有没有办法使用powershell脚本设置“安全设置”->“本地策略”->“安全选项”
[英]Is there a way to set Security Settings“ -> ”Local Policies“ -> ”Security Options" using powershell script
问题描述
I searched it quite a bit but could not find an easy/straightforward working answer.
我搜索了很多,但找不到简单/直接的工作答案。
I want to update a "Security Option" on windows 10. Local Security Policy -> Local Policies -> Security Options via powershell script.我想在 Windows 10 上更新“安全选项”。本地安全策略 -> 本地策略 -> 通过 powershell 脚本的安全选项。 The PC is not part of any domain. PC 不属于任何域。 (it is a VM in Azure). (它是 Azure 中的 VM)。 Is there any cmdlet that will help in editing the values of enteries in "Security Options"是否有任何 cmdlet 可以帮助编辑“安全选项”中的输入值
1 个解决方案
解决方案1
0 2020-12-22 01:56:28
For the product I work on, it's imperative that the process is automated.对于我工作的产品,该过程必须自动化。 I built on @Muhammad Faizan-Ul-Haq's procedure, reading out the local policy INF file line by line, substituting updated rules and then writing the updated file back using Power Shell.我以@Muhammad Faizan-Ul-Haq 的程序为基础,逐行读出本地策略 INF 文件,替换更新的规则,然后使用 Power Shell 将更新的文件写回。
The code below could be made more generic, but does work on Windows 10.下面的代码可以变得更通用,但在 Windows 10 上确实有效。
$DefaultPolicyINF = "C:\Windows\INF\defltbase.inf"
$NewPolicyINF = "C:\Users\temp\NewPolicyFile.inf"
$SecureEdit = "C:\WINDOWS\SYSTEM32\SecEdit"
$BlockRemoteLogons = "SeDenyRemoteInteractiveLogonRight = RDP Logon Block"
New-Item $NewPolicyINF -type file
foreach( $line in [System.IO.File]::ReadLines( $DefaultPolicyINF ) )
{
if( $line.Contains( "SeDenyRemoteInteractiveLogonRight" ) )
{
Add-Content -Path $NewPolicyINF -Value $BlockRemoteLogons
}
else
{
Add-Content -Path $NewPolicyINF -Value $line
}
}
& $SecureEdit /configure /cfg $NewPolicyINF /db defltbase.sdb /verbose
if ( Test-Path $NewPolicyINF ) { Remove-Item $NewPolicyINF }
if ( Test-Path "defltbase.jfm" ) { Remove-Item "defltbase.jfm" }
if ( Test-Path "defltbase.sdb" ) { Remove-Item "defltbase.sdb" }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.