Mokhatlong oo ke sebetsang ho oona, mosebetsi o ka thōko o thibetsoe ka molao-motheo. E ne e. Ho fihlela bekeng e fetileng. Joale re ne re tlameha ho kenya tšebetsong tharollo ka potlako. Ho tloha khoebong - mekhoa ea ho ikamahanya le maemo ho ea ho mokhoa o mocha oa mosebetsi, ho tloha ho rona - PKI e nang le PIN codes le tokens, VPN, ho rema lifate ka botlalo le tse ling tse ngata.
Har'a lintho tse ling, ke ne ke theha Remote Desktop Infrastructure aka Terminal Services. Re na le li-deployments tse 'maloa tsa RDS litsing tse fapaneng tsa data. E 'ngoe ea lipheo e ne e le ho thusa basebetsi-'moho ho tsoa mafapheng a amanang le IT ho hokela linako tsa basebelisi ka tšebelisano. Joalo ka ha u tseba, ho na le mochini o tloaelehileng oa Moriti oa RDS bakeng sa sena, 'me mokhoa o bonolo oa ho o abela ke ho fana ka litokelo tsa batsamaisi ba lehae ho li-server tsa RDS.
Ke hlompha le ho ananela basebetsi-'moho le 'na, empa ke meharo haholo ha ho tluoa tabeng ea ho fana ka litokelo tsa admin. 🙂 Bakeng sa ba lumellanang le 'na, ka kopo latela sehiloeng.
Che, mosebetsi o hlakile, joale a re theoheleng khoebong.
hata 1
Ha re theheng sehlopha sa ts'ireletso ho Active Directory RDP_Operators 'me u kenyeletse ho eona litlaleho tsa basebelisi bao re batlang ho ba abela litokelo:
$Users = @(
"UserLogin1",
"UserLogin2",
"UserLogin3"
)
$Group = "RDP_Operators"
New-ADGroup -Name $Group -GroupCategory Security -GroupScope DomainLocal
Add-ADGroupMember -Identity $Group -Members $Users
Haeba u na le libaka tse ngata tsa AD, u tla tlameha ho ema ho fihlela e phetoa ho balaoli bohle ba marang-rang pele u fetela mohatong o latelang. Hangata sena ha se nke metsotso e fetang 15.
hata 2
Ha re feng sehlopha litokelo tsa ho laola linako tsa terminal ho e 'ngoe le e 'ngoe ea li-server tsa RDSH:
Set-RDSPermissions.ps1
$Group = "RDP_Operators"
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
ForEach ($Server in $Servers) {
#Делегируем право на теневые сессии
$WMIHandles = Get-WmiObject `
-Class "Win32_TSPermissionsSetting" `
-Namespace "rootCIMV2terminalservices" `
-ComputerName $Server `
-Authentication PacketPrivacy `
-Impersonation Impersonate
ForEach($WMIHandle in $WMIHandles)
{
If ($WMIHandle.TerminalName -eq "RDP-Tcp")
{
$retVal = $WMIHandle.AddAccount($Group, 2)
$opstatus = "успешно"
If ($retVal.ReturnValue -ne 0) {
$opstatus = "ошибка"
}
Write-Host ("Делегирование прав на теневое подключение группе " +
$Group + " на сервере " + $Server + ": " + $opstatus + "`r`n")
}
}
}
hata 3
Kenya sehlopha sehlopheng sa lehae Basebelisi ba Remote Desktop ho e 'ngoe le e' ngoe ea li-server tsa RDSH. Haeba li-server tsa hau li kopantsoe ho ba pokello ea linako, re etsa sena maemong a pokello:
$Group = "RDP_Operators"
$CollectionName = "MyRDSCollection"
[String[]]$CurrentCollectionGroups = @(Get-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup).UserGroup
Set-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup ($CurrentCollectionGroups + $Group)
Bakeng sa li-server tse le 'ngoe tseo re li sebelisang , e emetse hore e sebelisoe ho li-server. Ba botsoa haholo ba ho ema ba ka potlakisa ts'ebetso ba sebelisa gpupdate ea khale, ka ho khetheha .
hata 4
Ha re lokisetseng mongolo o latelang oa PS bakeng sa "baokameli":
RDSMtsamaiso.ps1
$Servers = @(
"RDSHost01",
"RDSHost02",
"RDSHost03"
)
function Invoke-RDPSessionLogoff {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
logoff $SessionID /server:$ComputerName /v 2>&1
}
function Invoke-RDPShadowSession {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName,
[parameter(Mandatory=$true, Position=1)][String]$SessionID
)
$ErrorActionPreference = "Stop"
mstsc /shadow:$SessionID /v:$ComputerName /control 2>&1
}
Function Get-LoggedOnUser {
Param(
[parameter(Mandatory=$True, Position=0)][String]$ComputerName="localhost"
)
$ErrorActionPreference = "Stop"
Test-Connection $ComputerName -Count 1 | Out-Null
quser /server:$ComputerName 2>&1 | Select-Object -Skip 1 | ForEach-Object {
$CurrentLine = $_.Trim() -Replace "s+"," " -Split "s"
$HashProps = @{
UserName = $CurrentLine[0]
ComputerName = $ComputerName
}
If ($CurrentLine[2] -eq "Disc") {
$HashProps.SessionName = $null
$HashProps.Id = $CurrentLine[1]
$HashProps.State = $CurrentLine[2]
$HashProps.IdleTime = $CurrentLine[3]
$HashProps.LogonTime = $CurrentLine[4..6] -join " "
$HashProps.LogonTime = $CurrentLine[4..($CurrentLine.GetUpperBound(0))] -join " "
}
else {
$HashProps.SessionName = $CurrentLine[1]
$HashProps.Id = $CurrentLine[2]
$HashProps.State = $CurrentLine[3]
$HashProps.IdleTime = $CurrentLine[4]
$HashProps.LogonTime = $CurrentLine[5..($CurrentLine.GetUpperBound(0))] -join " "
}
New-Object -TypeName PSCustomObject -Property $HashProps |
Select-Object -Property UserName, ComputerName, SessionName, Id, State, IdleTime, LogonTime
}
}
$UserLogin = Read-Host -Prompt "Введите логин пользователя"
Write-Host "Поиск RDP-сессий пользователя на серверах..."
$SessionList = @()
ForEach ($Server in $Servers) {
$TargetSession = $null
Write-Host " Опрос сервера $Server"
Try {
$TargetSession = Get-LoggedOnUser -ComputerName $Server | Where-Object {$_.UserName -eq $UserLogin}
}
Catch {
Write-Host "Ошибка: " $Error[0].Exception.Message -ForegroundColor Red
Continue
}
If ($TargetSession) {
Write-Host " Найдена сессия с ID $($TargetSession.ID) на сервере $Server" -ForegroundColor Yellow
Write-Host " Что будем делать?"
Write-Host " 1 - подключиться к сессии"
Write-Host " 2 - завершить сессию"
Write-Host " 0 - ничего"
$Action = Read-Host -Prompt "Введите действие"
If ($Action -eq "1") {
Invoke-RDPShadowSession -ComputerName $Server -SessionID $TargetSession.ID
}
ElseIf ($Action -eq "2") {
Invoke-RDPSessionLogoff -ComputerName $Server -SessionID $TargetSession.ID
}
Break
}
Else {
Write-Host " сессий не найдено"
}
}
Ho etsa hore mongolo oa PS o sebetse hantle, re tla o etsetsa khetla ka sebopeho sa faele ea cmd e nang le lebitso le ts'oanang le lengolo la PS:
RDSMtsamaiso.cmd
@ECHO OFF
powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1" %*
Re kenya lifaele ka bobeli foldareng e tla fumaneha ho "batsamaisi" 'me re ba kope hore ba kene hape. Joale, ka ho tsamaisa faele ea cmd, ba tla khona ho hokela mananeong a basebelisi ba bang ka mokhoa oa RDS Shadow mme ba ba qobelle ho tsoa (sena se ka ba molemo ha mosebelisi a sa khone ho emisa ka boits'oaro "ho fanyeha").
E shebahala tjena:
Bakeng sa "mookameli"
Bakeng sa mosebedisi
Litlhaloso tse 'maloa tsa ho qetela
Tlhaloso ea 1. Haeba lenaneo la mosebedisi leo re lekang ho le laola le ile la qalwa pele Set-RDSPermissions.ps1 script e kenngwa ho seva, "mookamedi" o tla fumana phoso ya ho fihlella. Tharollo mona e hlakile: ema ho fihlela mosebelisi ea laoloang a kena.
Tlhaloso ea 2. Kamora matsatsi a 'maloa a ho sebetsa le RDP Shadow, re ile ra bona kokoana kapa tšobotsi e khahlisang: kamora pheletso ea seboka sa moriti, sebaka sa puo se tereing sea nyamela hore mosebelisi a hokahane le sona, mme ho e khutlisa, mosebelisi o hloka ho e khutlisa. -kena. Kamoo ho bonahalang kateng, ha re mong: , , .
Ke phetho. Ke lakaletsa uena le li-server tsa hau bophelo bo botle. Joalo ka mehla, ke lebelletse maikutlo a hau maikutlong mme ke u kopa ho nka tlhahlobo e khutšoane e ka tlase.
Mohloli
Ke basebelisi ba ngolisitsoeng feela ba ka kenyang letsoho phuputsong. ka kopo.
U sebelisa eng?
-
8,1%AMMYY Admin5
-
17,7%AnyDesk11
-
9,7%DameWare6
-
24,2%Radmin15
-
14,5%RDS Shadow9
-
1,6%Thuso e Potlakileng / Thuso ea Remote ea Windows1
-
38,7%TeamViewer24
-
32,3%VNC20
-
32,3%tse ling20
-
3,2%LiteManager2
Basebelisi ba 62 ba ile ba khetha. Basebelisi ba 22 ba ile ba hana.
Source: www.habr.com