zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

RDS GPO

Browse source
This commit is contained in:
vfedosevich 2015-04-07 02:36:13 -07:00
parent 44587a35c8
commit b97b85a358
1 changed files with 29 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

27
WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs
View file

@ -1200,6 +1200,25 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
}
}
private void CheckPolicySecurityFiltering(Runspace runspace, string gpoName, DirectoryEntry collectionComputersEntry)
{
var scripts = new List<string>{
string.Format("Get-GPPermissions -Name {0} -TargetName {1} -TargetType group", gpoName, string.Format("'{0}'", ActiveDirectoryUtils.GetADObjectProperty(collectionComputersEntry, "sAMAccountName").ToString()))
};
object[] errors = null;
ExecuteRemoteShellCommand(runspace, PrimaryDomainController, scripts, out errors);
if (errors != null && errors.Any())
{
scripts = new List<string>{
string.Format("Set-GPPermissions -Name {0} -PermissionLevel gpoapply -TargetName {1} -TargetType group", gpoName, string.Format("'{0}'", ActiveDirectoryUtils.GetADObjectProperty(collectionComputersEntry, "sAMAccountName").ToString()))
};
}
ExecuteRemoteShellCommand(runspace, PrimaryDomainController, scripts, out errors);
}
private void SetPowershellPermissions(Runspace runspace, RdsServerSetting setting, string usersGpo, string administratorsGpo)
{
if (setting != null)
@ -1316,6 +1335,10 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
SetPolicyPermissions(runspace, gpoName, entry, collectionComputersEntry);
SetRegistryValue(runspace, RDSSessionGpoKey, gpoName, "2", RDSSessionGpoValueName, "DWord");
}
else
{
CheckPolicySecurityFiltering(runspace, gpoName, collectionComputersEntry);
}
}
private string CreatePolicy(Runspace runspace, string organizationId, string gpoName, DirectoryEntry entry, DirectoryEntry collectionComputersEntry, string collectionName)
@ -1327,6 +1350,10 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
gpoId = CreateAndLinkPolicy(runspace, gpoName, organizationId, collectionName);
SetPolicyPermissions(runspace, gpoName, entry, collectionComputersEntry);
}
else
{
CheckPolicySecurityFiltering(runspace, gpoName, collectionComputersEntry);
}
return gpoId;
}