zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

RDS GPO

Browse source
This commit is contained in:
vfedosevich 2015-04-07 02:36:13 -07:00
parent 44587a35c8
commit b97b85a358
1 changed files with 29 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

31
WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs
View file

@ -1144,14 +1144,14 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
try try
{ {
runspace = OpenRunspace(); runspace = OpenRunspace();
string collectionComputersPath = GetComputerGroupPath(organizationId, collectionName); string collectionComputersPath = GetComputerGroupPath(organizationId, collectionName);
CreatePolicy(runspace, organizationId, string.Format("{0}-administrators", collectionName), CreatePolicy(runspace, organizationId, string.Format("{0}-administrators", collectionName),
new DirectoryEntry(GetGroupPath(organizationId, collectionName, GetLocalAdminsGroupName(collectionName))), new DirectoryEntry(collectionComputersPath), collectionName); new DirectoryEntry(GetGroupPath(organizationId, collectionName, GetLocalAdminsGroupName(collectionName))), new DirectoryEntry(collectionComputersPath), collectionName);
CreatePolicy(runspace, organizationId, string.Format("{0}-users", collectionName), CreatePolicy(runspace, organizationId, string.Format("{0}-users", collectionName),
new DirectoryEntry(GetUsersGroupPath(organizationId, collectionName)), new DirectoryEntry(collectionComputersPath), collectionName); new DirectoryEntry(GetUsersGroupPath(organizationId, collectionName)), new DirectoryEntry(collectionComputersPath), collectionName);
CreateHelpDeskPolicy(runspace, new DirectoryEntry(GetHelpDeskGroupPath(RDSHelpDeskGroup)), new DirectoryEntry(collectionComputersPath), organizationId, collectionName); CreateHelpDeskPolicy(runspace, new DirectoryEntry(GetHelpDeskGroupPath(RDSHelpDeskGroup)), new DirectoryEntry(collectionComputersPath), organizationId, collectionName);
RemoveRegistryValue(runspace, ScreenSaverGpoKey, administratorsGpo); RemoveRegistryValue(runspace, ScreenSaverGpoKey, administratorsGpo);
RemoveRegistryValue(runspace, ScreenSaverGpoKey, usersGpo); RemoveRegistryValue(runspace, ScreenSaverGpoKey, usersGpo);
RemoveRegistryValue(runspace, RemoveRestartGpoKey, administratorsGpo); RemoveRegistryValue(runspace, RemoveRestartGpoKey, administratorsGpo);
@ -1200,6 +1200,25 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
} }
} }
private void CheckPolicySecurityFiltering(Runspace runspace, string gpoName, DirectoryEntry collectionComputersEntry)
{
var scripts = new List<string>{
string.Format("Get-GPPermissions -Name {0} -TargetName {1} -TargetType group", gpoName, string.Format("'{0}'", ActiveDirectoryUtils.GetADObjectProperty(collectionComputersEntry, "sAMAccountName").ToString()))
};
object[] errors = null;
ExecuteRemoteShellCommand(runspace, PrimaryDomainController, scripts, out errors);
if (errors != null && errors.Any())
{
scripts = new List<string>{
string.Format("Set-GPPermissions -Name {0} -PermissionLevel gpoapply -TargetName {1} -TargetType group", gpoName, string.Format("'{0}'", ActiveDirectoryUtils.GetADObjectProperty(collectionComputersEntry, "sAMAccountName").ToString()))
};
}
ExecuteRemoteShellCommand(runspace, PrimaryDomainController, scripts, out errors);
}
private void SetPowershellPermissions(Runspace runspace, RdsServerSetting setting, string usersGpo, string administratorsGpo) private void SetPowershellPermissions(Runspace runspace, RdsServerSetting setting, string usersGpo, string administratorsGpo)
{ {
if (setting != null) if (setting != null)
@ -1316,6 +1335,10 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
SetPolicyPermissions(runspace, gpoName, entry, collectionComputersEntry); SetPolicyPermissions(runspace, gpoName, entry, collectionComputersEntry);
SetRegistryValue(runspace, RDSSessionGpoKey, gpoName, "2", RDSSessionGpoValueName, "DWord"); SetRegistryValue(runspace, RDSSessionGpoKey, gpoName, "2", RDSSessionGpoValueName, "DWord");
} }
else
{
CheckPolicySecurityFiltering(runspace, gpoName, collectionComputersEntry);
}
} }
private string CreatePolicy(Runspace runspace, string organizationId, string gpoName, DirectoryEntry entry, DirectoryEntry collectionComputersEntry, string collectionName) private string CreatePolicy(Runspace runspace, string organizationId, string gpoName, DirectoryEntry entry, DirectoryEntry collectionComputersEntry, string collectionName)
@ -1327,6 +1350,10 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
gpoId = CreateAndLinkPolicy(runspace, gpoName, organizationId, collectionName); gpoId = CreateAndLinkPolicy(runspace, gpoName, organizationId, collectionName);
SetPolicyPermissions(runspace, gpoName, entry, collectionComputersEntry); SetPolicyPermissions(runspace, gpoName, entry, collectionComputersEntry);
} }
else
{
CheckPolicySecurityFiltering(runspace, gpoName, collectionComputersEntry);
}
return gpoId; return gpoId;
} }