Ndayesa kulowa mkati pogwiritsa ntchito ndipo anaigwiritsa ntchito kupeza zambiri za ogwiritsa ntchito kuchokera mu Active Directory (yomwe tsopano imatchedwa AD). Panthawiyo, kutsindika kwanga kunali kusonkhanitsa zidziwitso za umembala wa gulu lachitetezo ndikugwiritsa ntchito chidziwitsocho poyendetsa maukonde. Mulimonsemo, AD ili ndi zidziwitso za ogwira ntchito, zina zomwe siziyenera kupezeka kwa aliyense m'bungwe. M'malo mwake, mumafayilo amtundu wa Windows pali chofanana , yomwe ingagwiritsidwenso ntchito ndi omwe akuukira mkati ndi kunja.
Koma tisanakambirane zachinsinsi komanso momwe tingakonzere, tiyeni tiwone zomwe zasungidwa mu AD.
Active Directory ndi Facebook yamakampani
Koma mu nkhani iyi, inu kale ubwenzi ndi aliyense! Mwina simungadziwe za mafilimu, mabuku, kapena malo odyera omwe anzanu amakonda, koma AD ili ndi zidziwitso zachinsinsi.
deta ndi madera ena amene angagwiritsidwe ntchito hackers ngakhale mkati popanda luso lapadera luso.
Oyang'anira makina amadziwa bwino chithunzi chomwe chili pansipa. Awa ndi mawonekedwe a Active Directory Users and Computers (ADUC) pomwe amakhazikitsa ndikusintha zambiri za ogwiritsa ntchito ndikugawa ogwiritsa ntchito kumagulu oyenera.
AD ili ndi minda ya dzina lantchito, adilesi, ndi nambala yafoni, motero imafanana ndi bukhu lamafoni. Koma pali zambiri! Ma tabu ena amaphatikizanso imelo ndi adilesi ya intaneti, woyang'anira mzere, ndi zolemba.
Kodi aliyense m'bungwe ayenera kuwona izi, makamaka mu nthawi , pamene chilichonse chatsopano chimapangitsa kufufuza zambiri kukhala kosavuta?
Inde sichoncho! Vuto limakulitsidwa pamene deta yochokera kwa oyang'anira akuluakulu a kampani ikupezeka kwa antchito onse.
PowerView kwa aliyense
Apa ndipamene PowerView imayamba kusewera. Imapereka mawonekedwe osavuta a PowerShell kuzinthu zapansi (komanso zosokoneza) Win32 zomwe zimapeza AD. Mwachidule:
izi zimapangitsa kubwezeretsa minda ya AD kukhala kosavuta monga kulemba cmdlet yaifupi kwambiri.
Tiyeni titenge chitsanzo cha kusonkhanitsa zambiri za wogwira ntchito ku Cruella Deville, yemwe ndi mmodzi wa atsogoleri a kampaniyo. Kuti muchite izi, gwiritsani ntchito PowerView get-NetUser cmdlet:
Kuyika PowerView sivuto lalikulu - dziwoneni nokha patsamba . Ndipo chofunika kwambiri, simukusowa mwayi wapamwamba kuti muyendetse malamulo ambiri a PowerView, monga get-NetUser. Mwanjira iyi, wogwira ntchito wolimbikitsidwa koma wosazindikira kwambiri zaukadaulo amatha kuyamba kucheza ndi AD popanda kuyesetsa kwambiri.
Kuchokera pazithunzi pamwambapa, mutha kuwona kuti wamkati amatha kuphunzira zambiri za Cruella. Kodi mwawonanso kuti gawo la "zidziwitso" limawulula zambiri zamakhalidwe ndi mawu achinsinsi a wogwiritsa ntchito?
Izi sizongoyerekeza. Kuchokera Ndinaphunzira kuti amajambula AD kuti apeze mawu achinsinsi, ndipo nthawi zambiri zoyesayesa izi zimakhala bwino mwatsoka. Amadziwa kuti makampani ndi osasamala ndi chidziwitso mu AD, ndipo amakonda sadziwa mutu wotsatira: zilolezo za AD.
Active Directory ili ndi ma ACL ake
Mawonekedwe a AD Ogwiritsa ndi Makompyuta amakulolani kuti muyike zilolezo pa zinthu za AD. AD ili ndi ma ACL ndipo olamulira atha kupereka kapena kukana kulowa nawo. Muyenera alemba "mwaukadauloZida" mu ADUC View menyu ndiyeno pamene inu kutsegula wosuta mudzaona "Security" tabu kumene inu anapereka ACL.
Muzochitika zanga za Cruella, sindinkafuna kuti Ogwiritsa Ntchito Onse Ovomerezeka athe kuwona zambiri zake, kotero ndidawakana kuti awerenge:
Ndipo tsopano wosuta wamba aziwona izi ngati ayesa Get-NetUser mu PowerView:
Ndinakwanitsa kubisa mfundo zodziwikiratu kuti nβzothandiza mβmaso mwathu. Kuti lizipezeka kwa ogwiritsa ntchito oyenerera, ndinapanga ACL ina kuti ndilole mamembala a gulu la VIP (Cruella ndi anzake ena apamwamba) kuti apeze deta yovutayi. Mwa kuyankhula kwina, ndinakhazikitsa zilolezo za AD kutengera chitsanzo, zomwe zinapangitsa kuti deta yachinsinsi ikhale yosatheka kwa antchito ambiri, kuphatikizapo Insiders.
Komabe, mutha kupanga umembala wa gulu kuti usawonekere kwa ogwiritsa ntchito pokhazikitsa ACL pa chinthu chamagulu mu AD molingana. Izi zidzathandiza pankhani yachinsinsi ndi chitetezo.
Mu zake Ndidawonetsa momwe mungayendetsere dongosololi powunika umembala wamagulu pogwiritsa ntchito PowerViews Get-NetGroupMember. M'mawu anga, ndinaletsa mwayi wowerenga kukhala membala wa gulu linalake. Mutha kuwona zotsatira zoyendetsa lamuloli musanasinthe komanso pambuyo pake:
Ndinatha kubisa umembala wa Cruella ndi Monty Burns mu gulu la anthu a VIP, zomwe zinapangitsa kuti zikhale zovuta kwa ozembera ndi anthu omwe ali m'kati kuti awone zowonongeka.
Nkhaniyi idapangidwa kuti ikulimbikitseni kuti muyang'ane m'minda
AD ndi zilolezo zofananira. AD ndi chida chabwino, koma ganizirani momwe mungachitire
ndinkafuna kugawana zinsinsi ndi zambiri zaumwini, makamaka
zikafika kwa akuluakulu a bungwe lanu.
Source: www.habr.com