Ukukhushulwa kwelungelo ukusetshenziswa umhlaseli wamalungelo wamanje we-akhawunti ukuze azuze okwengeziwe, ngokuvamile izinga eliphezulu lokufinyelela kusistimu. Nakuba ukukhuphuka kwelungelo kungase kube umphumela wokusebenzisa ubungozi bosuku oluyiziro, noma umsebenzi wabagebengu bendawo abahlaselayo, noma uhlelo olungayilungele ikhompuyutha olucashwe kahle, ngokuvamile kungenxa yokungalungiselelwa kahle kwekhompyutha noma i-akhawunti. Ukuthuthukisa ukuhlasela ngokuqhubekayo, abahlaseli basebenzisa inani elithile lobuthakathaka obubodwa, obuhlangene obungaholela ekuputshuzweni kwedatha okuyinhlekelele.
Kungani abasebenzisi kungafanele babe namalungelo omlawuli wendawo?
Uma uchwepheshe wezokuphepha, kungase kubonakale kusobala ukuthi abasebenzisi akufanele babe namalungelo omlawuli wendawo, njengalokhu:
- Yenza ama-akhawunti abo abe sengozini yokuhlaselwa okuhlukahlukene
- Kwenza lokho kuhlasela okufanayo kube nzima kakhulu
Ngeshwa, ezinhlanganweni eziningi lokhu kusewudaba oluyimpikiswano futhi ngezinye izikhathi luhambisana nezingxoxo ezishisayo (bheka, isibonelo,
Isinyathelo 1Hlehlisa Ukulungiswa kwe-DNS nge-PowerShell
Ngokuzenzakalelayo, i-PowerShell ifakwe ezindaweni zokusebenza eziningi zasendaweni kanye namaseva amaningi e-Windows. Futhi nakuba kungenalo ihaba ukuthi kuthathwa njengethuluzi elisebenza ngokuzenzakalelayo nokulawula eliwusizo ngendlela emangalisayo, iyakwazi ngokufanayo ukuziguqula ibe into ecishe ingabonakali.
Esimweni sethu, umhlaseli uqala ukwenza uphenyo lwenethiwekhi esebenzisa iskripthi se-PowerShell, ephindaphinda ngokulandelana endaweni yekheli le-IP yenethiwekhi, ezama ukunquma ukuthi i-IP enikeziwe ixazulula yini kumsingathi, futhi uma kunjalo, lithini igama lenethiwekhi yalo msingathi.
Kunezindlela eziningi zokwenza lo msebenzi, kodwa usebenzisa i-cmdlet
import-module activedirectory Get-ADComputer -property * -filter { ipv4address -eq β10.10.10.10β}
Uma isivinini kumanethiwekhi amakhulu siyinkinga, ukushayela emuva kwe-DNS kungasetshenziswa:
[System.Net.Dns]::GetHostEntry(β10.10.10.10β).HostName
Le ndlela yokufakwa kuhlu yabasingathi kunethiwekhi idume kakhulu, njengoba amanethiwekhi amaningi engasebenzisi imodeli yokuphepha ye-zero-trust futhi angaqapheli imibuzo ye-DNS yangaphakathi ngokuqhuma okusolisayo komsebenzi.
Isinyathelo sesi-2: Khetha okuqondiwe
Umphumela walesi sinyathelo uwukuthola uhlu lweseva namagama omethuleli wesiteshi sokusebenzela angasetshenziswa ukuqhubeka nokuhlasela.
Kusukela egameni, iseva ye-'HUB-FILER' ibonakala njengethagethi efanelekayo, kusukela lapho ngokuhamba kwesikhathi, amaseva wefayela, njengomthetho, aqongelela inani elikhulu lamafolda enethiwekhi nokufinyelela ngokweqile kuwo ngabantu abaningi.
Ukuphequlula nge-Windows Explorer kusivumela ukuthi sibone ukuba khona kwefolda okwabelwana ngayo, kodwa i-akhawunti yethu yamanje ayikwazi ukuyithola (mhlawumbe sinamalungelo okufakwa ohlwini kuphela).
Isinyathelo sesi-3: Funda ama-ACL
Manje, kumsingathi wethu we-HUB-FILER kanye nesabelo esiqondiwe, singasebenzisa umbhalo we-PowerShell ukuze sithole i-ACL. Singakwenza lokhu ngomshini wendawo, njengoba sesivele sinamalungelo omlawuli wendawo:
(get-acl hub-filershare).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags βauto
Umphumela wokwenza:
Kuyo siyabona ukuthi iqembu labasebenzisi besizinda linokufinyelela kuphela ohlwini, kodwa iqembu le-Helpdesk nalo linamalungelo okushintsha.
Isinyathelo sesi-4: Ubunikazi be-akhawunti
Ukugijima
Get-ADGroupMember -identity Helpdesk
Kulolu hlu sibona i-akhawunti yekhompyutha esesivele siyihlonze futhi esesivele siyitholile:
Isinyathelo sesi-5: Sebenzisa i-PSExec ukuze uqalise njenge-akhawunti yekhompyutha
PsExec.exe -s -i cmd.exe
Nokho, usukwazi ukufinyelela ngokugcwele ifolda eqondiwe ethi HUB-FILERshareHR, njengoba usebenza kumongo we-akhawunti yekhompyutha ye-HUB-SHAREPOINT. Futhi ngalokhu kufinyelela, idatha ingakopishelwa kudivayisi yokugcina ephathekayo noma ibuyiswe futhi idluliselwe kunethiwekhi.
Isinyathelo sesi-6: Ukuthola lokhu kuhlasela
Lokhu kuba sengozini yokushuna i-akhawunti ethile (ama-akhawunti ekhompyutha afinyelela amasheya enethiwekhi esikhundleni sama-akhawunti omsebenzisi noma ama-akhawunti wesevisi) angatholwa. Nokho, ngaphandle kwamathuluzi afanele, lokhu kunzima kakhulu ukukwenza.
Ukuthola nokuvimbela lesi sigaba sokuhlasela, singasebenzisa
Isithombe-skrini esingezansi sibonisa isaziso sangokwezifiso esizovutha njalo uma i-akhawunti yekhompyutha ifinyelela idatha kuseva egadiwe.
Izinyathelo ezilandelayo nge-PowerShell
Ufuna ukwazi okwengeziwe? Sebenzisa ikhodi yokuvula "yebhulogi" ukuze ufinyelele ngokugcwele ngokugcwele
Source: www.habr.com