Esikhathini esingeside esidlule, senze isixazululo kuseva ye-Windows terminal. Njengenjwayelo, bajikijela izinqamuleli zokuxhuma kumadeskithophu abasebenzi, bathi - sebenza. Kepha abasebenzisi bavele bethuswa yiCybersecurity. Futhi lapho uxhuma kuseva, ubona imilayezo efana nokuthi: “Ingabe uyayethemba le seva? Impela, impela? ”, Besaba futhi baphendukela kithi - kodwa ingabe konke kuhamba kahle, ngingachofoza okuthi KULUNGILE? Khona-ke kwanqunywa ukwenza yonke into kahle, ukuze kungabikho imibuzo noma ukwethuka.
Uma abasebenzisi bakho besaza kuwe benokwesaba okufanayo, futhi ukhathele ukuphawula okuthi “Ungaphinde ubuze” - wamukelekile ngaphansi kwekati.
Isinyathelo esinguziro. Izinkinga Zokuqeqesha Nokwethenjwa
Ngakho, umsebenzisi wethu uchofoza efayeleni elilondoloziwe ngesandiso se-.rdp futhi athole isicelo esilandelayo:
Ukuxhumana okunonya.
Ukuze ususe leli windi, sebenzisa insiza ekhethekile ebizwa RDPSsign.exe. Imibhalo egcwele iyatholakala, njengenjwayelo, kwa , futhi sizohlaziya isibonelo sokusetshenziswa.
Okokuqala sidinga ukuthatha isitifiketi ukuze sisayine ifayela. Angaba:
- Esidlangalaleni.
- Ikhishwe yi-Internal Certificate Authority.
- Uzisayinele ngokuphelele.
Okubaluleke kakhulu ukuthi isitifiketi sinamandla okusayina (yebo, ungakhetha
Ababali be-EDS), kanye nama-PC amakhasimende ayemethemba. Lapha ngizosebenzisa isitifiketi esizisayinele.
Ake ngikukhumbuze ukuthi ukuthembela kusitifiketi esizisayinise ngokwakho kungahlelwa kusetshenziswa izinqubomgomo zeqembu. Imininingwane emincane eyengeziwe - ngaphansi kwe-spoiler.
Usenza Kanjani Isitifiketi Sethenjwa Ngomlingo We-GPO
Okokuqala, udinga ukuthatha isitifiketi esikhona ngaphandle kokhiye oyimfihlo ngefomethi ye-.cer (lokhu kungenziwa ngokukhipha isitifiketi kusuka ku-Snap-in Izitifiketi) futhi usifake kufolda yenethiwekhi efinyeleleka kubasebenzisi ukuze bafunde. Ngemva kwalokho, ungakwazi ukumisa Group Policy.
Ukungenisa isitifiketi kulungiselelwe esigabeni: Ukucushwa Kwekhompyutha - Izinqubomgomo - Ukucushwa KweWindows - Izilungiselelo Zokuphepha - Izinqubomgomo Ezibalulekile Zomphakathi - Iziphathimandla Zokugunyazwa Kwezimpande. Okulandelayo, chofoza kwesokudla ukuze ungenise isitifiketi.
Inqubomgomo emisiwe.
Amakhompiyutha eklayenti manje azosethemba isitifiketi esizisayinele.
Uma izinkinga zokwethenjwa zixazululwa, siya ngqo odabeni lwesiginesha.
Isinyathelo sokuqala. Isayinda ifayela ngokushanela
Kunesitifiketi, manje udinga ukuthola izigxivizo zeminwe zaso. Vele uyivule ku-snap-in "Izitifiketi" bese uyikopisha kuthebhu ethi "Ukwakheka".
Sidinga umbhalo.
Kungcono ukuletha ngokushesha efomini elifanele - izinhlamvu ezinkulu kuphela futhi ngaphandle kwezikhala, uma zikhona. Kulula ukwenza lokhu kukhonsoli ye-PowerShell ngomyalo:
("6b142d74ca7eb9f3d34a2fe16d1b949839dba8fa").ToUpper().Replace(" ","")
Ngemva kokuthola ukuphrinta ngefomethi oyifunayo, ungakwazi ukusayina ngokuphephile ifayela le-rdp:
rdpsign.exe /sha256 6B142D74CA7EB9F3D34A2FE16D1B949839DBA8FA .contoso.rdp
Lapho i-.contoso.rdp iyindlela ephelele noma ehlobene nefayela lethu.
Ngemva kokuba ifayela selisayiniwe, ngeke kusakwazi ukushintsha amanye amapharamitha ngokusebenzisa i-graphical interface, njengegama leseva (ngempela, kungenjalo yini iphuzu lokusayina?) Futhi uma ushintsha izilungiselelo ngomhleli wombhalo, bese isiginesha "iyandiza".
Manje, uma uchofoza kabili kulebula, umlayezo uzohluka:
Umlayezo omusha. Umbala awunabungozi kangako, usuvele uthuthukile.
Asihlukane naye.
Isinyathelo sesibili. Futhi futhi imibuzo yokwethenjwa
Ukuze sisuse lo mlayezo, sidinga futhi inqubomgomo yeqembu. Kulokhu umgwaqo usesigabeni esithi Ukucushwa Kwekhompyutha - Izinqubomgomo - Izifanekiso Zokulawula - Izingxenye Ze-Windows - Amasevisi Edeskithophu Ekude - Iklayenti Lokuxhunywa Kwedeskithophu Ekude - Cacisa izigxivizo zeminwe ze-SHA1 zezitifiketi ezimelela abashicileli abathembekile be-RDP.
Sidinga inqubomgomo.
Kunqubomgomo, kwanele ukwengeza isigxivizo esesivele sijwayelekile kusuka esinyathelweni sangaphambilini.
Kuhle ukuqaphela ukuthi le nqubomgomo ibhala ngaphezulu inqubomgomo ethi "Vumela amafayela e-RDP asuka kubashicileli abavumelekile kanye nenqubomgomo yezilungiselelo ezizenzakalelayo ze-RDP".
Inqubomgomo emisiwe.
Voila, manje ayikho imibuzo engavamile - isicelo sokungena ngemvume kuphela. Hm...
Isinyathelo sesithathu. Ukungena ngemvume okusobala kuseva
Действительно, если мы уже авторизовались при входе на доменный компьютер, то зачем нам вводить повторно тот же логин и пароль? Передадим же учетные данные на сервер «прозрачно». В случае с простым RDP (без использования RDS Gateway) на помощь нам придет… Правильно, групповая политика.
Siya esigabeni: Ukucushwa Kwekhompyutha - Izinqubomgomo - Izifanekiso Zokuphatha - Uhlelo - Ukuphumelela ukuqinisekisa - Vumela ukudluliswa kwemininingwane ezenzakalelayo.
Lapha ungakwazi ukwengeza amaseva adingekayo ohlwini noma usebenzise i-wildcard. Kuzobukeka sengathi TERMSRV/trm.contoso.com noma TERMSRV/*.contoso.com.
Inqubomgomo emisiwe.
Manje, uma sibheka ilebula yethu, izobukeka kanje:
Ungalishintshi igama lomsebenzisi.
Uma i-RDS Gateway isetshenziswa, uzodinga futhi ukuvumela ukudluliswa kwedatha kuyo. Ukuze wenze lokhu, kumphathi we-IIS, udinga ukukhubaza ukuqinisekiswa okungaziwa kokuthi "Izindlela Zokuqinisekisa" futhi unike amandla ukuqinisekiswa kwe-Windows.
i-IIS emisiwe.
Ungakhohlwa ukuqala kabusha izinsiza zewebhu ngomyalo:
iisreset /noforce
Manje konke kuhamba kahle, akukho mibuzo nezicelo.
Abasebenzisi ababhalisiwe kuphela abangabamba iqhaza kuhlolovo. , wamukelekile.
Ngitshele, ingabe uyabasayinela abasebenzisi bakho amalebula e-RDP?
-
43%Cha, baqeqeshelwe ukucindezela okuthi “KULUNGILE” emilayezweni ngaphandle kokufunda, abanye baze bafake amabhokisi okuthi “Ungaphinde ubuze” ngokwabo.28
-
29.2%Ngibeka ngokucophelela ilebula ngezandla zami futhi ngenza ukungena kokuqala kuseva kanye nomsebenzisi ngamunye.19
-
6.1%Yebo, ngithanda yonke into ihlelekile.4
-
21.5%Angisebenzisi amaseva agcinayo.14
Bangu-65 abasebenzisi abavotile. Abasebenzisi abangu-14 bagobile.
Source: www.habr.com