我一直在考虑使用PowerShell设置本地帐户,我们要求取消选择Enable Remote Control
选项。
此选项位于Users
下方,右键单击并选择Properties
,然后在Remote
标签下取消Remote control
。
我唯一能在网上找到的是如何使用powershell启用或禁用远程桌面:(
由于
答案 0 :(得分:1)
这可以使用P / Invoke完成;例子如下。
#requires -version 2
Add-Type -MemberDefinition @"
[DllImport("wtsapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern void WTSFreeMemory(IntPtr pMemory);
[DllImport("wtsapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern bool WTSQueryUserConfig(
string pServerName,
string pUserName,
int WTSConfigClass,
out IntPtr ppBuffer,
out uint pBytesReturned);
[DllImport("wtsapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern bool WTSSetUserConfig(
string pServerName,
string pUserName,
int WTSConfigClass,
IntPtr pBuffer,
uint DataLength);
"@ -Namespace Win32Api -Name WtsApi32
$WTS_CONFIG_SHADOWING_SETTINGS = 14
function WTSQueryUserConfigShadowSettings {
[CmdletBinding()]
param(
[String] $computerName,
[String] $userName
)
$pBuffer = [IntPtr]::Zero
$bytesReturned = 0
$success = [Win32Api.WtsApi32]::WTSQueryUserConfig(
$computerName, # pServerName
$userName, # pUserName
$WTS_CONFIG_SHADOWING_SETTINGS, # WTSConfigClass
[Ref] $pBuffer, # ppBuffer
[Ref] $bytesReturned # pBytesReturned
)
if ( $success ) {
[Runtime.InteropServices.Marshal]::ReadInt32($pBuffer)
[Win32Api.WtsApi32]::WTSFreeMemory($pBuffer)
}
else {
$exception = New-Object ComponentModel.Win32Exception ([Runtime.InteropServices.Marshal]::GetLastWin32Error())
Write-Error -Exception $exception
}
}
function WTSSetUserConfigShadowSettings {
[CmdletBinding()]
param(
[String] $computerName,
[String] $userName,
[Int] [ValidateRange(0,4)] $shadowSettings
)
$pNewValue = [Runtime.InteropServices.Marshal]::AllocHGlobal([Runtime.InteropServices.Marshal]::SizeOf([Type] [Int]))
[Runtime.InteropServices.Marshal]::WriteInt32($pNewValue, $shadowSettings)
$dataLength = [Runtime.InteropServices.Marshal]::SizeOf($pNewValue)
$success = [Win32Api.WtsApi32]::WTSSetUserConfig(
$computerName, # pServerName
$userName, # pUserName
$WTS_CONFIG_SHADOWING_SETTINGS, # WTSConfigClass
$pNewValue, # pBuffer
$dataLength # DataLength
)
if ( $success ) {
[Runtime.InteropServices.Marshal]::FreeHGlobal($pNewValue)
}
else {
$exception = New-Object ComponentModel.Win32Exception ([Runtime.InteropServices.Marshal]::GetLastWin32Error())
Write-Error -Exception $exception
}
}
function Get-RDShadowingSetting {
[CmdletBinding()]
param(
[Parameter(Position = 0)]
[String[]] [ValidateNotNullOrEmpty()] $UserName,
[Parameter(ValueFromPipeline = $true,ValueFromPipelineByPropertyName = $true)]
[String[]] $ComputerName = [Net.Dns]::GetHostName()
)
process {
foreach ( $computerNameItem in $ComputerName ) {
foreach ( $userNameItem in $userName ) {
New-Object PSObject -Property @{
"ComputerName" = $computerNameItem
"UserName" = $userNameItem
"RDShadowingSetting" = WTSQueryUserConfigShadowSettings $computerNameItem $userNameItem
} | Select-Object ComputerName,UserName,RDShadowingSetting
}
}
}
}
function Set-RDShadowingSetting {
[CmdletBinding()]
param(
[Parameter(Position = 0)]
[String[]] [ValidateNotNullOrEmpty()] $UserName,
[Parameter(Position = 1)]
[Int] [ValidateRange(0,4)] $RDShadowingSetting,
[Parameter(ValueFromPipeline = $true,ValueFromPipelineByPropertyName = $true)]
[String[]] $ComputerName = [Net.Dns]::GetHostName()
)
process {
foreach ( $computerNameItem in $ComputerName ) {
foreach ( $userNameItem in $userName ) {
WTSSetUserConfigShadowSettings $computerNameItem $userNameItem $RDShadowingSetting
}
}
}
}
Get-RDShadowingSetting
函数在0
属性中返回4
到RDShadowingSetting
的值,该属性对应于您要使用的设置:
Value Meaning
----- -------
0 Disable remote control
1 Enabled/require user's permission/interact with the session
2 Enabled/don't require user's permission/interact with the session
3 Enabled/require user's permission/view the user's session
4 Enabled/don't require user's permission/view the user's session
Set-RDShadowingSetting
功能可让您更新用户的值; e.g:
Set-RDShadowingSetting "KenDyer" 0
这将禁用本地计算机上KenDyer
帐户的远程控制。
WTSQueryUserConfigShadowSettings
和WTSSetUserConfigShadowSettings
函数是执行实际Windows API调用的函数。
(获取计算机或用户名列表留给读者练习。)
API文档链接:https://msdn.microsoft.com/en-us/library/aa383859.aspx
答案 1 :(得分:0)
对于感兴趣的任何人:我编写了一个PowerShell模块,用于获取和设置所有RD用户设置。如果您需要在不是通过GUI或命令行工具“浮出水面”的计算机上管理这些设置,这可能会很有用。该模块称为RDUserSetting
,您可以在这里获取它:
https://github.com/Bill-Stewart/PowerShell-RDUserSetting
使用此模块,将在此处回答问题的命令为:
Set-RDUserSetting kendyer -RDRemoteControlSetting Disabled
您还可以使用Get-RDUserSetting
和管道查看RD用户设置。示例:
Get-RDUserSetting |
Where-Object { $_.RDRemoteControlSetting -ne "Disabled" } |
Set-RDUserSetting -RDRemoteControlSetting Disabled
此命令会将尚未设置本地计算机上每个用户的RDRemoteControlSetting
属性设置为Disabled
。 (警告:请勿在域控制器上执行此操作。)