Kukwezera mwaiwu ndiko kugwiritsa ntchito ufulu waakaunti wa omwe akuwukirayo kuti apeze mwayi wowonjezera, nthawi zambiri wapamwamba, wofikira padongosolo. Ngakhale kukwera kwamwayi kumatha kukhala chifukwa cha zochitika zamasiku a ziro, obera anzawo akuyambitsa ziwopsezo zomwe akufuna, kapena pulogalamu yaumbanda yobisidwa mwanzeru, izi zimachitika nthawi zambiri chifukwa cha kusasinthika kwamakompyuta kapena akaunti. Kukulitsa chiwopsezocho, owukirawo amapezerapo mwayi pazovuta zingapo zapayekha, zomwe zingayambitse kutayikira kwa data.
Chifukwa chiyani ogwiritsa ntchito asakhale ndi ufulu woyang'anira dera?
Ngati ndinu katswiri wachitetezo, zitha kuwoneka zomveka kuti ogwiritsa ntchito sayenera kukhala ndi ufulu woyang'anira, chifukwa izi:
- Imapangitsa maakaunti awo kukhala pachiwopsezo chazovuta zosiyanasiyana
- Zimapangitsa kuukira komweku kukhala kovuta kwambiri
Tsoka ilo, kumabungwe ambiri iyi ikadali nkhani yotsutsana kwambiri ndipo nthawi zina imatsagana ndi zokambirana zaukali (onani, mwachitsanzo, ). Popanda tsatanetsatane wa zokambiranazi, tikukhulupirira kuti wowukirayo adapeza ufulu woyang'anira m'deralo pa dongosolo lomwe likufufuzidwa, mwina pogwiritsa ntchito masuku pamutu kapena chifukwa makinawo sanatetezedwe bwino.
Khwerero 1: Bwezerani Kusintha kwa Dzina la DNS Pogwiritsa Ntchito PowerShell
Mwachikhazikitso, PowerShell imayikidwa pamalo ambiri ogwirira ntchito komanso pa ma seva ambiri a Windows. Ndipo ngakhale sizokokomeza kuti zimawonedwa ngati chida chothandiza kwambiri komanso chowongolera, zimathanso kusintha kukhala zosaoneka. (pulogalamu yowonongeka yomwe imasiya zizindikiro za kuukira).
Kwa ife, wowukirayo amayamba kuwunikiranso ma netiweki pogwiritsa ntchito PowerShell script, motsatizana motsatizana kudzera pa adilesi ya IP ya netiweki, kuyesa kudziwa ngati IP yoperekedwayo yatsimikiza kwa wolandila, ndipo ngati ndi choncho, dzina la netiweki la wolandilayo ndi liti.
Pali njira zambiri zochitira ntchitoyi, koma kugwiritsa ntchito cmdlet ADComputer ndi njira yodalirika chifukwa imabweretsanso deta yochuluka kwambiri pa node iliyonse:
import-module activedirectory Get-ADComputer -property * -filter { ipv4address -eq β10.10.10.10β}Ngati kuthamanga pamanetiweki akulu kuli vuto, kuyimba foni yamtundu wa DNS kungagwiritsidwe ntchito:
[System.Net.Dns]::GetHostEntry(β10.10.10.10β).HostName
Njira iyi yowerengera makamu pamaneti ndiyotchuka kwambiri chifukwa maukonde ambiri sagwiritsa ntchito zero trust security model ndipo sayang'anira mafunso amkati a DNS pakuchita kuphulika kokayikitsa.
Gawo 2: Sankhani chandamale
Chotsatira cha sitepe iyi ndikupeza mndandanda wa mayina a seva ndi malo ogwira ntchito omwe angagwiritsidwe ntchito kupitiriza kuukira.
Kutengera dzina lake, seva ya 'HUB-FILER' ikuwoneka ngati chandamale choyenera chifukwa ... M'kupita kwa nthawi, ma seva amafayilo amakonda kudziunjikira mafoda ambiri pamanetiweki ndikufikira anthu ambiri.
Kusakatula ndi Windows Explorer kumatilola kudziwa kuti pali foda yotseguka yogawana, koma akaunti yathu yapano sitingathe kuyipeza (mwina tili ndi ufulu wosankha).
Gawo 3: Kuphunzira ACL
Tsopano pa HUB-FILER yathu yolandila ndikugawana chandamale, titha kuyendetsa script ya PowerShell kuti tipeze ACL. Titha kuchita izi kuchokera pamakina akomweko, popeza tili ndi ufulu woyang'anira dera:
(get-acl hub-filershare).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags βautoZotsatira:
Kuchokera pamenepo tikuwona kuti gulu la Ogwiritsa Ntchito Domain lili ndi mwayi wopita pamndandanda, koma gulu la Helpdesk lilinso ndi ufulu wosintha.
Khwerero 4: Chizindikiritso cha Akaunti
Pothamanga , titha kupeza mamembala onse agululi:
Get-ADGroupMember -identity Helpdesk
Pamndandandawu tikuwona akaunti yapakompyuta yomwe tazindikira kale ndipo tafika kale:
Khwerero 5: Gwiritsani ntchito PSExec kugwira ntchito pansi pa akaunti yapakompyuta
kuchokera ku Microsoft Sysinternals imakupatsani mwayi woti muzitsatira malamulo muakaunti ya system SYSTEM@HUB-SHAREPOINT, yomwe tikudziwa kuti ndi membala wa gulu la Helpdesk. Ndiye kuti, tiyenera kuchita:
PsExec.exe -s -i cmd.exeChabwino, ndiye kuti mumatha kupeza chikwatu chomwe mukufuna HUB-FILERshareHR, popeza mukugwira ntchito muakaunti yapakompyuta ya HUB-SHAREPOINT. Ndipo ndi mwayi umenewu, deta ikhoza kukopera ku chipangizo chosungirako chonyamula kapena kubwezanso ndikusamutsidwa pa intaneti.
Gawo 6: Dziwani izi
Chiwopsezo cha kasinthidwe ka zilolezo za akauntiyi (maakaunti apakompyuta ofikira magawo a netiweki m'malo mwa maakaunti a ogwiritsa ntchito kapena maakaunti a ntchito) zitha kupezeka. Komabe, popanda zida zoyenera, izi ndizovuta kwambiri kuchita.
Kuti tizindikire ndikupewa kuukira kwa gulu ili, titha kugwiritsa ntchito kuzindikira magulu omwe ali ndi maakaunti apakompyuta mkati mwake, ndikukana kuwapeza. zimapita patsogolo ndikukulolani kuti mupange zidziwitso makamaka zamtunduwu.
Chithunzi chomwe chili pansipa chikuwonetsa chidziwitso chomwe chidzayambika nthawi iliyonse akaunti yapakompyuta ikapeza data pa seva yoyang'aniridwa.
Njira zotsatirazi pogwiritsa ntchito PowerShell
Mukufuna kudziwa zambiri? Gwiritsani ntchito nambala yotsegulira "blog" kuti mupeze zambiri zaulere .
Source: www.habr.com