zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

RDS GPO

Browse source
This commit is contained in:
vfedosevich 2015-03-27 05:14:53 -07:00
parent 492c0289f6
commit dd5fc131bc
15 changed files with 556 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

11
WebsitePanel/Database/update_db.sql
View file

@ -9371,6 +9371,17 @@ AS
WHERE RDSServerId = @ServerId AND SettingsName = @SettingsName
GO
IF EXISTS (SELECT * FROM SYS.OBJECTS WHERE type = 'P' AND name = 'DeleteRDSServerSettings')
DROP PROCEDURE DeleteRDSServerSettings
GO
CREATE PROCEDURE DeleteRDSServerSettings
(
@ServerId int
)
AS
DELETE FROM RDSServerSettings WHERE RDSServerId = @ServerId
GO
IF EXISTS (SELECT * FROM SYS.OBJECTS WHERE type = 'P' AND name = 'UpdateRDSServerSettings')
DROP PROCEDURE UpdateRDSServerSettings

6
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Base/WebsitePanel.EnterpriseServer.Base.csproj
View file

@ -134,8 +134,6 @@
<Compile Include="Packages\PackageSettings.cs" />
<Compile Include="Packages\PackageStatus.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="RDS\RdsServerSetting.cs" />
<Compile Include="RDS\RdsServerSettings.cs" />
<Compile Include="Reports\OverusageReport.custom.cs">
<SubType>Component</SubType>
</Compile>
@ -244,7 +242,9 @@
<Install>true</Install>
</BootstrapperPackage>
</ItemGroup>
<ItemGroup />
<ItemGroup>
<Folder Include="RDS\" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
Other similar extension points exist, see Microsoft.Common.targets.

4
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Client/RemoteDesktopServicesProxy.cs
View file

@ -18,10 +18,10 @@ namespace WebsitePanel.EnterpriseServer {
using System.Web.Services.Protocols;
using System;
using System.Diagnostics;
using WebsitePanel.Providers.HostedSolution;
using WebsitePanel.Providers.RemoteDesktopServices;
using WebsitePanel.EnterpriseServer.Base.RDS;
using WebsitePanel.Providers.Common;
using WebsitePanel.Providers.HostedSolution;
using WebsitePanel.EnterpriseServer.Base.RDS;
/// <remarks/>

10
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/Data/DataProvider.cs
View file

@ -4939,6 +4939,16 @@ namespace WebsitePanel.EnterpriseServer
);
}
public static void DeleteRDSServerSettings(int serverId)
{
SqlHelper.ExecuteNonQuery(
ConnectionString,
CommandType.StoredProcedure,
"DeleteRDSServerSettings",
new SqlParameter("@ServerId", serverId)
);
}
public static void DeleteRDSCollection(int id)
{
SqlHelper.ExecuteNonQuery(

87
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/RemoteDesktopServices/RemoteDesktopServicesController.cs
View file

@ -345,8 +345,8 @@ namespace WebsitePanel.EnterpriseServer
{
PropertyName = (string)reader["PropertyName"],
PropertyValue = (string)reader["PropertyValue"],
ApplyAdministrators = Convert.ToBoolean("ApplyAdministrators"),
ApplyUsers = Convert.ToBoolean("ApplyUsers")
ApplyAdministrators = Convert.ToBoolean(reader["ApplyAdministrators"]),
ApplyUsers = Convert.ToBoolean(reader["ApplyUsers"])
});
}
@ -361,6 +361,10 @@ namespace WebsitePanel.EnterpriseServer
try
{
var collection = ObjectUtils.FillObjectFromDataReader<RdsCollection>(DataProvider.GetRDSCollectionById(serverId));
var rds = GetRemoteDesktopServices(GetRdsServiceId(collection.ItemId));
rds.ApplyGPO(collection.Name, settings);
XmlDocument doc = new XmlDocument();
XmlElement nodeProps = doc.CreateElement("properties");
@ -378,6 +382,7 @@ namespace WebsitePanel.EnterpriseServer
}
string xml = nodeProps.OuterXml;
DataProvider.UpdateRdsServerSettings(serverId, settingsName, xml);
return 0;
@ -742,7 +747,8 @@ namespace WebsitePanel.EnterpriseServer
AuthenticateUsingNLA = true
};
rds.CreateCollection(org.OrganizationId, collection);
rds.CreateCollection(org.OrganizationId, collection);
rds.ApplyGPO(collection.Name, GetDefaultGpoSettings());
collection.Id = DataProvider.AddRDSCollection(itemId, collection.Name, collection.Description, collection.DisplayName);
collection.Settings.RdsCollectionId = collection.Id;
@ -915,6 +921,7 @@ namespace WebsitePanel.EnterpriseServer
var servers = ObjectUtils.CreateListFromDataReader<RdsServer>(DataProvider.GetRDSServersByCollectionId(collection.Id)).ToArray();
rds.RemoveCollection(org.OrganizationId, collection.Name, servers);
DataProvider.DeleteRDSServerSettings(collection.Id);
DataProvider.DeleteRDSCollection(collection.Id);
}
catch (Exception ex)
@ -1351,7 +1358,7 @@ namespace WebsitePanel.EnterpriseServer
var rds = GetRemoteDesktopServices(GetRemoteDesktopServiceID(org.PackageId));
RdsServer rdsServer = GetRdsServer(serverId);
RdsServer rdsServer = GetRdsServer(serverId);
rds.MoveRdsServerToTenantOU(rdsServer.FqdName, org.OrganizationId);
DataProvider.AddRDSServerToOrganization(itemId, serverId);
}
@ -2021,5 +2028,77 @@ namespace WebsitePanel.EnterpriseServer
return PackageController.EvaluateTemplate(template, items);
}
private static RdsServerSettings GetDefaultGpoSettings()
{
var defaultSettings = UserController.GetUserSettings(SecurityContext.User.UserId, UserSettings.RDS_POLICY);
var settings = new RdsServerSettings();
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.LOCK_SCREEN_TIMEOUT,
PropertyValue = defaultSettings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_VALUE],
ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_ADMINISTRATORS]),
ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_USERS])
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.REMOVE_RUN_COMMAND,
PropertyValue = "",
ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_RUN_COMMAND_ADMINISTRATORS]),
ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_RUN_COMMAND_USERS])
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.REMOVE_POWERSHELL_COMMAND,
PropertyValue = "",
ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_POWERSHELL_COMMAND_ADMINISTRATORS]),
ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_POWERSHELL_COMMAND_USERS])
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.HIDE_C_DRIVE,
PropertyValue = "",
ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.HIDE_C_DRIVE_ADMINISTRATORS]),
ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.HIDE_C_DRIVE_USERS])
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.REMOVE_SHUTDOWN_RESTART,
PropertyValue = "",
ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_SHUTDOWN_RESTART_ADMINISTRATORS]),
ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.REMOVE_SHUTDOWN_RESTART_USERS])
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.DISABLE_TASK_MANAGER,
PropertyValue = "",
ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.DISABLE_TASK_MANAGER_ADMINISTRATORS]),
ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.DISABLE_TASK_MANAGER_USERS])
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.CHANGE_DESKTOP_DISABLED,
PropertyValue = "",
ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.CHANGE_DESKTOP_DISABLED_ADMINISTRATORS]),
ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.CHANGE_DESKTOP_DISABLED_USERS])
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.SCREEN_SAVER_DISABLED,
PropertyValue = "",
ApplyAdministrators = Convert.ToBoolean(defaultSettings[RdsServerSettings.SCREEN_SAVER_DISABLED_ADMINISTRATORS]),
ApplyUsers = Convert.ToBoolean(defaultSettings[RdsServerSettings.SCREEN_SAVER_DISABLED_USERS])
});
return settings;
}
}
}

2
WebsitePanel/Sources/WebsitePanel.Providers.Base/RemoteDesktopServices/IRemoteDesktopServices.cs
View file

@ -31,6 +31,7 @@ using System.Collections;
using System.Collections.Generic;
using System.Net;
using System.Net.Sockets;
using WebsitePanel.EnterpriseServer.Base.RDS;
using WebsitePanel.Providers.HostedSolution;
namespace WebsitePanel.Providers.RemoteDesktopServices
@ -80,5 +81,6 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
void RemoveRdsServerFromTenantOU(string hostName, string organizationId);
void InstallCertificate(byte[] certificate, string password, List<string> hostNames);
void MoveSessionHostToRdsOU(string hostName);
void ApplyGPO(string collectionName, RdsServerSettings serverSettings);
}
}

0
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Base/RDS/RdsServerSetting.cs → WebsitePanel/Sources/WebsitePanel.Providers.Base/RemoteDesktopServices/RdsServerSetting.cs
View file

12
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Base/RDS/RdsServerSettings.cs → WebsitePanel/Sources/WebsitePanel.Providers.Base/RemoteDesktopServices/RdsServerSettings.cs
View file

@ -10,7 +10,17 @@ namespace WebsitePanel.EnterpriseServer.Base.RDS
public class RdsServerSettings
{
private List<RdsServerSetting> settings = null;
public const string LOCK_SCREEN_TIMEOUT = "LockScreenTimeout";
public const string REMOVE_RUN_COMMAND = "RemoveRunCommand";
public const string REMOVE_POWERSHELL_COMMAND = "RemovePowershellCommand";
public const string HIDE_C_DRIVE = "HideCDrive";
public const string REMOVE_SHUTDOWN_RESTART = "RemoveShutdownRestart";
public const string DISABLE_TASK_MANAGER = "DisableTaskManager";
public const string CHANGE_DESKTOP_DISABLED = "ChangingDesktopDisabled";
public const string SCREEN_SAVER_DISABLED = "ScreenSaverDisabled";
public const string DRIVE_SPACE_THRESHOLD = "DriveSpaceThreshold";
public const string LOCK_SCREEN_TIMEOUT_VALUE = "LockScreenTimeoutValue";
public const string LOCK_SCREEN_TIMEOUT_ADMINISTRATORS = "LockScreenTimeoutAdministrators";
public const string LOCK_SCREEN_TIMEOUT_USERS = "LockScreenTimeoutUsers";

2
WebsitePanel/Sources/WebsitePanel.Providers.Base/WebsitePanel.Providers.Base.csproj
View file

@ -138,6 +138,8 @@
<Compile Include="RemoteDesktopServices\RdsServer.cs" />
<Compile Include="RemoteDesktopServices\RdsServerDriveInfo.cs" />
<Compile Include="RemoteDesktopServices\RdsServerInfo.cs" />
<Compile Include="RemoteDesktopServices\RdsServerSetting.cs" />
<Compile Include="RemoteDesktopServices\RdsServerSettings.cs" />
<Compile Include="RemoteDesktopServices\RdsServersPaged.cs" />
<Compile Include="RemoteDesktopServices\RdsUserSession.cs" />
<Compile Include="RemoteDesktopServices\RemoteApplication.cs" />

250
WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs
View file

@ -50,6 +50,8 @@ using System.Collections.ObjectModel;
using System.DirectoryServices;
using System.Security.Cryptography.X509Certificates;
using System.Collections;
using System.Xml;
using WebsitePanel.EnterpriseServer.Base.RDS;
namespace WebsitePanel.Providers.RemoteDesktopServices
@ -79,6 +81,18 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
private const string LocalAdministratorsGroupName = "Administrators";
private const string RDSHelpDeskRdRapPolicyName = "RDS-HelpDesk-RDRAP";
private const string RDSHelpDeskRdCapPolicyName = "RDS-HelpDesk-RDCAP";
private const string ScreenSaverGpoKey = @"HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop";
private const string ScreenSaverValueName = "ScreenSaveActive";
private const string ScreenSaverTimeoutGpoKey = @"HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop";
private const string ScreenSaverTimeoutValueName = "ScreenSaveTimeout";
private const string RemoveRestartGpoKey = @"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer";
private const string RemoveRestartGpoValueName = "NoClose";
private const string RemoveRunGpoKey = @"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer";
private const string RemoveRunGpoValueName = "NoRun";
private const string DisableTaskManagerGpoKey = @"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System";
private const string DisableTaskManagerGpoValueName = "DisableTaskMgr";
private const string HideCDriveGpoKey = @"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer";
private const string HideCDriveGpoValueName = "NoDrives";
#endregion
@ -349,11 +363,14 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
//add session servers to group
foreach (var rdsServer in collection.Servers)
{
MoveRdsServerToTenantOU(rdsServer.Name, organizationId);
MoveSessionHostToCollectionOU(rdsServer.Name, collection.Name, organizationId);
AddAdGroupToLocalAdmins(runSpace, rdsServer.FqdName, helpDeskGroupSamAccountName);
AddAdGroupToLocalAdmins(runSpace, rdsServer.FqdName, localAdminsGroupSamAccountName);
AddComputerToCollectionAdComputerGroup(organizationId, collection.Name, rdsServer);
}
CreatePolicy(runSpace, organizationId, string.Format("{0}-administrators", collection.Name), new DirectoryEntry(GetGroupPath(organizationId, collection.Name, GetLocalAdminsGroupName(collection.Name))), collection.Name);
CreatePolicy(runSpace, organizationId, string.Format("{0}-users", collection.Name), new DirectoryEntry(GetUsersGroupPath(organizationId, collection.Name)), collection.Name);
}
finally
{
@ -361,7 +378,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
}
return result;
}
}
public void EditRdsCollectionSettings(RdsCollection collection)
{
@ -497,6 +514,8 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
ExecuteShellCommand(runSpace, cmd, false);
DeleteGpo(runSpace, string.Format("{0}-administrators", collectionName));
DeleteGpo(runSpace, string.Format("{0}-users", collectionName));
var capPolicyName = GetPolicyName(organizationId, collectionName, RdsPolicyTypes.RdCap);
var rapPolicyName = GetPolicyName(organizationId, collectionName, RdsPolicyTypes.RdRap);
@ -519,11 +538,13 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
{
RemoveGroupFromLocalAdmin(server.FqdName, server.Name, GetLocalAdminsGroupName(collectionName), runSpace);
RemoveComputerFromCollectionAdComputerGroup(organizationId, collectionName, server);
MoveRdsServerToTenantOU(server.Name, organizationId);
}
ActiveDirectoryUtils.DeleteADObject(GetComputerGroupPath(organizationId, collectionName));
ActiveDirectoryUtils.DeleteADObject(GetUsersGroupPath(organizationId, collectionName));
ActiveDirectoryUtils.DeleteADObject(GetGroupPath(organizationId, collectionName, GetLocalAdminsGroupName(collectionName)));
ActiveDirectoryUtils.DeleteADObject(GetGroupPath(organizationId, collectionName, GetLocalAdminsGroupName(collectionName)));
ActiveDirectoryUtils.DeleteADObject(GetCollectionOUPath(organizationId, string.Format("{0}-OU", collectionName)));
}
catch (Exception e)
{
@ -624,6 +645,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
RemoveGroupFromLocalAdmin(server.FqdName, server.Name, GetLocalAdminsGroupName(collectionName), runSpace);
RemoveComputerFromCollectionAdComputerGroup(organizationId, collectionName, server);
MoveRdsServerToTenantOU(server.Name, organizationId);
}
finally
{
@ -1092,6 +1114,186 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
#endregion
#region GPO
public void ApplyGPO(string collectionName, RdsServerSettings serverSettings)
{
string administratorsGpo = string.Format("{0}-administrators", collectionName);
string usersGpo = string.Format("{0}-users", collectionName);
Runspace runspace = null;
try
{
runspace = OpenRunspace();
RemoveRegistryValue(runspace, ScreenSaverGpoKey, administratorsGpo);
RemoveRegistryValue(runspace, ScreenSaverGpoKey, usersGpo);
RemoveRegistryValue(runspace, RemoveRestartGpoKey, administratorsGpo);
RemoveRegistryValue(runspace, RemoveRestartGpoKey, usersGpo);
RemoveRegistryValue(runspace, DisableTaskManagerGpoKey, administratorsGpo);
RemoveRegistryValue(runspace, DisableTaskManagerGpoKey, usersGpo);
var setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.SCREEN_SAVER_DISABLED));
SetRegistryValue(setting, runspace, ScreenSaverGpoKey, administratorsGpo, usersGpo, ScreenSaverValueName, "0", "string");
setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.REMOVE_SHUTDOWN_RESTART));
SetRegistryValue(setting, runspace, RemoveRestartGpoKey, administratorsGpo, usersGpo, RemoveRestartGpoValueName, "1", "DWord");
setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.REMOVE_RUN_COMMAND));
SetRegistryValue(setting, runspace, RemoveRunGpoKey, administratorsGpo, usersGpo, RemoveRunGpoValueName, "1", "DWord");
setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.DISABLE_TASK_MANAGER));
SetRegistryValue(setting, runspace, DisableTaskManagerGpoKey, administratorsGpo, usersGpo, DisableTaskManagerGpoValueName, "1", "DWord");
setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.HIDE_C_DRIVE));
SetRegistryValue(setting, runspace, HideCDriveGpoKey, administratorsGpo, usersGpo, HideCDriveGpoValueName, "4", "DWord");
setting = serverSettings.Settings.First(s => s.PropertyName.Equals(RdsServerSettings.LOCK_SCREEN_TIMEOUT));
double result;
if (!string.IsNullOrEmpty(setting.PropertyValue) && double.TryParse(setting.PropertyValue, out result))
{
SetRegistryValue(setting, runspace, ScreenSaverTimeoutGpoKey, administratorsGpo, usersGpo, ScreenSaverTimeoutValueName, setting.PropertyValue, "string");
}
}
finally
{
CloseRunspace(runspace);
}
}
private void RemoveRegistryValue(Runspace runspace, string key, string gpoName)
{
Command cmd = new Command("Remove-GPRegistryValue");
cmd.Parameters.Add("Name", gpoName);
cmd.Parameters.Add("Key", string.Format("\"{0}\"", key));
Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
}
private void SetRegistryValue(RdsServerSetting setting, Runspace runspace, string key, string administratorsGpo, string usersGpo, string valueName, string value, string type)
{
if (setting.ApplyAdministrators)
{
SetRegistryValue(runspace, key, administratorsGpo, value, valueName, type);
}
if (setting.ApplyUsers)
{
SetRegistryValue(runspace, key, usersGpo, value, valueName, type);
}
}
private void SetRegistryValue(Runspace runspace, string key, string gpoName, string value, string valueName, string type)
{
Command cmd = new Command("Set-GPRegistryValue");
cmd.Parameters.Add("Name", gpoName);
cmd.Parameters.Add("Key", string.Format("\"{0}\"", key));
cmd.Parameters.Add("Value", value);
cmd.Parameters.Add("ValueName", valueName);
cmd.Parameters.Add("Type", type);
Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
}
private string CreatePolicy(Runspace runspace, string organizationId, string gpoName, DirectoryEntry entry, string collectionName)
{
string gpoId = GetPolicyId(runspace, gpoName);
if (string.IsNullOrEmpty(gpoId))
{
gpoId = CreateAndLinkPolicy(runspace, gpoName, organizationId, collectionName);
SetPolicyPermissions(runspace, gpoName, entry);
}
return gpoId;
}
private void DeleteGpo(Runspace runspace, string gpoName)
{
Command cmd = new Command("Remove-GPO");
cmd.Parameters.Add("Name", gpoName);
Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
}
private void SetPolicyPermissions(Runspace runspace, string gpoName, DirectoryEntry entry)
{
var scripts = new List<string>
{
string.Format("Set-GPPermissions -Name {0} -Replace -PermissionLevel None -TargetName 'Authenticated Users' -TargetType group", gpoName),
string.Format("Set-GPPermissions -Name {0} -PermissionLevel gpoapply -TargetName {1} -TargetType group", gpoName, string.Format("'{0}'", ActiveDirectoryUtils.GetADObjectProperty(entry, "sAMAccountName").ToString()))
};
object[] errors = null;
ExecuteRemoteShellCommand(runspace, PrimaryDomainController, scripts, out errors);
}
private string CreateAndLinkPolicy(Runspace runspace, string gpoName, string organizationId, string collectionName)
{
string gpoId = null;
try
{
var entry = new DirectoryEntry(GetCollectionOUPath(organizationId, string.Format("{0}-OU", collectionName)));
var distinguishedName = string.Format("\"{0}\"", ActiveDirectoryUtils.GetADObjectProperty(entry, "DistinguishedName"));
Command cmd = new Command("New-GPO");
cmd.Parameters.Add("Name", gpoName);
Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
if (result != null && result.Count > 0)
{
PSObject gpo = result[0];
gpoId = ((Guid)GetPSObjectProperty(gpo, "Id")).ToString("B");
}
cmd = new Command("New-GPLink");
cmd.Parameters.Add("Name", gpoName);
cmd.Parameters.Add("Target", distinguishedName);
ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
}
catch (Exception)
{
gpoId = null;
throw;
}
return gpoId;
}
private string GetPolicyId(Runspace runspace, string gpoName)
{
string gpoId = null;
try
{
Command cmd = new Command("Get-GPO");
cmd.Parameters.Add("Name", gpoName);
Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
if (result != null && result.Count > 0)
{
PSObject gpo = result[0];
gpoId = ((Guid)GetPSObjectProperty(gpo, "Id")).ToString("B");
}
}
catch (Exception)
{
gpoId = null;
throw;
}
return gpoId;
}
#endregion
#region RDS Help Desk
private string GetHelpDeskGroupPath(string groupName)
@ -1463,6 +1665,34 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
}
}
public void MoveSessionHostToCollectionOU(string hostName, string collectionName, string organizationId)
{
if (!string.IsNullOrEmpty(ComputersRootOU))
{
CheckOrCreateComputersRoot(GetComputersRootPath());
}
var computerObject = GetComputerObject(hostName);
string collectionOUName = string.Format("{0}-OU", collectionName);
string collectionOUPath = GetCollectionOUPath(organizationId, collectionOUName);
if (!ActiveDirectoryUtils.AdObjectExists(collectionOUPath))
{
ActiveDirectoryUtils.CreateOrganizationalUnit(collectionOUName, GetOrganizationPath(organizationId));
}
if (computerObject != null)
{
var samName = (string)ActiveDirectoryUtils.GetADObjectProperty(computerObject, "sAMAccountName");
if (!ActiveDirectoryUtils.IsComputerInGroup(samName, collectionOUName))
{
DirectoryEntry group = new DirectoryEntry(collectionOUPath);
computerObject.MoveTo(group);
}
}
}
public void MoveRdsServerToTenantOU(string hostName, string organizationId)
{
var tenantComputerGroupPath = GetTenantComputerGroupPath(organizationId);
@ -1767,6 +1997,20 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
return sb.ToString();
}
private string GetCollectionOUPath(string organizationId, string collectionName)
{
StringBuilder sb = new StringBuilder();
AppendProtocol(sb);
AppendDomainController(sb);
AppendOUPath(sb, collectionName);
AppendOUPath(sb, organizationId);
AppendOUPath(sb, RootOU);
AppendDomainPath(sb, RootDomain);
return sb.ToString();
}
private string GetUserPath(string organizationId, string loginName)
{
StringBuilder sb = new StringBuilder();

53
WebsitePanel/Sources/WebsitePanel.Server.Client/RemoteDesktopServicesProxy.cs
View file

@ -18,6 +18,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices {
using System.Web.Services.Protocols;
using System;
using System.Diagnostics;
using WebsitePanel.EnterpriseServer.Base.RDS;
/// <remarks/>
@ -101,6 +102,8 @@ namespace WebsitePanel.Providers.RemoteDesktopServices {
private System.Threading.SendOrPostCallback MoveSessionHostToRdsOUOperationCompleted;
private System.Threading.SendOrPostCallback ApplyGPOOperationCompleted;
/// <remarks/>
public RemoteDesktopServices() {
this.Url = "http://localhost:9003/RemoteDesktopServices.asmx";
@ -214,6 +217,9 @@ namespace WebsitePanel.Providers.RemoteDesktopServices {
/// <remarks/>
public event MoveSessionHostToRdsOUCompletedEventHandler MoveSessionHostToRdsOUCompleted;
/// <remarks/>
public event ApplyGPOCompletedEventHandler ApplyGPOCompleted;
/// <remarks/>
[System.Web.Services.Protocols.SoapHeaderAttribute("ServiceProviderSettingsSoapHeaderValue")]
[System.Web.Services.Protocols.SoapDocumentMethodAttribute("http://smbsaas/websitepanel/server/CreateCollection", RequestNamespace="http://smbsaas/websitepanel/server/", ResponseNamespace="http://smbsaas/websitepanel/server/", Use=System.Web.Services.Description.SoapBindingUse.Literal, ParameterStyle=System.Web.Services.Protocols.SoapParameterStyle.Wrapped)]
@ -1782,6 +1788,49 @@ namespace WebsitePanel.Providers.RemoteDesktopServices {
}
}
/// <remarks/>
[System.Web.Services.Protocols.SoapHeaderAttribute("ServiceProviderSettingsSoapHeaderValue")]
[System.Web.Services.Protocols.SoapDocumentMethodAttribute("http://smbsaas/websitepanel/server/ApplyGPO", RequestNamespace="http://smbsaas/websitepanel/server/", ResponseNamespace="http://smbsaas/websitepanel/server/", Use=System.Web.Services.Description.SoapBindingUse.Literal, ParameterStyle=System.Web.Services.Protocols.SoapParameterStyle.Wrapped)]
public void ApplyGPO(string collectionName, RdsServerSettings serverSettings) {
this.Invoke("ApplyGPO", new object[] {
collectionName,
serverSettings});
}
/// <remarks/>
public System.IAsyncResult BeginApplyGPO(string collectionName, RdsServerSettings serverSettings, System.AsyncCallback callback, object asyncState) {
return this.BeginInvoke("ApplyGPO", new object[] {
collectionName,
serverSettings}, callback, asyncState);
}
/// <remarks/>
public void EndApplyGPO(System.IAsyncResult asyncResult) {
this.EndInvoke(asyncResult);
}
/// <remarks/>
public void ApplyGPOAsync(string collectionName, RdsServerSettings serverSettings) {
this.ApplyGPOAsync(collectionName, serverSettings, null);
}
/// <remarks/>
public void ApplyGPOAsync(string collectionName, RdsServerSettings serverSettings, object userState) {
if ((this.ApplyGPOOperationCompleted == null)) {
this.ApplyGPOOperationCompleted = new System.Threading.SendOrPostCallback(this.OnApplyGPOOperationCompleted);
}
this.InvokeAsync("ApplyGPO", new object[] {
collectionName,
serverSettings}, this.ApplyGPOOperationCompleted, userState);
}
private void OnApplyGPOOperationCompleted(object arg) {
if ((this.ApplyGPOCompleted != null)) {
System.Web.Services.Protocols.InvokeCompletedEventArgs invokeArgs = ((System.Web.Services.Protocols.InvokeCompletedEventArgs)(arg));
this.ApplyGPOCompleted(this, new System.ComponentModel.AsyncCompletedEventArgs(invokeArgs.Error, invokeArgs.Cancelled, invokeArgs.UserState));
}
}
/// <remarks/>
public new void CancelAsync(object userState) {
base.CancelAsync(userState);
@ -2415,4 +2464,8 @@ namespace WebsitePanel.Providers.RemoteDesktopServices {
/// <remarks/>
[System.CodeDom.Compiler.GeneratedCodeAttribute("wsdl", "2.0.50727.3038")]
public delegate void MoveSessionHostToRdsOUCompletedEventHandler(object sender, System.ComponentModel.AsyncCompletedEventArgs e);
/// <remarks/>
[System.CodeDom.Compiler.GeneratedCodeAttribute("wsdl", "2.0.50727.3038")]
public delegate void ApplyGPOCompletedEventHandler(object sender, System.ComponentModel.AsyncCompletedEventArgs e);
}

17
WebsitePanel/Sources/WebsitePanel.Server/RemoteDesktopServices.asmx.cs
View file

@ -43,6 +43,7 @@ using WebsitePanel.Providers.OS;
using WebsitePanel.Providers.RemoteDesktopServices;
using WebsitePanel.Server.Utils;
using WebsitePanel.Providers.HostedSolution;
using WebsitePanel.EnterpriseServer.Base.RDS;
namespace WebsitePanel.Server
{
@ -662,5 +663,21 @@ namespace WebsitePanel.Server
throw;
}
}
[WebMethod, SoapHeader("settings")]
public void ApplyGPO(string collectionName, RdsServerSettings serverSettings)
{
try
{
Log.WriteStart("'{0}' ApplyGPO", ProviderSettings.ProviderName);
RDSProvider.ApplyGPO(collectionName, serverSettings);
Log.WriteEnd("'{0}' ApplyGPO", ProviderSettings.ProviderName);
}
catch (Exception ex)
{
Log.WriteError(String.Format("'{0}' ApplyGPO", ProviderSettings.ProviderName), ex);
throw;
}
}
}
}

1
WebsitePanel/Sources/WebsitePanel.WebPortal/App_Data/ESModule_ControlsHierarchy.config
View file

@ -153,5 +153,6 @@
<Control key="rds_edit_collection_settings" general_key="rds_collections" />
<Control key="rds_collection_user_sessions" general_key="rds_collections" />
<Control key="rds_collection_local_admins" general_key="rds_collections" />
<Control key="rds_collection_user_experience" general_key="rds_collections" />
<Control key="rds_setup_letter" general_key="rds_collections" />
</Controls>

1
WebsitePanel/Sources/WebsitePanel.WebPortal/App_Data/WebsitePanel_Modules.config
View file

@ -584,6 +584,7 @@
<Control key="deleted_user_memberof" src="WebsitePanel/ExchangeServer/OrganizationDeletedUserMemberOf.ascx" title="DeletedUserMemberOf" type="View" />
<Control key="rds_application_edit_users" src="WebsitePanel/RDS/RDSEditApplicationUsers.ascx" title="RDSEditApplicationUsers" type="View" />
<Control key="rds_collection_local_admins" src="WebsitePanel/RDS/RDSLocalAdmins.ascx" title="RDSLocalAdmins" type="View" />
<Control key="rds_collection_user_experience" src="WebsitePanel/RDS/RDSEditUserExperience.ascx" title="RDSEditUserExperience" type="View" />
<Control key="rds_setup_letter" src="WebsitePanel/RDS/RDSSetupLetter.ascx" title="RDSSetupLetter" type="View" />
<Control key="rds_edit_collection" src="WebsitePanel/RDS/RDSEditCollection.ascx" title="RDSEditCollection" type="View" />
<Control key="rds_edit_collection_settings" src="WebsitePanel/RDS/RDSEditCollectionSettings.ascx" title="RDSEditCollectionSettings" type="View" />

138
WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/RDSEditUserExperience.ascx.cs
View file

@ -25,7 +25,7 @@ namespace WebsitePanel.Portal.RDS
{
var serverSettings = ES.Services.RDS.GetRdsServerSettings(PanelRequest.CollectionID, string.Format("Collection-{0}-Settings", PanelRequest.CollectionID));
if (serverSettings == null)
if (serverSettings == null || !serverSettings.Settings.Any())
{
var defaultSettings = ES.Services.Users.GetUserSettings(PanelSecurity.LoggedUserId, UserSettings.RDS_POLICY);
BindDefaultSettings(defaultSettings);
@ -38,35 +38,123 @@ namespace WebsitePanel.Portal.RDS
private void BindSettings(RdsServerSettings settings)
{
var setting = GetServerSetting(settings, RdsServerSettings.LOCK_SCREEN_TIMEOUT);
txtTimeout.Text = setting.PropertyValue;
cbTimeoutAdministrators.Checked = setting.ApplyAdministrators;
cbTimeoutUsers.Checked = setting.ApplyUsers;
setting = GetServerSetting(settings, RdsServerSettings.REMOVE_RUN_COMMAND);
cbRunCommandAdministrators.Checked = setting.ApplyAdministrators;
cbRunCommandUsers.Checked = setting.ApplyUsers;
setting = GetServerSetting(settings, RdsServerSettings.REMOVE_POWERSHELL_COMMAND);
cbPowershellAdministrators.Checked = setting.ApplyAdministrators;
cbPowershellUsers.Checked = setting.ApplyUsers;
setting = GetServerSetting(settings, RdsServerSettings.HIDE_C_DRIVE);
cbHideCDriveAdministrators.Checked = setting.ApplyAdministrators;
cbHideCDriveUsers.Checked = setting.ApplyUsers;
setting = GetServerSetting(settings, RdsServerSettings.REMOVE_SHUTDOWN_RESTART);
cbShutdownAdministrators.Checked = setting.ApplyAdministrators;
cbShutdownUsers.Checked = setting.ApplyUsers;
setting = GetServerSetting(settings, RdsServerSettings.DISABLE_TASK_MANAGER);
cbTaskManagerAdministrators.Checked = setting.ApplyAdministrators;
cbTaskManagerUsers.Checked = setting.ApplyUsers;
setting = GetServerSetting(settings, RdsServerSettings.CHANGE_DESKTOP_DISABLED);
cbDesktopAdministrators.Checked = setting.ApplyAdministrators;
cbDesktopUsers.Checked = setting.ApplyUsers;
setting = GetServerSetting(settings, RdsServerSettings.SCREEN_SAVER_DISABLED);
cbScreenSaverAdministrators.Checked = setting.ApplyAdministrators;
cbScreenSaverUsers.Checked = setting.ApplyUsers;
setting = GetServerSetting(settings, RdsServerSettings.DRIVE_SPACE_THRESHOLD);
txtThreshold.Text = setting.PropertyValue;
}
private RdsServerSetting GetServerSetting(RdsServerSettings settings, string propertyName)
{
return settings.Settings.First(s => s.PropertyName.Equals(propertyName));
}
private RdsServerSettings GetSettings()
{
//settings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_VALUE] = txtTimeout.Text;
//settings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_ADMINISTRATORS] = cbTimeoutAdministrators.Checked.ToString();
//settings[RdsServerSettings.LOCK_SCREEN_TIMEOUT_USERS] = cbTimeoutUsers.Checked.ToString();
//settings[RdsServerSettings.REMOVE_RUN_COMMAND_ADMINISTRATORS] = cbRunCommandAdministrators.Checked.ToString();
//settings[RdsServerSettings.REMOVE_RUN_COMMAND_USERS] = cbRunCommandUsers.Checked.ToString();
//settings[RdsServerSettings.REMOVE_POWERSHELL_COMMAND_ADMINISTRATORS] = cbPowershellAdministrators.Checked.ToString();
//settings[RdsServerSettings.REMOVE_POWERSHELL_COMMAND_USERS] = cbPowershellUsers.Checked.ToString();
//settings[RdsServerSettings.HIDE_C_DRIVE_ADMINISTRATORS] = cbHideCDriveAdministrators.Checked.ToString();
//settings[RdsServerSettings.HIDE_C_DRIVE_USERS] = cbHideCDriveUsers.Checked.ToString();
//settings[RdsServerSettings.REMOVE_SHUTDOWN_RESTART_ADMINISTRATORS] = cbShutdownAdministrators.Checked.ToString();
//settings[RdsServerSettings.REMOVE_SHUTDOWN_RESTART_USERS] = cbShutdownUsers.Checked.ToString();
//settings[RdsServerSettings.DISABLE_TASK_MANAGER_ADMINISTRATORS] = cbTaskManagerAdministrators.Checked.ToString();
//settings[RdsServerSettings.DISABLE_TASK_MANAGER_USERS] = cbTaskManagerUsers.Checked.ToString();
//settings[RdsServerSettings.CHANGE_DESKTOP_DISABLED_ADMINISTRATORS] = cbDesktopAdministrators.Checked.ToString();
//settings[RdsServerSettings.CHANGE_DESKTOP_DISABLED_USERS] = cbDesktopUsers.Checked.ToString();
//settings[RdsServerSettings.SCREEN_SAVER_DISABLED_ADMINISTRATORS] = cbScreenSaverAdministrators.Checked.ToString();
//settings[RdsServerSettings.SCREEN_SAVER_DISABLED_USERS] = cbScreenSaverUsers.Checked.ToString();
//settings[RdsServerSettings.DRIVE_SPACE_THRESHOLD_VALUE] = txtThreshold.Text;
{
var settings = new RdsServerSettings();
//settings.Settings.Add(new RdsServerSetting{
// PropertyName = RdsServerSettings.LOCK_SCREEN_TIMEOUT_VALUE,
// PropertyValue = txtTimeout.Text
//})
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.LOCK_SCREEN_TIMEOUT,
PropertyValue = txtTimeout.Text,
ApplyAdministrators = cbTimeoutAdministrators.Checked,
ApplyUsers = cbTimeoutUsers.Checked
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.REMOVE_RUN_COMMAND,
PropertyValue = "",
ApplyAdministrators = cbRunCommandAdministrators.Checked,
ApplyUsers = cbRunCommandUsers.Checked
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.REMOVE_POWERSHELL_COMMAND,
PropertyValue = "",
ApplyAdministrators = cbPowershellAdministrators.Checked,
ApplyUsers = cbPowershellUsers.Checked
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.HIDE_C_DRIVE,
PropertyValue = "",
ApplyAdministrators = cbHideCDriveAdministrators.Checked,
ApplyUsers = cbHideCDriveUsers.Checked
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.REMOVE_SHUTDOWN_RESTART,
PropertyValue = "",
ApplyAdministrators = cbShutdownAdministrators.Checked,
ApplyUsers = cbShutdownUsers.Checked
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.DISABLE_TASK_MANAGER,
PropertyValue = "",
ApplyAdministrators = cbTaskManagerAdministrators.Checked,
ApplyUsers = cbTaskManagerUsers.Checked
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.CHANGE_DESKTOP_DISABLED,
PropertyValue = "",
ApplyAdministrators = cbDesktopAdministrators.Checked,
ApplyUsers = cbDesktopUsers.Checked
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.SCREEN_SAVER_DISABLED,
PropertyValue = "",
ApplyAdministrators = cbScreenSaverAdministrators.Checked,
ApplyUsers = cbScreenSaverUsers.Checked
});
settings.Settings.Add(new RdsServerSetting
{
PropertyName = RdsServerSettings.DRIVE_SPACE_THRESHOLD,
PropertyValue = txtThreshold.Text,
ApplyAdministrators = true,
ApplyUsers = true
});
return settings;
}