I haven't been able to find a way to delegate permissions either. However I'm thinking of doing something similar to the script you posted. I'm planning on building a simple interface for common help desk tasks and have the script run under
a privileged service account. So the service account will be a farm administrator and have access to do what needs to be done, but because I'm using a custom interface, only certain helpdesk-centric functions will be exposed to the user. I haven't started
yet, but that's the plan.
As we have no other option, we make executable that will make something like RunAs of such script (under another account, that is local admin on RD Broker and RDSH), that allow any user that has this executable to support our RDFARM. We will keep login/pass
and script itself inside compiled application.
I am not a programmer, so our programmers prepare such simple application for our helpdesk team.
As this application is useless for others, i can attach only prepared script with 4 most used operations in our case (you can add additional choices for other variants), may be will be useful for somebody.
Details about usage:
Can be run from any farm member.
Simply type any of your RD brokers when it will ask , and it will get and proceed all necessary information about users from all farm members
https://www.dropbox.com/s/53fycptn8u6alzz/user-mngmt.ps1?dl=0
.............................
do {
Write-Host "=================================================="
Write-Host ""
Write-Host " Script for RDS 2012r2 user management "
Write-Host ""
Write-Host "=================================================="
Write-Host ""
Write-Host "1. List user sessions"
Write-Host "2. Log off ALL disconnected users"
Write-Host "3. Log off selected user"
Write-Host "4. Remote Control selected user"
Write-Host "5. Exit"
$choice = Read-Host "Select option"
Switch ($choice)
{
"1" {
$brokerID = Read-Host 'Please enter the name of remote RDS server (FQDN please)'
Get-RDUserSession -ConnectionBroker $brokerID
Read-Host "<<Press any key to continue>>"
}
"2" {
$brokerID = Read-Host 'Please enter the name of remote RDS server (FQDN please)'
$RDSessions = Get-RDUserSession -ConnectionBroker $brokerID | Where {$_.SessionState -eq "STATE_DISCONNECTED"}
If(!$RDSessions) {
Write-Host "No Disconnected users on this farm"
Read-Host "<<Press any key to continue>>"
}
Else
{ #Start Loop
Foreach ($RDSession in $RDSessions)
{
Invoke-RDUserLogoff -UnifiedSessionID $RDSession.SessionID -HostServer $RDSession.HostServer -Force
Write-Host "The user" $RDSession.UserName "was disconnected from" $RDSession.hostServer "server"
Read-Host "<<Press any key to continue>>"
} #End Loop
} #End if
}
"3" {
$brokerID = Read-Host 'Please enter the name of remote RDS server (FQDN please)'
Get-RDUserSession -ConnectionBroker $brokerID
$UserName = Read-Host 'Type UserName that you want to logoff'
$userID_kill = Get-RDUserSession -ConnectionBroker $brokerID | Where {$_.UserName -eq $UserName}
If(!$UserID_kill)
{Write-Host "No such user on the servers"
Read-Host "<<Press any key to continue>>"
}
Invoke-RDUserLogoff -UnifiedSessionID $userID_kill.SessionID -HostServer $userID_kill.HostServer -Force
#Write-Host "The user" $user.UserName "was disconnected from" $user.hostServer "server"
#}
}
"4" {
$brokerID = Read-Host 'Please enter the name of remote RDS server (FQDN please)'
Get-RDUserSession -ConnectionBroker $brokerID
$UserName = Read-Host 'Type UserName that you want to CONTROL'
$userID_control = Get-RDUserSession -ConnectionBroker $brokerID | Where {$_.UserName -eq $UserName}
Write-Host "Building remote control connection"
Write-Host "Server name" $userID_control.ServerName
Write-Host "UserName" $userID_control.UserName
Write-Host "SessionID" $userID_control.SessionID
mstsc /v:($userID_control.ServerName) /shadow:($userID_control.SessionId) /control
Read-Host "<<Press any key to continue>>"
}
"5" {Exit}
}
$repeat = Read-Host "Press 1 to repeat and any other key for EXIT"
}
while ($repeat -eq "1")
-
Edited by
vinnikovsa
Wednesday, December 03, 2014 3:51 PM