Negar logon na área de trabalho remota via powershell

0

Eu tenho que negar logon através do windows RDP. Eu sei, eu posso fazer isso por gpedit.msc em

 Computer Configuration --> Windows Settings --> Security Settings -->        
 Local Policies --> User rights assignment 

Mas eu tenho que fazer isso pelo powershell.

É possível?

    
por arhu 23.02.2018 / 10:10

1 resposta

0

Mas por que não usar apenas o GPO?

Se esse é um ambiente corporativo, é por isso que está lá e a maneira recomendada de fazer esse tipo de coisa e muito do gerenciamento central corporativo do Windows. Oh, bem, as organizações têm suas razões para o que as coisas são.

De qualquer forma, existem muitos recursos e exemplos sobre como fazer isso em toda a web. Usando você postar título em qualquer mecanismo de pesquisa, retornaria muitos acessos sobre o assunto.

Por exemplo:

MS PowerShell gallery scritps

Get, Set, Remove NT Rights Privileges for example, adding "Logon As Service" right to User Account. Get, Set, Remove NT Rights Privileges on local and remote computers

https://gallery.technet.microsoft.com/Get-Set-Remove-NT-Rights-0a8a36db

How to Remotely Enable and Disable (RDP) Remote Desktop

By default on a Windows Server Product Windows Remote Management (WinRM) is enabled, but Remote Desktop (RDP) is Disabled. On workstation operating systems neither is enabled by default, so if you want to be able to accomplish the following you will need to enable WinRM on the workstations.

https://www.interfacett.com/blogs/how-to-remotely-enable-and-disable-rdp-remote-desktop/

How to enable Remote Desktop using Powershell

If you are using Windows 2012 R2 Core or if you just like using Powershell, then you may want to know how to enable Remote Desktop.

To do this, you should go into your Core server where you should see a command box. In here, type in Powershell and press enter. This will open up the Powershell console for you to use.

https://blog.techygeekshome.info/2014/07/how-to-enable-remote-desktop-using-powershell

PowerShell Problem Solver: Active Directory Remote Desktop Settings

During my recent PowerShell workshop in Finland, an attendee asked about Active Directory cmdlets from Microsoft in regards to remote desktop user settings. Although you can readily see the settings in Active Directory Users and Computers, Get-ADUser doesn’t retrieve them. I haven’t worked with Remote Desktop Services in quite a while, but I told him I’d look into this long-standing problem.

https://www.petri.com/powershell-problem-solver-active-directory-remote-desktop-settings

Depois, há a ferramenta NTRights do WiNTResKit.

The Microsoft® Windows® Server 2003 Resource Kit Tools are a set of tools to help administrators streamline management tasks such as troubleshooting operating system issues, managing Active Directory®, configuring networking and security features, and automating application deployment.

https://www.microsoft.com/en-us/download/details.aspx?id=1765

Sim, e todas as ferramentas do Reskit ainda funcionam, mesmo no Win01 / WS2K16.

Então, fazendo algo assim ...

$ADUser = [ADSI]"LDAP://CN=UserName,OU=Users,DC=TestDomain,DC=com"
$ADUser.SamAccountName #to check the account
$ADUser.psbase.invokeSet("allowLogon",0)
$ADUser.setinfo()
    
por 25.02.2018 / 01:24