使用 PowerShell 为 Azure 云服务中的角色启用远程桌面连接Enable Remote Desktop Connection for a Role in Azure Cloud Services using PowerShell

可以通过远程桌面访问在 Azure 中运行的角色的桌面。Remote Desktop enables you to access the desktop of a role running in Azure. 可以使用远程桌面连接,在应用程序正在运行时排查和诊断其问题。You can use a Remote Desktop connection to troubleshoot and diagnose problems with your application while it is running.

本文介绍如何使用 PowerShell 在云服务角色上启用远程桌面。This article describes how to enable remote desktop on your Cloud Service Roles using PowerShell. 有关本文所需的先决条件,请参阅如何安装和配置 Azure PowerShellSee How to install and configure Azure PowerShell for the prerequisites needed for this article. PowerShell 使用远程桌面扩展,使用户能够在部署应用程序后启用远程桌面。PowerShell utilizes the Remote Desktop Extension so you can enable Remote Desktop after the application is deployed.

从 PowerShell 配置远程桌面Configure Remote Desktop from PowerShell

使用 Set-AzureServiceRemoteDesktopExtension cmdlet 可以在云服务部署的指定角色或所有角色上启用远程桌面。The Set-AzureServiceRemoteDesktopExtension cmdlet allows you to enable Remote Desktop on specified roles or all roles of your cloud service deployment. 该 cmdlet 允许通过接受 PSCredential 对象的 Credential 参数为远程桌面用户指定用户名和密码。The cmdlet lets you specify the Username and Password for the remote desktop user through the Credential parameter that accepts a PSCredential object.

如果以交互方式使用 PowerShell,可以通过调用 Get-Credentials cmdlet 轻松设置 PSCredential 对象。If you are using PowerShell interactively, you can easily set the PSCredential object by calling the Get-Credentials cmdlet.

$remoteusercredentials = Get-Credential

此命令显示一个对话框,用于以安全方式为远程用户输入用户名和密码。This command displays a dialog box allowing you to enter the username and password for the remote user in a secure manner.

由于 PowerShell 有助于实现自动化方案,因此还可以通过无需用户交互的方式设置 PSCredential 对象。Since PowerShell helps in automation scenarios, you can also set up the PSCredential object in a way that doesn't require user interaction. 为此,需要设置一个安全密码。First, you need to set up a secure password. 首先指定纯文本密码,并使用 ConvertTo-SecureString将其转换为安全字符串。You begin with specifying a plain text password convert it to a secure string using ConvertTo-SecureString. 接下来,需要使用 ConvertFrom-SecureString 将此安全字符串转换为加密的标准字符串。Next you need to convert this secure string into an encrypted standard string using ConvertFrom-SecureString. 现在,可以使用 Set-Content将此加密的标准字符串保存到文件。Now you can save this encrypted standard string to a file using Set-Content.

还可以创建安全密码文件,这样就不需要每次都键入密码。You can also create a secure password file so that you don't have to type in the password every time. 此外,安全密码文件比纯文本文件安全。Also, a secure password file is better than a plain text file. 使用以下 PowerShell 创建安全密码文件:Use the following PowerShell to create a secure password file:

ConvertTo-SecureString -String "Password123" -AsPlainText -Force | ConvertFrom-SecureString | Set-Content "password.txt"

Important

设置密码时请确保满足复杂性要求

要从安全密码文件创建凭据对象,你必须读取该文件的内容并使用 ConvertTo-SecureString 将其转换回安全字符串。To create the credential object from the secure password file, you must read the file contents and convert them back to a secure string using ConvertTo-SecureString.

Set-AzureServiceRemoteDesktopExtension cmdlet 还接受 Expiration 参数,用以指定用户帐户过期的日期时间The Set-AzureServiceRemoteDesktopExtension cmdlet also accepts an Expiration parameter, which specifies a DateTime at which the user account expires. 例如,可以将帐户设置为在当前日期和时间的几天后过期。For example, you could set the account to expire a few days from the current date and time.

以下 PowerShell 示例显示如何在云服务上设置远程桌面扩展:This PowerShell example shows you how to set the Remote Desktop Extension on a cloud service:

$servicename = "cloudservice"
$username = "RemoteDesktopUser"
$securepassword = Get-Content -Path "password.txt" | ConvertTo-SecureString
$expiry = $(Get-Date).AddDays(1)
$credential = New-Object System.Management.Automation.PSCredential $username,$securepassword
Set-AzureServiceRemoteDesktopExtension -ServiceName $servicename -Credential $credential -Expiration $expiry

还可以选择指定要启用远程桌面的部署槽和角色。You can also optionally specify the deployment slot and roles that you want to enable remote desktop on. 如果未指定这些参数,该 cmdlet 将对生产部署槽中的所有角色启用远程桌面。If these parameters are not specified, the cmdlet enables remote desktop on all roles in the Production deployment slot.

远程桌面扩展与部署相关联。The Remote Desktop extension is associated with a deployment. 如果为服务创建新部署,必须对该部署启用远程桌面。If you create a new deployment for the service, you have to enable remote desktop on that deployment. 要始终启用远程桌面,应考虑将 PowerShell 脚本集成到部署工作流中。If you always want to have remote desktop enabled, then you should consider integrating the PowerShell scripts into your deployment workflow.

通过远程桌面连接到角色实例Remote Desktop into a role instance

使用 Get-AzureRemoteDesktopFile cmdlet 通过远程桌面连接到云服务的特定角色实例。The Get-AzureRemoteDesktopFile cmdlet is used to remote desktop into a specific role instance of your cloud service. 可以使用 LocalPath 参数将 RDP 文件下载到本地。You can use the LocalPath parameter to download the RDP file locally. 也可以使用 Launch 参数直接启动“远程桌面连接”对话框来访问云服务角色实例。Or you can use the Launch parameter to directly launch the Remote Desktop Connection dialog to access the cloud service role instance.

Get-AzureRemoteDesktopFile -ServiceName $servicename -Name "WorkerRole1_IN_0" -Launch

检查是否已在服务上启用远程桌面扩展Check if Remote Desktop extension is enabled on a service

Get-AzureServiceRemoteDesktopExtension cmdlet 显示是对服务部署启用还是禁用了远程桌面。The Get-AzureServiceRemoteDesktopExtension cmdlet displays that remote desktop is enabled or disabled on a service deployment. 该 cmdlet 返回启用了远程桌面扩展的远程桌面用户和角色的用户名。The cmdlet returns the username for the remote desktop user and the roles that the remote desktop extension is enabled for. 默认情况下,这种情况发生在部署槽上,可以选择改用过渡槽。By default, this happens on the deployment slot and you can choose to use the staging slot instead.

Get-AzureServiceRemoteDesktopExtension -ServiceName $servicename

从服务中删除远程桌面扩展Remove Remote Desktop extension from a service

如果已对部署启用远程桌面扩展并需要更新远程桌面设置,请先删除该扩展。If you have already enabled the remote desktop extension on a deployment, and need to update the remote desktop settings, first remove the extension. 然后使用新设置将它重新启用。And enable it again with the new settings. 例如,要为远程用户帐户或已过期的帐户设置新密码。For example, if you want to set a new password for the remote user account, or the account expired. 在这种情况下,需要在已启用远程桌面扩展的现有部署上执行此操作。Doing this is required on existing deployments that have the remote desktop extension enabled. 对于新部署,只需直接应用该扩展。For new deployments, you can simply apply the extension directly.

若要从部署中删除远程桌面扩展,可以使用 Remove-AzureServiceRemoteDesktopExtension cmdlet。To remove the remote desktop extension from the deployment, you can use the Remove-AzureServiceRemoteDesktopExtension cmdlet. 还可以选择指定要从中删除远程桌面扩展的部署槽和角色。You can also optionally specify the deployment slot and role from which you want to remove the remote desktop extension.

Remove-AzureServiceRemoteDesktopExtension -ServiceName $servicename -UninstallConfiguration

Note

若要完全删除扩展配置,应结合 UninstallConfiguration 参数调用 remove cmdlet。

UninstallConfiguration 参数卸载已应用到服务的任何扩展配置。 每个扩展配置与服务配置相关联。 如果在未指定 UninstallConfiguration 的情况下调用 remove cmdlet,将取消部署与扩展配置之间的关联,因此会实际删除扩展。 但是,扩展配置仍与服务保持关联。

其他资源Additional resources

如何配置云服务How to Configure Cloud Services