Ilaalada Aqoonsiga Fog wuxuu ilaaliyaa aqoonsiga Desktop Fog

Dhammaan isticmaalayaasha maamulayaasha nidaamka waxay leeyihiin hal walaac oo dhab ah - xaqiijinta aqoonsiga xiriirinta Desktop Fog . (Desktop)Tani waa sababta oo ah malware-ku wuxuu heli karaa dariiqa kombuyuutar kasta oo kale oo ku yaal isku xirka desktop-ka oo wuxuu khatar ku yahay xogtaada. Taasi waa sababta Windows OS u iftiimiso digniinta " Hubi inaad ku kalsoon tahay PC-kan, ku xidhidhiyaha kombuyuutar aan la aamini karin waxay dhaawac u geysan kartaa kombuyutarkaaga(Make sure you trust this PC, connecting to an untrusted computer might harm your PC) " markaad isku daydo inaad ku xidho desktop fog.

Maqaalkan, waxaan ku arki doonaa sida muuqaalka ilaalinta aqoonsiga fog(Remote Credential Guard) , kaas oo lagu soo bandhigay  Windows 10 , wuxuu kaa caawin karaa ilaalinta aqoonsiga fog ee desktop Windows 10 Enterprise iyo Windows Server .

Ilaalada aqoonsiga fog(Remote Credential Guard) ee Windows 10

Muuqaalka waxaa loogu talagalay in lagu baabi'iyo hanjabaadaha ka hor inta aysan u dhicin xaalad halis ah. Waxay kaa caawinaysaa inaad ka ilaaliso aqoonsigaaga isku xirka Desktop Fog adiga oo codsiyada (Desktop)Kerberos dib ugu celinaya aaladda codsanaysa xidhiidhka. Waxa kale oo ay siisaa waayo-aragnimada calaamad-ku-meel- gaadhka ah ee fadhiyada Desktop- ka Fog.(Remote Desktop)

Haddii ay dhacdo nasiib darro kasta oo aaladda bartilmaameedka ah la jabiyo, aqoonsiga isticmaalaha lama soo bandhigin sababtoo ah labadaba aqoonsiga iyo soo-jeedinta aqoonsiga weligood looma diro aaladda bartilmaameedka ah.

Ilaalada Aqoonsiga Fog

Habka operandi ee Ilaalinta Aqoonsiga Fog(Remote Credential Guard) wuxuu aad ula mid yahay ilaalinta ay bixiso Ilaalada Aqoonsiga ee mishiinka maxaliga ah marka laga reebo Ilaalada Aqoonsiga(Credential Guard) sidoo kale waxay ilaalisaa aqoonsiga domain ee kaydsan iyada oo loo sii marayo Maareeyaha Aqoonsiga(Credential Manager) .

Shakhsigu waxa uu u isticmaali karaa Ilaalinta Aqoonsiga Fog ee(Remote Credential Guard) hababka soo socda-

  1. Mar haddii shahaadooyinka maamuluhu(Administrator) ay mudnaanta sare leeyihiin, waa in la ilaaliyo. Adigoo isticmaalaya Ilaaliyaha Aqoonsiga Fog(Remote Credential Guard) , waxaa laguu xaqiijin karaa in aqoonsigaaga la ilaaliyo maadaama aysan u oggolaan in aqoonsiyadu u gudbaan shabakadda aaladda bartilmaameedka ah.
  2. Shaqaalaha Helpdesk(Helpdesk) ee ururkaaga waa in ay ku xidhmaan aaladaha ku biiray domain-ka kuwaas oo laga yaabo in wax loo dhimo. Ilaalada Aqoonsiga Fog(Remote Credential Guard) , shaqaalaha miiska caawinta wuxuu isticmaali karaa RDP si uu ugu xidho aaladda la beegsanayo iyada oo aan waxyeello loo geysanin aqoonsigooda malware.

Shuruudaha hardware iyo software

Si aad awood ugu yeelatid habsami u shaqaynta Ilaalada Aqoonsiga Fog(Remote Credential Guard) , hubi in shuruudaha soo socda ee macmiilka Desktop-ka fog(Remote Desktop) iyo adeegaha ay buuxiyeen.

  1. Macmiilka Desktop-ka fog(Remote Desktop Client) iyo adeegaha waa in lagu biiraa hagaha Active Directory
  2. Labada qalabba waa inay ku biiraan isla goob isku mid ah, ama waa in server-ka Desktop-ka fog(Remote Desktop) lagu biiraa goob xidhiidh aamin ah la leh bogga agabka macmiilka.
  3. Xaqiijinta Kerberos waxay ahayd in la hawlgeliyo.
  4. Macmiilka Desktop-ka fog(Remote Desktop) waa inuu shaqeeyaa ugu yaraan Windows 10 , nooca 1607 ama Windows Server 2016 .
  5. The Remote Desktop Universal Platform Windows(Remote Desktop Universal Windows Platform) ma taageerto Ilaalada Aqoonsiga Fog(Remote Credential Guard) sidaa darteed, isticmaal abka Windows -ka caadiga ah ee Desktop- ka fog.(Remote Desktop)

Ka yeel Ilaalada Aqoonsiga Fog(Remote Credential Guard) ee Diiwaangelinta(Registry)

Si aad awood ugu siiso Ilaalinta Aqoonsiga Fog ee(Remote Credential Guard) aaladda la beegsaday, fur Tifaftiraha Diiwaanka(Registry Editor) oo tag furaha soo socda:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

Ku dar qiime cusub oo DWORD ah oo lagu magacaabo DisableRestrictedAdmin . Deji qiimaha goobta diiwaangelintan 0 si aad u daarto Ilaalada Aqoonsiga Fog(Remote Credential Guard) .

Xir Tifaftiraha Diiwaanka

Waxaad awood u siin kartaa Ilaalinta Aqoonsiga Fog(Remote Credential Guard) adiga oo ka socodsiinaya amarkan soo socda ee CMD:

reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD

Daar Ilaalada Aqoonsiga Fog(Remote Credential Guard) adiga oo isticmaalaya Siyaasadda Kooxda(Group Policy)

Waa suurtogal in lagu isticmaalo Ilaalinta Aqoonsiga Fog ee(Remote Credential Guard) qalabka macmiilka adiga oo dejinaya Siyaasad Kooxeed(Group Policy) ama adigoo isticmaalaya halbeeg leh Xiriirinta Mashiinka Fog(Remote Desktop Connection) .

Laga bilaabo Console-ka Maareynta Siyaasadda Kooxda(Group Policy Management Console) , u Computer Configuration > Administrative Templates > System > Credentials Delegation.

Hadda, laba-guji Ku xaddid ergada aqoonsiga server-yada fog(Restrict delegation of credentials to remote servers) si aad u furto sanduuqa Guryaha.

Hadda gudaha Adeegso sanduuqa habka xaddidan ee soo socda(Use the following restricted mode) , dooro Baahan Ilaaliyaha Aqoonsiga Fog. ( Require Remote Credential Guard. )Xulashada kale Habka maamulka xaddidan(Restricted Admin mode) ayaa sidoo kale jira. Muhiimaddeedu waa marka Ilaalada Aqoonsiga Fog ee fog(Remote Credential Guard) aan la isticmaali karin, waxay isticmaali doontaa habka Maamulka xaddidan .(Restricted Admin)

Si kastaba ha ahaatee, Ilaaliyaha Aqoonsiga Fog(Remote Credential Guard) ama qaabka maamulka xaddidan(Restricted Admin) midna uma soo diri doono aqoonsi qoraal cad seerfarka Desktop-ka fog .(Remote Desktop)

Oggolow Ilaalada Aqoonsiga Fog(Allow Remote Credential Guard) , adiga oo dooranaya ' doorbidayaa Ilaalada Aqoonsiga Fog(Prefer Remote Credential Guard) ' ee doorashada.

Guji OK(Click OK) oo ka bax Console Maamulka Siyaasadda Kooxda(Group Policy Management Console) .

fog-aqoonsiga-koox- ilaalin-siyaasad

Hadda, laga bilaabo amar degdeg ah, ku socodsii gpupdate.exe /force si loo hubiyo in shayga Siyaasadda Kooxda(Group Policy) la dabaqay.

Adeegso Ilaalada Aqoonsiga Fog(Use Remote Credential Guard) oo leh halbeeg ku xidhidhiyaha Mashiinka(Remote Desktop) Fog

Haddii aadan u isticmaalin Siyaasadda Kooxda(Group Policy) ee ururkaaga, waxaad ku dari kartaa cabbirka fogaanta marka aad bilowdo isku xidhka Desktop Fog si aad u shido Ilaalada Aqoonsiga Fog(Desktop Connection) ee xidhiidhkaas(Remote Credential Guard) .

mstsc.exe /remoteGuard

Waxyaabaha ay tahay inaad maskaxda ku hayso markaad isticmaalayso Ilaalinta Aqoonsiga Fog(Remote Credential Guard)

  1. Ilaalada Aqoonsiga Fog(Remote Credential Guard) looma isticmaali karo in lagu xidho aalada ku biirtay Tusaha Firfircoon ee Azure(Azure Active Directory) .
  2. Ilaaliyaha Aqoonsiga Desktop Fog(Remote Desktop Credential Guard) wuxuu la shaqeeyaa borotokoolka RDP kaliya.(RDP)
  3. Ilaalada aqoonsiga fog(Remote Credential Guard) kuma jiraan sheegashooyinka aaladaha. Tusaale ahaan, haddii aad isku dayayso inaad ka soo gasho server-ka faylalka fogfog oo seerfarku u baahan yahay sheegasho qalab, gelitaanka waa la diidi doonaa.
  4. Seerfarka iyo macmiilku waa inay xaqiijiyaan iyagoo isticmaalaya Kerberos .
  5. Goobuhu waa inay lahaadaan xiriir aamin ah, ama labadaba macmiilka iyo server-ka waa in lagu biiraa isla goob isku mid ah.
  6. Kadinka Desktop-(Remote Desktop Gateway) ka fog kuma habboona Ilaalada Aqoonsiga Fog(Remote Credential Guard) .
  7. Wax aqoonsi ah laguma daadin aaladda la beegsaday . Si kastaba ha noqotee, aaladda la beegsanayo ayaa wali hesha Tigidhada (Tickets)Adeegga Kerberos(Kerberos Service) kaligiis.
  8. Ugu dambayntii, waa inaad isticmaashaa aqoonsiga isticmaalaha ee ku jira aaladda. Isticmaalka shahaadooyinka la kaydiyay ama aqoonsiga ka duwan kaaga lama ogola.

Waxaad wax badan oo arrintan ku saabsan ka akhriyi kartaa Technet .

la xiriira(Related) : Sida loo kordhiyo tirada Xidhiidhada Desktop Fog(increase the number of Remote Desktop Connections) ee Windows 10.



Ruby Reyes

About the author

Waxaan ahay windows,ios,pdf, khaladaad, injineer qalabeed leh in ka badan 10 sano oo waayo-aragnimo ah. Waxaan ka shaqeeyay barnaamijyo badan oo tayo sare leh oo Windows ah iyo qaab-dhismeedka sida OneDrive ee Ganacsiga, Office 365, iyo in ka badan. Shaqadaydii dhowayd waxaa ka mid ahaa horumarinta akhristaha pdf ee madal windows iyo ka shaqaynta samaynta khaladaadka fariimaha si cad ugu cad dadka isticmaala. Intaa waxaa dheer, waxaan ku lug lahaa horumarinta madal ios dhowr sano hadda oo aan aad u aqaano sifooyinkeeda iyo quirks labadaba.


Related posts