删除'启用远程控制'对于本地用户帐户

时间:2018-06-05 08:13:02

标签: powershell

我一直在考虑使用PowerShell设置本地帐户,我们要求取消选择Enable Remote Control选项。

此选项位于Users下方,右键单击并选择Properties,然后在Remote标签下取消Remote control

我唯一能在网上找到的是如何使用powershell启用或禁用远程桌面:(

由于

2 个答案:

答案 0 :(得分:1)

这可以使用P / Invoke完成;例子如下。

#requires -version 2

Add-Type -MemberDefinition @"
[DllImport("wtsapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern void WTSFreeMemory(IntPtr pMemory);
[DllImport("wtsapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern bool WTSQueryUserConfig(
  string pServerName,
  string pUserName,
  int WTSConfigClass,
  out IntPtr ppBuffer,
  out uint pBytesReturned);
[DllImport("wtsapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern bool WTSSetUserConfig(
  string pServerName,
  string pUserName,
  int WTSConfigClass,
  IntPtr pBuffer,
  uint DataLength);
"@ -Namespace Win32Api -Name WtsApi32

$WTS_CONFIG_SHADOWING_SETTINGS = 14

function WTSQueryUserConfigShadowSettings {
  [CmdletBinding()]
  param(
    [String] $computerName,
    [String] $userName
  )
  $pBuffer = [IntPtr]::Zero
  $bytesReturned = 0
  $success = [Win32Api.WtsApi32]::WTSQueryUserConfig(
    $computerName,                   # pServerName
    $userName,                       # pUserName
    $WTS_CONFIG_SHADOWING_SETTINGS,  # WTSConfigClass
    [Ref] $pBuffer,                  # ppBuffer
    [Ref] $bytesReturned             # pBytesReturned
  )
  if ( $success ) {
    [Runtime.InteropServices.Marshal]::ReadInt32($pBuffer)
    [Win32Api.WtsApi32]::WTSFreeMemory($pBuffer)
  }
  else {
    $exception = New-Object ComponentModel.Win32Exception ([Runtime.InteropServices.Marshal]::GetLastWin32Error())
    Write-Error -Exception $exception
  }
}

function WTSSetUserConfigShadowSettings {
  [CmdletBinding()]
  param(
    [String] $computerName,
    [String] $userName,
    [Int] [ValidateRange(0,4)] $shadowSettings
  )
  $pNewValue = [Runtime.InteropServices.Marshal]::AllocHGlobal([Runtime.InteropServices.Marshal]::SizeOf([Type] [Int]))
  [Runtime.InteropServices.Marshal]::WriteInt32($pNewValue, $shadowSettings)
  $dataLength = [Runtime.InteropServices.Marshal]::SizeOf($pNewValue)
  $success = [Win32Api.WtsApi32]::WTSSetUserConfig(
    $computerName,                    # pServerName
    $userName,                        # pUserName
    $WTS_CONFIG_SHADOWING_SETTINGS,   # WTSConfigClass
    $pNewValue,                       # pBuffer
    $dataLength                       # DataLength
  )
  if ( $success ) {
    [Runtime.InteropServices.Marshal]::FreeHGlobal($pNewValue)
  }
  else {
    $exception = New-Object ComponentModel.Win32Exception ([Runtime.InteropServices.Marshal]::GetLastWin32Error())
    Write-Error -Exception $exception
  }
}

function Get-RDShadowingSetting {
  [CmdletBinding()]
  param(
    [Parameter(Position = 0)]
      [String[]] [ValidateNotNullOrEmpty()] $UserName,
    [Parameter(ValueFromPipeline = $true,ValueFromPipelineByPropertyName = $true)]
      [String[]] $ComputerName = [Net.Dns]::GetHostName()
  )
  process {
    foreach ( $computerNameItem in $ComputerName ) {
      foreach ( $userNameItem in $userName ) {
        New-Object PSObject -Property @{
          "ComputerName"       = $computerNameItem
          "UserName"           = $userNameItem
          "RDShadowingSetting" = WTSQueryUserConfigShadowSettings $computerNameItem $userNameItem
        } | Select-Object ComputerName,UserName,RDShadowingSetting
      }
    }
  }
}

function Set-RDShadowingSetting {
  [CmdletBinding()]
  param(
    [Parameter(Position = 0)]
      [String[]] [ValidateNotNullOrEmpty()] $UserName,
    [Parameter(Position = 1)]
      [Int] [ValidateRange(0,4)] $RDShadowingSetting,
    [Parameter(ValueFromPipeline = $true,ValueFromPipelineByPropertyName = $true)]
      [String[]] $ComputerName = [Net.Dns]::GetHostName()
  )
  process {
    foreach ( $computerNameItem in $ComputerName ) {
      foreach ( $userNameItem in $userName ) {
        WTSSetUserConfigShadowSettings $computerNameItem $userNameItem $RDShadowingSetting
      }
    }
  }
}

Get-RDShadowingSetting函数在0属性中返回4RDShadowingSetting的值,该属性对应于您要使用的设置:

Value  Meaning
-----  -------
0      Disable remote control
1      Enabled/require user's permission/interact with the session
2      Enabled/don't require user's permission/interact with the session
3      Enabled/require user's permission/view the user's session
4      Enabled/don't require user's permission/view the user's session

Set-RDShadowingSetting功能可让您更新用户的值; e.g:

Set-RDShadowingSetting "KenDyer" 0

这将禁用本地计算机上KenDyer帐户的远程控制。

WTSQueryUserConfigShadowSettingsWTSSetUserConfigShadowSettings函数是执行实际Windows API调用的函数。

(获取计算机或用户名列表留给读者练习。)

API文档链接:https://msdn.microsoft.com/en-us/library/aa383859.aspx

答案 1 :(得分:0)

对于感兴趣的任何人:我编写了一个PowerShell模块,用于获取和设置所有RD用户设置。如果您需要在不是通过GUI或命令行工具“浮出水面”的计算机上管理这些设置,这可能会很有用。该模块称为RDUserSetting,您可以在这里获取它:

https://github.com/Bill-Stewart/PowerShell-RDUserSetting

使用此模块,将在此处回答问题的命令为:

Set-RDUserSetting kendyer -RDRemoteControlSetting Disabled

您还可以使用Get-RDUserSetting和管道查看RD用户设置。示例:

Get-RDUserSetting |
  Where-Object { $_.RDRemoteControlSetting -ne "Disabled" } |
  Set-RDUserSetting -RDRemoteControlSetting Disabled

此命令会将尚未设置本地计算机上每个用户的RDRemoteControlSetting属性设置为Disabled。 (警告:请勿在域控制器上执行此操作。)