[英]Difference between runas.exe and Start-Process -Credential
I am playing around with setting up some scripts on a vpn on a client's network. 我正在玩在客户端网络上的vpn上设置一些脚本。 This client generally assigns an ActiveDirectory account on their network and use it to manage permissions (eg. to databases).
此客户端通常在其网络上分配ActiveDirectory帐户,并使用它来管理权限(例如,数据库)。 Ok, that makes sense.
好的,这是有道理的。
But here is something that confuses me: 但这有些令我困惑的事情:
start-process runas.exe "/user:CLIENTDOMAIN\George.Mauer /netonly W:\tools\LINQPad4\LINQPad.exe
queries for a password and runs just fine (and I can access the database) 查询密码并运行正常(我可以访问数据库)
But 但
Start-Process W:\tools\LINQPad4\LINQPad.exe -Credential (Get-Credential)
and entering CLIENTDOMAIN\\George.Mauer
and my password at the popup prompt always results in an error 并在弹出提示符下输入
CLIENTDOMAIN\\George.Mauer
和我的密码总是会导致错误
Start-Process : This command cannot be run due to the error: The user name or password is incorrect.
Are these not the same thing? 这些不一样吗? What's the difference between
runas
and -Credential
? runas
和-Credential
之间有什么区别? And a secondary question - how do I Start-Job
with my CLIENTDOMAIN\\George.Mauer
credential? 第二个问题 - 如何使用
CLIENTDOMAIN\\George.Mauer
凭证Start-Job
?
/netonly
runs the process as the current user and only network connections are made with the other credentials. /netonly
以当前用户身份运行该进程,并且仅与其他凭据建立网络连接。
Start-Process
will run the process (and all its network connections) with the other credentials. Start-Process
将使用其他凭据运行进程(及其所有网络连接)。 There's no way to achieve the /NETONLY
functionality with Start-Process
. 使用
Start-Process
无法实现/NETONLY
功能。
You'd have to p/invoke the Win32 API to achieve /NETONLY functionality. 您必须p / invoke Win32 API才能实现/ NETONLY功能。 If you're up for the exercise this is the API you'll need to use
LOGON_NETCREDENTIALS_ONLY
with: 如果您
LOGON_NETCREDENTIALS_ONLY
练习,那么您需要使用LOGON_NETCREDENTIALS_ONLY
:
http://www.pinvoke.net/default.aspx/advapi32/createprocesswithlogonw.html http://www.pinvoke.net/default.aspx/advapi32/createprocesswithlogonw.html
More resources: 更多资源:
LOGON_NETCREDENTIALS_ONLY
LOGON_NETCREDENTIALS_ONLY
示例代码 To run a job as a different user: 以不同用户身份运行作业:
Start-Job -ScriptBlock {whoami} -Credential (get-credential) | Wait-Job | Receive-Job
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.