CSI:使用自己的防火墙规则阻止远程桌面后,使用PowerShell重新启用它
Got a great email from reader Seán McDonnell.
收到了读者塞恩麦克唐纳的来信。
The Big Problem:
最大的问题:
I set up an Azure virtual machine running Windows Server 2012.
我设置了运行Windows Server 2012的Azure虚拟机。
I accidentally disabled the Remote Desktop Windows firewall rule (while I was remotely connected). The connection dropped as you would expect.
我不小心禁用了远程桌面Windows防火墙规则(当我进行远程连接时)。 连接下降,正如您所期望的。
I have been pulling my hair out ever since trying to re-enable this rule.
自尝试重新启用此规则以来,我一直在拔头发。
Doh. Ouch. I didn't ask how this happened, but you know, one gets to clicking and typing and you can feel the mistake about to happen as your hand drops towards the keyboard, but by then it's too late. Gravity has screwed you.
h 哎哟。 我没有问这是怎么发生的,但是您知道,单击鼠标并打字时,您会感到错误,因为您的手垂向键盘,但那时为时已晚。 重力把你搞砸了。
I suggested that Seán use Remote Powershell to get in and add the enabling Firewall Rule for RDC. Remote PowerShell is like "SSH" in *nix. You get a remote terminal and can pretty much do whatever you want from there.
我建议Seán使用Remote Powershell进入并为RDC添加启用的防火墙规则。 远程PowerShell类似于* nix中的“ SSH”。 您将获得一个远程终端,几乎可以从那里做任何您想做的事情。
TL; DR版的Seán的经验。 (TL;DR version of Seán's experience.)
- Make sure PowerShell is enabled in the Endpoints section of the Azure portal. 确保在Azure门户的“端点”部分中启用了PowerShell。
-
Get the server's certificate (PowerShell needs this for remote commands). You can get the server certificate by going to your domains' URL:
https://yourdomain.cloudapp.net:12345(where :12345 is the port that PowerShell uses).获取服务器的证书(PowerShell对于远程命令需要此证书)。 您可以通过以下方法获取服务器证书:域的URL:
https://yourdomain.cloudapp.net:12345://yourdomain.cloudapp.net:12345(其中:12345是PowerShell使用的端口)。 - Export the SSL certificate of the site as a .CER file and install it on your local machine. 将站点的SSL证书导出为.CER文件,并将其安装在本地计算机上。
- Save it to the "Trusted Root Certification Authorities" store on your machine. 将其保存到计算机上的“受信任的根证书颁发机构”存储中。
-
Open PowerShell with administrative privileges on your local machine and type:
使用本地计算机上的管理特权打开PowerShell,然后键入:
Open PowerShell with administrative privileges on your local machine and type:
Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL使用本地计算机上的管理特权打开PowerShell,然后键入:
Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL - A login popup will appear, enter your VM's login credentials here. 将显示一个登录弹出窗口,在此处输入您的VM的登录凭据。
-
You will now be able to execute commands against the Azure VM. In Seán's case, he ran
现在,您将能够对Azure VM执行命令。 以塞恩为例,他跑了
You will now be able to execute commands against the Azure VM. In Seán's case, he ran
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes现在,您将能够对Azure VM执行命令。 对于Seán,他运行了
netsh advfirewall firewall set rule group="remote desktop" new enable=Yesand exited the PowerShell session and was able to remotely connect to my machine.
并退出了PowerShell会话,并且能够远程连接到我的计算机。
详细版本加截图 (Long Detailed Version with Screenshots)
Long version with screenshots:
带有截图的长版:
Make sure PowerShell is publically accessible in the 'endpoints' section of the Azure portal.
确保可以在Azure门户的“端点”部分中公开访问PowerShell。
Get the server's certificate (PowerShell needs this for establishing a remote session). You can get the server certificate by going to your domains' URL: https://yourdomain.cloudapp.net:5986 (where :5986 is the port that PowerShell uses).
获取服务器的证书(PowerShell需要使用它来建立远程会话)。 您可以通过以下方法获取服务器证书:域的URL: https ://yourdomain.cloudapp.net:5986(其中:5986是PowerShell使用的端口)。
Go to the Details tab and click Copy to File...
转到“详细信息”选项卡,然后单击“复制到文件...”。
Leave the first option selected and save the file to a local drive.
保持第一个选项处于选中状态,然后将文件保存到本地驱动器。
Once the file is generated and saved locally, install the certificate by double clicking on the certificate-name.cer file.
生成文件并将其保存在本地后,通过双击certificate-name.cer文件安装证书。
Install the certificate in the following store:
在以下存储中安装证书:
Open up PowerShell with administrative privileges and execute the following command (replacing the domain name and username with your own one):
使用管理特权打开PowerShell并执行以下命令(用您自己的域名和用户名替换):
A logon credential popup should appear where you will need to enter your VM's username and password:
登录凭据弹出窗口将出现,您需要在其中输入虚拟机的用户名和密码:
If successful, it should be pretty obvious that you have successfully initiated a remote session with the VM.
如果成功,很明显您已经成功启动了与VM的远程会话。
Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL
Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL
To open re-enable the firewall rule you issue the command:
要打开重新启用防火墙规则,请发出以下命令:
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
The final step was to quit the PowerShell session and RDC to the VM. Success!
最后一步是退出PowerShell会话和RDC到VM。 成功!
I hope this write-up helps other people as well. Thanks Seán for a great question and for sharing the screenshot of your experience!
我希望这篇文章也能对其他人有所帮助。 感谢Seán提出了一个很好的问题,并分享了您的使用体验的屏幕截图!
Sponsor: Thanks to Red Gate for sponsoring the feed this week! Check out a simpler way to deploy with Red Gate’s Deployment Manager. It can deploy your .NET apps, services, and databases in a single, repeatable process. Get your free Starter edition now.
赞助者:感谢Red Gate本周赞助了这个提要! 找出使用Red Gate的Deployment Manager进行部署的更简单方法。 它可以在一个可重复的过程中部署.NET应用程序,服务和数据库。 立即获取免费的简化版。
关于斯科特 (About Scott)
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.
斯科特·汉塞尔曼(Scott Hanselman)是前教授,前金融首席架构师,现在是演讲者,顾问,父亲,糖尿病患者和Microsoft员工。 他是一位失败的单口相声漫画家,一个玉米种植者和一本书的作者。