WMIHandle.TerminalName -eq "RDP-Tcp")
{
$retVal = $WMIHandle.AddAccount($Group, 2)
$opstatus = "успешно"
If ($retVal.ReturnValue -ne 0) {
$opstatus = "ошибка"
}
Write-Host ("Делегирование прав на теневое подключение группе " +
$Group + " на сервере " + $Server + ": " + $opstatus + "`r`n")
}
}
}
mwatsatane 3
Onjezani gulu ku gulu lapafupi Ogwiritsa Ntchito Akutali pa seva iliyonse ya RDSH. Ngati ma seva anu aphatikizidwa kukhala zosonkhanitsira magawo, ndiye kuti timachita izi pamlingo wosonkhanitsa:
$Group = "RDP_Operators"
$CollectionName = "MyRDSCollection"
[String[]]$CurrentCollectionGroups = @(Get-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup).UserGroup
Set-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup ($CurrentCollectionGroups + $Group)
Kwa ma seva amodzi omwe timagwiritsa ntchito , kuyembekezera kuti igwiritsidwe ntchito pa ma seva. Iwo omwe ali aulesi kwambiri kuti adikire amatha kufulumizitsa ntchitoyi pogwiritsa ntchito gpupdate yakale, makamaka .
mwatsatane 4
Tiyeni tikonzekere script yotsatira ya PS ya "oyang'anira":
RDSMmanagement.ps1
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
function Invoke-RDPSessionLogoff {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
logoff $SessionID /server:$ComputerName /v 2>&1
}
function Invoke-RDPShadowSession {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
mstsc /shadow:$SessionID /v:$ComputerName /control 2>&1
}
Function Get-LoggedOnUser {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName="localhost"
)
$ErrorActionPreference = "Stop"
Test-Connection $ComputerName -Count 1 | Out-Null
quser /server:$ComputerName 2>&1 | Select-Object -Skip 1 | ForEach-Object {
$CurrentLine = $_.Trim() -Replace "s+"," " -Split "s"
$HashProps = @{
UserName = $CurrentLine[0]
ComputerName = $ComputerName
}
If ($CurrentLine[2] -eq "Disc") {
$HashProps.SessionName = $null
$HashProps.Id = $CurrentLine[1]
$HashProps.State = $CurrentLine[2]
$HashProps.IdleTime = $CurrentLine[3]
$HashProps.LogonTime = $CurrentLine[4..6] -join " "
$HashProps.LogonTime = $CurrentLine[4..($CurrentLine.GetUpperBound(0))] -join " "
}
else {
$HashProps.SessionName = $CurrentLine[1]
$HashProps.Id = $CurrentLine[2]
$HashProps.State = $CurrentLine[3]
$HashProps.IdleTime = $CurrentLine[4]
$HashProps.LogonTime = $CurrentLine[5..($CurrentLine.GetUpperBound(0))] -join " "
}
New-Object -TypeName PSCustomObject -Property $HashProps |
Select-Object -Property UserName, ComputerName, SessionName, Id, State, IdleTime, LogonTime
}
}
$UserLogin = Read-Host -Prompt "Введите логин пользователя"
Write-Host "Поиск RDP-сессий пользователя на серверах..."
$SessionList = @()
ForEach ($Server in $Servers) {
$TargetSession = $null
Write-Host " Опрос сервера $Server"
Try {
$TargetSession = Get-LoggedOnUser -ComputerName $Server | Where-Object {$_.UserName -eq $UserLogin}
}
Catch {
Write-Host "Ошибка: " $Error[0].Exception.Message -ForegroundColor Red
Continue
}
If ($TargetSession) {
Write-Host " Найдена сессия с ID $($TargetSession.ID) на сервере $Server" -ForegroundColor Yellow
Write-Host " Что будем делать?"
Write-Host " 1 - подключиться к сессии"
Write-Host " 2 - завершить сессию"
Write-Host " 0 - ничего"
$Action = Read-Host -Prompt "Введите действие"
If ($Action -eq "1") {
Invoke-RDPShadowSession -ComputerName $Server -SessionID $TargetSession.ID
}
ElseIf ($Action -eq "2") {
Invoke-RDPSessionLogoff -ComputerName $Server -SessionID $TargetSession.ID
}
Break
}
Else {
Write-Host " сессий не найдено"
}
}
Kuti script PS ikhale yosavuta kuyendetsa, tipanga chipolopolo chake ngati fayilo ya cmd yokhala ndi dzina lofanana ndi PS script:
RDSMmanagement.cmd
@ECHO OFF
powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1" %*
Timayika mafayilo onse mufoda yomwe idzafikiridwe ndi "oyang'anira" ndikuwapempha kuti alowenso. Tsopano, poyendetsa fayilo ya cmd, azitha kulumikizana ndi magawo a ogwiritsa ntchito ena mumtundu wa RDS Shadow ndikuwakakamiza kuti atuluke (izi zitha kukhala zothandiza ngati wogwiritsa ntchito sangathe kudziletsa yekha gawo "lopachikidwa").
Zikuwoneka motere:
Kwa "manager"
Kwa wogwiritsa ntchito
Ndemanga zingapo zomaliza
Malingaliro 1. Ngati gawo la ogwiritsa ntchito lomwe tikuyesera kuwongolera linayambika script isanakhazikitsidwe Set-RDSPermissions.ps1 pa seva, ndiye "woyang'anira" adzalandira cholakwika chofikira. Yankho apa ndi lodziwikiratu: dikirani mpaka wogwiritsa ntchitoyo alowe.
Malingaliro 2. Patatha masiku angapo tikugwira ntchito ndi RDP Shadow, tidawona cholakwika kapena mawonekedwe osangalatsa: pambuyo pa kutha kwa gawo la mthunzi, chilankhulo cha thireyi chimasowa kuti wogwiritsa ntchito alumikizike, ndikuchibwezeretsanso, wogwiritsa ntchitoyo ayenera kuyambiranso. -Lowani muakaunti. Monga momwe zikukhalira, sitili tokha: , , .
Ndizomwezo. Ndikufunirani inu ndi ma seva anu thanzi labwino. Monga nthawi zonse, ndikuyembekezera ndemanga zanu mu ndemanga ndikukupemphani kuti mutenge kafukufuku wamfupi pansipa.
Zotsatira
Ogwiritsa ntchito olembetsedwa okha ndi omwe angatenge nawo gawo pa kafukufukuyu. chonde.
Mumagwiritsa ntchito chiyani?
-
8,1%AMMYY Admin5
-
17,7%AnyDesk11
-
9,7%DameWare6
-
24,2%Radmin15
-
14,5%RDS Shadow9
-
1,6%Thandizo Lofulumira / Thandizo lakutali la Windows1
-
38,7%TeamViewer24
-
32,3%Chithunzi cha VNC20
-
32,3%zina20
-
3,2%LiteManager2
Ogwiritsa 62 adavota. Ogwiritsa 22 adakana.
Source: www.habr.com