Bengilokhu ngenza ukuhlolwa kokungena ngisebenzisa futhi wayisebenzisela ukukhipha ulwazi lomsebenzisi ku-Active Directory (kamuva ebizwa ngokuthi AD). Ngaleso sikhathi, ngangigcizelela kakhulu ekuqoqeni ulwazi lobulungu beqembu lezokuphepha bese ngisebenzisa lolo lwazi ukuze ngizulazule kuwebhu. Kunoma ikuphi, i-AD iqukethe idatha ebucayi emayelana nabasebenzi, enye yayo okungafanele ngempela itholakale kuwo wonke umuntu enhlanganweni. Eqinisweni, ezinhlelweni zefayela leWindows kukhona okulinganayo , engasetshenziswa futhi ngabahlaseli bangaphakathi nabangaphandle.
Kodwa ngaphambi kokuthi sikhulume ngezinkinga zobumfihlo nendlela yokuzilungisa, ake sibheke idatha egcinwe ku-AD.
I-Active Directory yi-Facebook yebhizinisi
Kodwa kulokhu, usuvele wenze ubungane nawo wonke umuntu! Ungase ungatholi mayelana namamuvi, izincwadi, nezindawo zokudlela eziyintandokazi yozakwenu, kodwa i-AD iqukethe abathintwayo abazwelayo.
idatha kanye neminye imikhakha engasetshenziswa ngabaduni ngisho nabangaphakathi ngaphandle kwamakhono akhethekile obuchwepheshe.
Abaphathi besistimu bajwayelene nesithombe-skrini esingezansi. Lesi isixhumi esibonakalayo se-Active Directory Users and Computers (ADUC) lapho basetha futhi bahlele ulwazi lomsebenzisi futhi babela abasebenzisi emaqenjini afanelekile.
I-AD iqukethe izinkambu zegama lomsebenzi, ikheli, nenombolo yocingo, ngakho kufana nencwadi yocingo. Kodwa kuningi kakhulu! Amanye amathebhu nawo ane-imeyili nekheli lewebhu, umphathi oseduze, namanothi.
Ingabe wonke umuntu enhlanganweni udinga ukubona lolu lwazi, ikakhulukazi eminyakeni yobudala lapho yonke imininingwane emisha yenza ukuthola ulwazi olwengeziwe kube lula nakakhulu?
Vele akunjalo! Inkinga iba nkulu uma imininingwane yabaphathi benkampani itholwa yibo bonke abasebenzi.
I-PowerView yawo wonke umuntu
Yilapho i-PowerView ingena khona. Inikeza isixhumi esibonakalayo esisebenziseka kalula se-PowerShell emisebenzini engaphansi (futhi efiphaziwe) ye-Win32 efinyelela ku-AD. Kafushane:
lokhu kwenza ukuthola izinkambu ze-AD kube lula njengokuthayipha i-cmdlet emfushane kakhulu.
Ake sithathe isibonelo sokuqoqa ulwazi ngesisebenzi sase-Cruella Deville, esingesinye sezikhulu zenkampani. Ukuze wenze lokhu, sebenzisa i-PowerView get-NetUser cmdlet:
Ukufaka i-PowerView akuyona inkinga enkulu - zibonele wena ekhasini . Futhi okubaluleke nakakhulu, awudingi amalungelo aphezulu ukuze usebenzise imiyalo eminingi ye-PowerView efana ne-get-NetUser. Ngale ndlela, isisebenzi esigqugquzelekile kodwa esingenalwazi lwezobuchwepheshe kakhulu singaqala ukubhuqa nge-AD kalula.
Kungabonakala kusithombe-skrini esingenhla ukuthi umuntu ongaphakathi angafunda ngokushesha okuningi nge-Cruella. Ingabe uqaphele futhi ukuthi inkambu "yolwazi" iveza ulwazi mayelana nemikhuba yomuntu siqu kanye nephasiwedi?
Lokhu akuyona into engenzeka ithiyori. Kusuka Ngithole ukuthi baskena i-AD ukuze bathole amaphasiwedi ombhalo ocacile, futhi ngokuvamile le mizamo iba yimpumelelo ngeshwa. Bayazi ukuthi izinkampani zinobudlabha ngolwazi lwe-AD futhi ngokuvamile azisazi isihloko esilandelayo, izimvume ze-AD.
I-Active Directory inama-ACL ayo
I-interface yabasebenzisi be-AD namakhompiyutha ikuvumela ukuthi usethe izimvume ezintweni ze-AD. Ama-ACL akhona ngo-AD, futhi abalawuli banganikeza noma banqabele ukufinyelela ngawo. Udinga ukuchofoza okuthi "Okuthuthukile" kumenyu yokubuka i-ADUC bese kuthi lapho uvula umsebenzisi uzobona ithebhu "Yokuvikeleka" lapho usethe khona i-ACL.
Esimeni sami se-Cruella, bengingafuni ukuthi bonke Abasebenzisi Abagunyazwe Babone imininingwane yakhe siqu, ngakho ngibenqabele ukufinyelela kokufunda:
Futhi manje umsebenzisi ojwayelekile uzobona lokhu uma ezama i-Get-NetUser ku-PowerView:
Ngikwazile ukufihla imininingwane ewusizo ngokusobala emehlweni okubuka. Ukuze ngiyigcine ifinyeleleka kubasebenzisi abafanelekile, ngidale enye i-ACL ukuze ngivumele amalungu eqembu le-VIP (u-Cruella nabanye ozakwabo abasezikhundleni eziphezulu) ukuthi bafinyelele le datha ebucayi. Ngamanye amazwi, ngisebenzise izimvume ze-AD ezisekelwe endimeni, ezenza idatha ebucayi ingafinyeleleki kubasebenzi abaningi, kuhlanganise nabangaphakathi.
Nokho, ungenza ubulungu beqembu bungabonakali kubasebenzisi ngokusetha i-ACL efanelekile entweni yeqembu ngo-AD. Lokhu kuzosiza mayelana nobumfihlo nokuvikeleka.
Kweyakhe Ngikubonise ukuthi ungazulazula kanjani ohlelweni ngokuhlola ubulungu beqembu usebenzisa i-PowerViews Get-NetGroupMember. Esimeni sami, ngikhawule ukufinyelela kokufunda ebulungwini beqembu elithile. Ungabona umphumela wokusebenzisa umyalo ngaphambi nangemva kwezinguquko:
Ngikwazile ukufihla ubulungu be-Cruella ne-Monty Burns eqenjini le-VIP, okwenze kwaba nzima kubageli nabangaphakathi ukuthi bahlole ingqalasizinda.
Lokhu okuthunyelwe bekwenzelwe ukukugqugquzela ukuthi ubhekisise izinkambu
AD nezimvume ezihlobene. I-AD iyinsiza enkulu, kodwa cabanga ukuthi ubungenza kanjani
bengifuna ukwabelana ngolwazi oluyimfihlo nedatha yomuntu siqu, ikakhulukazi
uma kukhulunywa ngabantu bokuqala benhlangano yakho.
Source: www.habr.com