堆栈内存溢出
  简体   繁体   English

PowerShell日志文件文件系统权限

[英]PowerShell log file file-sytem rights

 原文  2019-02-23 17:01:40       powershell/ file/ logging/ permissions/ rights

问题描述

I have written a function that writes log files for my scripts. 我编写了一个为脚本编写日志文件的函数。 The first time the function is used, it writes a log file in the directory and the name of the script. 第一次使用该功能时,它将在目录和脚本名称中写入一个日志文件。 Every subsequent run, log messages are attached to the file. 以后每次运行时,日志消息都将附加到该文件。

So far, so good. 到现在为止还挺好。 Against all odds, other people are starting to use my scripts now! 千方百计,其他人现在开始使用我的脚本! The scripts are mainly used by administrators with local admin rights on servers. 脚本主要由具有服务器本地管理员权限的管理员使用。 But they all get errors when writing to the log file. 但是它们在写入日志文件时都会出错。 To my understanding, when you access files with rights provided by the „Administrators“ group, you must be in elevated privilege mode. 据我了解,当您访问具有“管理员”组提供的权限的文件时,您必须处于提升特权模式。 But I don't want that. 但是我不想要那个。 I manually tried to assign modify to the „Users“ group, but then „Administrators“ seem to take precedence. 我手动尝试将修改分配给“用户”组,但随后“管理员”似乎优先。

Anyone any idea what rights to set (and/or to revoke) and how to achieve this in PowerShell? 任何人都知道在PowerShell中设置(和/或撤销)什么权限以及如何实现此权限?

1 个解决方案

解决方案1
 0  2019-02-23 17:48:22

As Ansgar Wiecher comments, you should probably look into using the Event Log service instead. 正如Ansgar Wiecher所说,您可能应该考虑使用事件日志服务。

With event logs, you only need elevated privileges the first time one of the scripts run, in order to create the log and register the event source, after that anyone can write to it: 使用事件日志,只有在其中一个脚本第一次运行时才需要提升的特权,以便创建日志并注册事件源,之后任何人都可以对其进行写入: 

function Write-MyLog {
  param(
    [Parameter(Mandatory = $true)]
    [string]$Message,

    [Parameter(Mandatory = $true)]
    [ValidateRange(1,65535)]
    [int]$EventId,

    [Parameter(Mandatory = $false)]
    [System.Diagnostics.EventLogEntryType]$EntryType = 'Information'
  )

  # Prepend PID and script path to message
  $PSBoundParameters['Message'] = '[{0}: {1}]{2}{3}' -f $PID,$MyInvocation.ScriptName,[Environment]::NewLine,$Message

  # Set event log target
  $PSBoundParameters['LogName'] = $logName   = 'LeosEvents'
  $PSBoundParameters['Source']  = $logSource = 'LeosScripts'

  if (-not (Get-WinEvent -ListLog $logName -ErrorAction SilentlyContinue)) {
    # Create event log and source if it doesn't exist already 
    # This is the only step that requires elevation, can be created via GPO if desired
    New-EventLog -LogName $logName -Source $logSource
  }

  # Write event log entry
  Write-EventLog @PSBoundParameters
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Powershell-Command 下载具有管理员权限的文件 - Powershell-Command to download a file with admin rights Powershell日志文件 - Powershell Log file powershell 写入日志文件 - powershell writing to a log file Powershell输出日志文件 - Powershell Outputting a Log File Powershell-日志文件 - Powershell - Log file 在Powershell中创建日志文件 - creating a log file in powershell 在 Powershell 中创建日志文件 - Create Log File in Powershell PowerShell日志文件处理 - PowerShell Log File Processing 在Powershell中创建日志文件 - Creating log file in powershell Powershell同步日志文件 - Log File Sync by Powershell
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM