使用Powershell进行远程处理，然后执行一组命令

Question

The idea behind this script is to make it easy for our jr. admins to login, have the specified files copied automatically so they can perform their work and then execute an "exiting" script that will return the contents to the original location. It just happens that these files are for local group policies, please ignore that fact for now as that is an entirely different conversation. I have the remote login portion down, I just can't figure out how to make the set of commands that follow execute on the remote machine. Any help would be appreciated!

    [string]$username = [Environment]::UserName
    $errorlog_path = "c:\Users\" + $username + \Desktop\GPOLogonErrors.txt"

    ####Prompt User for name of the machine#####
    [string]$remote_computer = Read-Host 'Enter the name of the PC you want to connect to'




    <# Check to see if the requested machine is available for remote connections,lines  15-57 will execute if the test returns true otherwise if false is returned lines 62-77 will execute#>
    if (Test-WSMan -ErrorAction SilentlyContinue $remote_computer)
    {
    ####Begins remote session based on NETBIOS name entered####
    $remote_session = Enter-PSSession -ComputerName $remote_computer



        <# Start of section to create a new directory on the desktop,
        copy over existing local GPOs then remove the original files #>

        #####Make a new directory in C:\Users\Administrator\Desktop####
        $newdir_func = New-Item -Force C:\Users\Administrator\Desktop\GroupPolicy -ItemType directory

        <# Test that the variable $new_dir_func completed properly and if so 
        execute the command to copy the local GPOs #>
        if ($newdir_func -ne $null)
        {
            $copy_func = Copy-Item -Force C:\Windows\System32\GroupPolicy\* C:\Users\Administrator\Desktop\GroupPolicy
                 if ($Copy_func -ne $null)
                 {

                    <#Removes original copies#>
                    $remove_func = Remove-Item -Force C:\Windows\System32\GroupPolicy
                     <# Tests the removal of the original GPO files #>
                    if ($remove_func -eq $null) {
                    echo "The original GPO files were not removed, please check manually"
                    }
                    else{
                    echo "The script has run properly, please perform the necessary work and reinstall the GPOs"
                    }
                 else {
                 <# Report if there is an error at this step #>
                      echo "The original GPOs were probably not copied to the desktop, please perform a manual check"
                      }
                 }
        }
        else{
            echo "The GroupPolicy directory was not created on the desktop."
            }
        <#Nested if statements to check for completion of the variable $copy_func #>
        }


}




else {
    ####Report if the machine is not available for connection, then attempt to ping it####
    echo "The machine you requested is not available, double checking now to see if it is responding to traffic"
    $test_connection = Test-Connection -Quiet -ComputerName $remote_computer
        if ( $test_connection -eq $false){
             tracert $remote_computer >> $errorlog_path 
             echo "The requested machine has not responded. Please be sure that you have correctly spelt the 
                   name of the machine. An error log showing the traceroute has also been generated on your desktop 
                   for analysis GPOLogonErrors.txt"  
                                          }
        else{
            echo "The machine has not responded please be sure that remote management with Powershell 
                  is enabled and that you have correctly typed the name of the machine."

            }
     }

Answer 1

Well, here's a show stopper for scripting:

Enter-PSSession -ComputerName $remote_computer

Enter-PSSession should only ever be used interactively at the console. In a script, you should new up a PSSession and use that with Invoke-Command eg:

$session = New-PSSession $remote_computer
Invoke-Command -Session $session -ScriptBlock { ..your script here ...}
Remove-PSSession $session

Note that any parameters that the script requires, need to be passed in explicity eg:

Invoke-Command -Session $session -ScriptBlock {param($name) ..your script here ...} -Arg 'A Name'

Your script is complex enough that I would put the "remote execution" bits in a file say remote.ps1 and then pass that to the remote computer for execution eg:

Invoke-Command -Session $session -FilePath .\remote.ps1

The cool thing about this approach is that PowerShell will get the contents of the "local" script file and send it to the remote computer where it is executed. That way, you don't have to worry about deploying the script to the remote computers or dealing with second hop issues because the script is on a network share.