Haddii aad leedahay goobo badan oo AD, waxaad u baahan doontaa inaad sugto ilaa lagu soo koobo dhammaan maamulayaasha domain ka hor intaadan u gudbin tallaabada xigta. Tani waxay badanaa qaadanaysaa wax aan ka badnayn 15 daqiiqo.
talaabo 2
Aan siino kooxda xuquqaha ay ku maareeyaan fadhiyada dhamaadka mid kasta oo ka mid ah server-yada RDSH:
Deji-RDSPermissions.ps1
$Group = "RDP_Operators"
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
ForEach ($Server in $Servers) {
#Делегируем право на теневые сессии
$WMIHandles = Get-WmiObject `
-Class "Win32_TSPermissionsSetting" `
-Namespace "rootCIMV2terminalservices" `
-ComputerName $Server `
-Authentication PacketPrivacy `
-Impersonation Impersonate
ForEach($WMIHandle in $WMIHandles)
{
If ($WMIHandle.TerminalName -eq "RDP-Tcp")
{
$retVal = $WMIHandle.AddAccount($Group, 2)
$opstatus = "успешно"
If ($retVal.ReturnValue -ne 0) {
$opstatus = "ошибка"
}
Write-Host ("Делегирование прав на теневое подключение группе " +
$Group + " на сервере " + $Server + ": " + $opstatus + "`r`n")
}
}
}
talaabo 3
Ku dar kooxda kooxda deegaanka Isticmaalayaasha Desktop Fog mid kasta oo ka mid ah server-yada RDSH Haddii serfaradaada lagu daro ururinta fadhiga, markaa waxaanu ku samaynaa tan heerka ururinta:
Hal server ayaan u isticmaalnaa siyaasadda kooxda, sugaya in lagu dabaqo server-yada. Kuwa caajiska ah si ay u sugaan waxay dedejin karaan habka iyagoo isticmaalaya gpupdate duug ah oo wanaagsan, la doorbidayo dhexe.
talaabo 4
Aan u diyaarino qoraalka PS ee soo socda ee "maareeyayaasha":
Si qoraalka PS looga dhigo mid ku habboon in lagu shaqeeyo, waxaan u abuuri doonaa qolof qaab faylka cmd oo leh magac la mid ah qoraalka PS:
RDSManagement.cmd
@ECHO OFF
powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1" %*
Waxaan labada fayl gelinay gal ay heli karaan "maareeyayaasha" oo waydiina inay dib u soo galaan. Hadda, iyaga oo socodsiinaya faylka cmd, waxay awoodi doonaan inay ku xidhmaan fadhiyada isticmaaleyaasha kale ee qaabka Shadow RDS oo ay ku qasbaan inay ka baxaan (tani waxay noqon kartaa mid faa'iido leh marka isticmaaluhu aanu si madax-banaan u joojin karin fadhiga "daldalida").
Waxay u egtahay sidan:
"maamulaha"
Isticmaalaha
Dhawr faallood oo u dambeeya
Nuance 1. Haddii kalfadhiga isticmaalaha ee aan isku dayeyno inaan xakameyno ayaa la bilaabay ka hor inta aan Set-RDSPermissions.ps1 lagu fulin server-ka, markaa "maamulaha" wuxuu heli doonaa cilad gelitaanka. Xalka halkan waa cad yahay: sug ilaa isticmaale la maareeyay uu galo.
Nuance 2. Dhowr maalmood ka dib markii aan la shaqeynay RDP Shadow, waxaan ogaanay bug ama muuqaal xiiso leh: ka dib dhammaadka fadhiga hadh, baarka luqadda ee saxanka ayaa meesha ka baxaya isticmaalaha lagu xirayo, iyo si loo soo celiyo, isticmaaluhu wuxuu u baahan yahay inuu dib u soo celiyo. -galitaanka. Sida ay soo baxday, keligood ma nihin: jeer, два, saddex.
Waa intaas. Waxaan idiin rajaynayaa caafimaad wanaagsan adiga iyo adeegayaashaada Sida had iyo jeer, waxaan rajaynayaa ra'yi-celintaada faallooyinka waxaanan ku weydiinayaa inaad qaadato sahanka gaaban ee hoose.