如何使用 Powershell 停用 Windows 远程桌面?
我们所有的测试箱都在虚拟机(Windows Server 2003/08)上运行,测试人员只能通过远程桌面访问它们。
某些维护步骤需要将所有用户踢出系统并停用通过远程桌面的访问。
我开始在 powershell 中编写维护脚本,并正在寻找一种暂时停用远程桌面的方法。这可能吗,有什么直接的解决方案吗?
到目前为止我已经尝试过:
- 一位同事建议关闭 netlogon-service,但我可以 仍然使用远程桌面登录。
- 另一位同事建议禁用端口阻塞
带有防火墙的远程桌面,但不知何故感觉不太好
对我来说是对的(?)因为我不想改变系统的一部分 去影响另一部分。我是不是太挑剔了……? ;)
任何提示都高度赞赏。
干杯, 飞鸟
All our testboxes run on VMs (windows server 2003/08) and testers access them via remote desktop only.
Some maintenance steps require to kick all users from the system and deactivate access via remote desktop.
I started to write the maintenance scripts in powershell and am looking for a way to temporarily deactivate remote desktop. Is that possible, any straight-forward solutions to this?
What I have tried so far:
- A colleague recommended turning-off the netlogon-service, but I can
still logon with remote-desktop. - Another colleague recommended disabling blocking the port for
remote-desktop with the firewall, but somehow that does not feel
right to me (?) because I don't want to change one part of a system
to affect another part. Am I too picky ... ? ;)
Any hints highly appreciated.
Cheers,
Tobi
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
默认情况下,您需要将
值设置为 1 以禁用远程桌面,但需要重新启动。
另一种似乎不需要重新启动的方法(未经测试):
You need to set
value to 1 by default to disable remote desktop but needs to reboot.
Another way that seem not needing reboot (NOT TESTED):
现在我找到了一个非常适合我的解决方案。 Windows Server 2008 附带了一项名为“终端服务服务器耗尽模式"
在激活耗尽模式之前,我确保没有人登录,然后使用以下代码激活耗尽模式:
虽然我正在更改注册表项,但不需要重新启动服务器即可使更改生效。这无需重新启动即可工作。
当我完成维护工作时,我使用“-Value 0”停用排水模式,并且用户可以再次登录。
效果就像一个魅力!
我原来的答案是:
我通过广泛的网络搜索找到的首选解决方案如下(也未经测试):
我发现的其他可能且有趣的代码片段或该主题的变体:
< code>$myWmiObject = Get-WmiObject -namespace “rootCIMV2TerminalServices” -class Win32_Terminal -Computer “ComputerName” -Authentication PacketPrivacy
或
Set-WmiInstance -namespace “rootCIMV2TerminalServices” -class Win32_Terminal -ComputerName “ComputerName” -Authentication PacketPrivacy -Argument @{fEnableTerminal=0}或
Get-WmiObject -ComputerName “ComputerName” -namespace root/cimv2/terminalservices -class Win32_Terminal -身份验证数据包隐私Now I have found a solution that works perfect for me. Windows Server 2008 comes with a feature called "Terminal Services Server Drain Mode"
Before I activate the drain mode I ensure that no one is logged in and then I active the drain mode with the following code:
Although I am changing a registry key, I am not required to reboot the server for the changes to be effective. This works without a reboot.
When I am done performing maintenance work I deactive drain mode with "-Value 0" and users are able to log in again.
Works like a charm!
My original answer was:
My perferred solution that I have found through extensive web search is as follows (also untested):
Other possible and interesting code snippets, or variations on the topic, that I have found:
$myWmiObject = Get-WmiObject -namespace “rootCIMV2TerminalServices” -class Win32_Terminal -Computer “ComputerName” -Authentication PacketPrivacyor
Set-WmiInstance -namespace “rootCIMV2TerminalServices” -class Win32_Terminal -ComputerName “ComputerName” -Authentication PacketPrivacy -Argument @{fEnableTerminal=0}or
Get-WmiObject -ComputerName “ComputerName” -namespace root/cimv2/terminalservices -class Win32_Terminal -Authentication PacketPrivacy我经常使用这个 gWmi 代码:
并用于启用登录
而不是 Invoke-command(),因为 nead RCP 打开,并且默认情况下在 Windows 上禁用 RPC 连接
I use this gWmi code frequently :
and for enable logons
instead of Invoke-command() because nead RCP openned, and RPC connexion are disabled by default on windows
今天早上在寻找其他东西(巧合)我看到了这个:“使用 PowerShell 检查并启用远程桌面"。
摘要:涉及注册表操作。
Looking for something else this morning (coincidentally) I saw this: "Checking and enabling Remote Desktop with PowerShell".
Summary: involves registry manipulation.