I totonu o le faʻalapotopotoga o loʻo ou galue ai, o le galuega mamao e faʻasaina i le mataupu faavae. Sa. Seia oo i le vaiaso talu ai. O lea la ua tatau ona matou fa'atino fa'anatinati se fofo. Mai pisinisi - fetuutuunai faiga i se faiga fou galuega, mai ia i matou - PKI ma PIN codes ma faailoga, VPN, faʻamatalaga auiliili ma sili atu.
Faatasi ai ma isi mea, sa ou faʻatutuina Tele Desktop Infrastructure aka Terminal Services. E tele a matou fa'agaioiga RDS i nofoaga fa'amaumauga eseese. O se tasi o sini o le mafai lea e paʻaga mai matagaluega faʻapitoa a le IT ona faʻafesoʻotaʻi faʻatasi i tagata faʻaoga sauniga. E pei ona e iloa, o loʻo i ai se faiga masani RDS Shadow mo lenei mea, ma o le auala pito sili ona faigofie e tuʻuina atu ai o le tuʻuina atu lea o aia tatau a le pulega ile RDS servers.
Ou te faʻaaloalo ma faʻatauaina aʻu paaga, ae ou te matua matapeʻapeʻa pe a oʻo mai i le tufatufaina atu o aia tatau. 🙂 Mo i latou e malilie faatasi ma aʻu, faʻamolemole mulimuli i le tipi.
Ia, o loʻo manino le galuega, ia tatou oʻo i lalo i pisinisi.
laa 1
Sei o tatou faia se vaega saogalemu i Active Directory RDP_Operators ma aofia ai i totonu tala o na tagata faʻaoga matou te mananaʻo e tuʻuina atu i ai aia tatau:
$Users = @(
"UserLogin1",
"UserLogin2",
"UserLogin3"
)
$Group = "RDP_Operators"
New-ADGroup -Name $Group -GroupCategory Security -GroupScope DomainLocal
Add-ADGroupMember -Identity $Group -Members $Users
Afai e tele au nofoaga AD, e tatau ona e faʻatali seʻia oʻo ina toe faʻafoʻi i puleʻaga uma aʻo leʻi agai i luma i le isi laasaga. E masani ona le sili atu i le 15 minute.
laa 2
Se'i o tatou tu'uina atu i le kulupu aia tatau e fa'atautaia ai sauniga fa'ato'a i luga ole RDSH servers ta'itasi:
Set-RDSPermissions.ps1
$Group = "RDP_Operators"
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
ForEach ($Server in $Servers) {
#Делегируем право на теневые сессии
$WMIHandles = Get-WmiObject `
-Class "Win32_TSPermissionsSetting" `
-Namespace "rootCIMV2terminalservices" `
-ComputerName $Server `
-Authentication PacketPrivacy `
-Impersonation Impersonate
ForEach($WMIHandle in $WMIHandles)
{
If ($WMIHandle.TerminalName -eq "RDP-Tcp")
{
$retVal = $WMIHandle.AddAccount($Group, 2)
$opstatus = "успешно"
If ($retVal.ReturnValue -ne 0) {
$opstatus = "ошибка"
}
Write-Host ("Делегирование прав на теневое подключение группе " +
$Group + " на сервере " + $Server + ": " + $opstatus + "`r`n")
}
}
}
laa 3
Faaopoopo le vaega i le vaega i le lotoifale Tagata Fa'aoga Papamaa Mamao i luga o 'auʻaunaga RDSH taʻitasi. Afai e tuʻufaʻatasia au 'auʻaunaga i le aoina o sauniga, ona matou faia lea i le tulaga o le aoina:
$Group = "RDP_Operators"
$CollectionName = "MyRDSCollection"
[String[]]$CurrentCollectionGroups = @(Get-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup).UserGroup
Set-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup ($CurrentCollectionGroups + $Group)
Mo 'au'aunaga ta'itasi matou te fa'aogaina , faʻatali mo le faʻaaogaina i luga o sapalai. O i latou e paie e faʻatali e mafai ona faʻavave le faagasologa e faʻaaoga ai le gpupdate tuai lelei, sili .
laa 4
Sei o tatou saunia le tusitusiga PS mo "pule":
RDSManagement.ps1
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
function Invoke-RDPSessionLogoff {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
logoff $SessionID /server:$ComputerName /v 2>&1
}
function Invoke-RDPShadowSession {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
mstsc /shadow:$SessionID /v:$ComputerName /control 2>&1
}
Function Get-LoggedOnUser {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName="localhost"
)
$ErrorActionPreference = "Stop"
Test-Connection $ComputerName -Count 1 | Out-Null
quser /server:$ComputerName 2>&1 | Select-Object -Skip 1 | ForEach-Object {
$CurrentLine = $_.Trim() -Replace "s+"," " -Split "s"
$HashProps = @{
UserName = $CurrentLine[0]
ComputerName = $ComputerName
}
If ($CurrentLine[2] -eq "Disc") {
$HashProps.SessionName = $null
$HashProps.Id = $CurrentLine[1]
$HashProps.State = $CurrentLine[2]
$HashProps.IdleTime = $CurrentLine[3]
$HashProps.LogonTime = $CurrentLine[4..6] -join " "
$HashProps.LogonTime = $CurrentLine[4..($CurrentLine.GetUpperBound(0))] -join " "
}
else {
$HashProps.SessionName = $CurrentLine[1]
$HashProps.Id = $CurrentLine[2]
$HashProps.State = $CurrentLine[3]
$HashProps.IdleTime = $CurrentLine[4]
$HashProps.LogonTime = $CurrentLine[5..($CurrentLine.GetUpperBound(0))] -join " "
}
New-Object -TypeName PSCustomObject -Property $HashProps |
Select-Object -Property UserName, ComputerName, SessionName, Id, State, IdleTime, LogonTime
}
}
$UserLogin = Read-Host -Prompt "Введите логин пользователя"
Write-Host "Поиск RDP-сессий пользователя на серверах..."
$SessionList = @()
ForEach ($Server in $Servers) {
$TargetSession = $null
Write-Host " Опрос сервера $Server"
Try {
$TargetSession = Get-LoggedOnUser -ComputerName $Server | Where-Object {$_.UserName -eq $UserLogin}
}
Catch {
Write-Host "Ошибка: " $Error[0].Exception.Message -ForegroundColor Red
Continue
}
If ($TargetSession) {
Write-Host " Найдена сессия с ID $($TargetSession.ID) на сервере $Server" -ForegroundColor Yellow
Write-Host " Что будем делать?"
Write-Host " 1 - подключиться к сессии"
Write-Host " 2 - завершить сессию"
Write-Host " 0 - ничего"
$Action = Read-Host -Prompt "Введите действие"
If ($Action -eq "1") {
Invoke-RDPShadowSession -ComputerName $Server -SessionID $TargetSession.ID
}
ElseIf ($Action -eq "2") {
Invoke-RDPSessionLogoff -ComputerName $Server -SessionID $TargetSession.ID
}
Break
}
Else {
Write-Host " сессий не найдено"
}
}
Ina ia faʻafaigofie le faʻasologa o le PS, o le a matou faia se atigi mo ia i foliga o se faila cmd ma le igoa tutusa ma le PS script:
RDSManagement.cmd
@ECHO OFF
powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1" %*
Matou te tuʻuina uma faila i totonu o se pusa e mafai ona maua e "pule" ma fai atu ia i latou e toe saini. I le taimi nei, e ala i le faʻaogaina o le faila cmd, o le a mafai ona latou faʻafesoʻotaʻi i vasega a isi tagata faʻaoga i le RDS Shadow mode ma faʻamalosia i latou e sau i fafo (e mafai ona aoga pe a le mafai e le tagata faʻaoga ona faʻamutaina tutoatasi se sauniga "tautau").
E pei o lenei:
Mo le "pule"
Mo le tagata fa'aoga
O nai faamatalaga mulimuli
Nuance 1. Afai o le faʻaoga faʻaoga lea o loʻo matou taumafai e maua le pule na faʻalauiloaina aʻo leʻi faia le Set-RDSPermissions.ps1 script i luga o le 'auʻaunaga, ona maua lea e le "pule" se mea sese avanoa. O le fofo iinei o loʻo manino: faʻatali seʻia oʻo i totonu le tagata faʻafoe.
Nuance 2. Ina ua mavae ni nai aso o le galulue faatasi ma le RDP Shadow, na matou matauina se pusa manaia po o se mea: a maeʻa le sauniga paolo, e mou atu le pa o le gagana i totonu o le fata mo le tagata o loʻo fesoʻotaʻi i ai, ma ina ia toe maua mai, e manaʻomia e le tagata faʻaoga -login. E foliga mai, e le o tuua na o i tatou: , , .
Pau lava lena. Ou te mana'o ia manuia oe ma au 'au'aunaga. E pei o taimi uma, ou te tulimatai atu i lau faʻamatalaga i faʻamatalaga ma fai atu ia te oe e fai le suʻesuʻega puupuu i lalo.
Punaoa
Na'o tagata fa'aigoaina e mafai ona auai i le su'esu'ega. , faʻamolemole.
O le a le mea e te fa'aaogaina?
-
8,1%AMMYY Pule5
-
17,7%AnyDesk11
-
9,7%DameWare6
-
24,2%Radmin15
-
14,5%RDS Ataata9
-
1,6%Fesoasoani Vave / Fesoasoani Mamao Windows1
-
38,7%TeamViewer24
-
32,3%VNC20
-
32,3%isi20
-
3,2%LiteManager2
62 tagata fa'aoga na palota. 22 tagata fa'aoga na le mafai.
puna: www.habr.com