通过远程PowerShell在功能内写入事件日志
[英]Write-EventLog within Function over Remote PowerShell
问题描述
The environment: Server: Windows Server 2012 R2 with Remote PowerShell enabled. 
环境:服务器:启用了远程PowerShell的Windows Server 2012 R2。 Workstation: Windows 8.1 工作站:Windows 8.1
So I've created a PowerShell Module called MyModule.psm1 with the following function: 因此,我使用以下函数创建了一个名为MyModule.psm1的PowerShell模块:
Function CreateEvent() {
Write-EventLog –LogName ToolLog –Source “Schedule” –EntryType Information –EventID 13 –Message “There were users written to the database.”
}
I created a PSSessionConfigurationFile and then registered it with a configuration name of EventLogging, so that I can remote powershell via the following: 我创建了一个PSSessionConfigurationFile,然后使用EventLogging的配置名称注册了它,以便可以通过以下方式远程运行PowerShell:
$Creds = Get-Credential
$SessionOpts = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$Session = New-PSSession -ComputerName Server.Domain.Com -ConfigurationName EventLogging -Credential $Creds -UseSSL -SessionOption $SessionOpts
Import-PSSession $Session
Now, when I enter a Local Administrators credentials into the Get-Credential, I can run the function CreateEvent and everything works just fine. 现在,当我在Get-Credential中输入本地管理员凭据时,我可以运行CreateEvent函数,并且一切正常。 However, if I enter a Standard Local Users credentials, I get an error of: The registry key for the log "ToolLog" for source "Schedule" could not be opened. 但是,如果输入标准本地用户凭据,则会出现以下错误:无法打开源“计划”的日志“ ToolLog”的注册表项。
I replaced the Write-EventLog in the Function with: 我将Function中的Write-EventLog替换为:
$EventLog = new-object System.Diagnostics.EventLog("ToolLog");
$EventLog.MachineName = ".";
$EventLog.Source = "Schedule";
$EventLog.WriteEntry("There were users written to the database.", "Information", 15);
And I receive an error of: Exception calling "WriteEntry" with "3" argument(s): "Cannot open log for source 'Schedule'. You may not have write access." 并且我收到错误消息:带有“ 3”参数的异常调用“ WriteEntry”:“无法打开源“计划”的日志。您可能没有写访问权。”
If I log on to the server locally and Import the Module and try to run the function I get the same exact errors. 如果我在本地登录服务器并导入模块并尝试运行该功能,则会得到相同的确切错误。 I also cannot run the cmdlet of Write-EventLog by itself. 我也无法单独运行Write-EventLog的cmdlet。
From all of the information I found on the internet, I've give my local non-admin user write permissions to the event log. 根据我在Internet上找到的所有信息,我向本地非管理员用户授予了对事件日志的写权限。 Both through RegEdit and through NTFS on the actual Event Log file. 通过RegEdit和实际事件日志文件上的NTFS。
Any ideas? 有任何想法吗?
Thanks, Brian 谢谢,布莱恩
1 个解决方案
解决方案1
0 2014-08-28 23:07:14
It's my understanding that only Administrators can create new event logs. 据我了解,只有管理员才能创建新的事件日志。 I'm not sure if there is a way around this or not. 我不确定是否可以解决此问题。 I suggest adding the new event log on your server as an administrator ahead of time so that the event log is there before non-administrators try to write to it. 我建议提前以管理员身份在服务器上添加新的事件日志,以便在非管理员尝试写入事件日志之前就可以找到该事件日志。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.