Last active
August 29, 2015 14:22
-
-
Save stknohg/375c3a2fc4898ff9705e to your computer and use it in GitHub Desktop.
Remote Desktop ServiceのRDP-Tcp Connectionのアクセス権を取得するスクリプト。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Remote Desktop ServiceのRDP-Tcp Connectionのアクセス権を取得します。 | |
.PARAMETER ComputerName | |
対象となるコンピューター名を設定します。未指定の場合は現在のコンピューター名が対象になります。 | |
.PARAMETER TerminalName | |
対象となるターミナル名を設定します。通常は"RDP-Tcp"が指定されます。 | |
.PARAMETER Credential | |
リモートコンピュータに対する認証情報を設定します。 | |
String型もしくはPSCredential型の値を設定してください。 | |
.EXAMPLE | |
Get-RDSConnectionPermissions | |
.EXAMPLE | |
Get-RDSConnectionPermissions -ComputerName "Server01" | |
.LINK | |
https://technet.microsoft.com/en-us/library/cc753032.aspx | |
https://msdn.microsoft.com/en-us/library/aa383773.aspx | |
#> | |
Function Get-RDSConnectionPermissions(){ | |
[OutputType('System.Collections.Generic.List[PSCustomObject]')] | |
[cmdletbinding()] | |
param( | |
[Parameter(Mandatory=$false)] | |
[string]$ComputerName = $env:COMPUTERNAME, | |
[Parameter(Mandatory=$false)] | |
[string]$TerminalName = "RDP-Tcp", | |
[Parameter(Mandatory=$false)] | |
$Credential = $null | |
) | |
# 初期設定 | |
$RetValues = New-Object 'System.Collections.Generic.List[PSCustomObject]' | |
$Permissions = @{ | |
1 = "WINSTATION_QUERY"; | |
2 = "WINSTATION_SET"; | |
4 = "WINSTATION_LOGOFF"; | |
8 = "WINSTATION_VIRTUAL"; | |
16 = "WINSTATION_SHADOW"; | |
32 = "WINSTATION_LOGON"; | |
64 = "WINSTATION_RESET"; | |
128 = "WINSTATION_MSG"; | |
256 = "WINSTATION_CONNECT"; | |
512 = "WINSTATION_DISCONNECT"; | |
# | |
983040 = "STANDARD_RIGHTS_REQUIRED"; | |
} | |
# 権限取得 | |
$Accounts = $null | |
try{ | |
if($Credential -eq $null){ | |
$Accounts = Get-WmiObject -Namespace "Root\CIMv2\TerminalServices" -Class Win32_TSAccount -ComputerName $ComputerName | |
}else{ | |
$Accounts = Get-WmiObject -Namespace "Root\CIMv2\TerminalServices" -Class Win32_TSAccount -ComputerName $ComputerName -Credential $Credential | |
} | |
$Accounts = $Accounts | Where-Object { $_.TerminalName -eq $TerminalName } | |
}catch{ | |
Write-Error $_.Exception | |
return $RetValues | |
} | |
if($Accounts.Count -eq 0){ | |
return $RetValues | |
} | |
foreach($Account in $Accounts){ | |
# PermissionsAllowedのフラグ判定 | |
$AllowedNames = New-Object 'System.Collections.Generic.List[String]' | |
foreach($key in $Permissions.Keys){ | |
if(($Account.PermissionsAllowed -band $key) -eq $key){ | |
$AllowedNames.Add($Permissions[$key]) | |
} | |
} | |
# PermissionsDeniedのフラグ判定 | |
$DeniedNames = New-Object 'System.Collections.Generic.List[String]' | |
foreach($key in $Permissions.Keys){ | |
if(($Account.PermissionsDenied -band $key) -eq $key){ | |
$DeniedNames.Add($Permissions[$key]) | |
} | |
} | |
# 戻り値の要素を追加 | |
$RetValues.Add( | |
[PSCustomObject] @{ | |
ComputerName = $ComputerName; | |
TerminalName = $Account.TerminalName; | |
AccountName = $Account.AccountName; | |
PermissionsAllowed = $Account.PermissionsAllowed; | |
AllowedFlags = ("{0,32}" -F [Convert]::ToString($Account.PermissionsAllowed,2)).Replace(" ","0"); | |
AllowedNames = $AllowedNames; | |
PermissionsDenied = $Account.PermissionsDenied; | |
DeniedFlags = ("{0,32}" -F [Convert]::ToString($Account.PermissionsDenied,2)).Replace(" ","0"); | |
DeniedNames = $DeniedNames; | |
} | |
) | Out-Null | |
} | |
return $RetValues | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment