如果没有至少手动登录一次,则无法远程获取计算机的组策略
[英]Unable to get group policy for machine, remotely, without having logged in manually at least once
问题描述
I have written a C# desktop application, using System.Management.Automation, that remotes over to machines in our network and does diagnostics to make sure that they are all configured per our organization's policies. 
我已经使用System.Management.Automation编写了一个C#桌面应用程序,该应用程序可以远程访问我们网络中的计算机,并进行诊断以确保它们均根据组织的策略进行了配置。
PSCredential Credentials = new PSCredential(Username, Password);
WSManConnectionInfo ThisConnection = new WSManConnectionInfo(false, ThisSystem.IpName, 5985, "/wsman",
"http://schemas.microsoft.com/powershell/Microsoft.PowerShell", Credentials);
using (Runspace ThisRunspace = RunspaceFactory.CreateRunspace(ThisConnection))
{
ThisRunspace.Open();
using (PowerShell ThisShell = PowerShell.Create())
{
ThisShell.Runspace = ThisRunspace;
To get the banner, which is in the group policy, it does the following code to execute the powershell command 要获取组策略中的标题,它将执行以下代码以执行powershell命令
ThisShell.Commands.Clear();
ThisShell.AddScript("echo N | gpupdate /force");
ThisShell.AddScript("gpresult /h c:\\Windows\\Temp\\gpdata.html /F");
ThisShell.AddScript("type c:\\Windows\\Temp\\gpdata.html");
List<String> GroupPolicy = ThisShell.Invoke().Select(x => x.ToString()).ToList();
Which should create that html file with the group policy data for that machine. 哪个应使用该计算机的组策略数据创建该html文件。 And it does, as long as I have manually logged into that machine, with the same credentials. 只要我已经使用相同的凭据手动登录到该计算机,它就可以。 If I have not, I get nothing. 如果没有,我什么也得不到。 I run other powershell commands just like this and get the results just fine, but for some reason this command for getting the group policy will only work for machines where I have logged in manually (using remote desktop) at least once, and with thousands of servers to check, this is not an option. 我像这样运行其他powershell命令并获得了很好的结果,但是由于某种原因,该用于获取组策略的命令仅适用于我手动登录(使用远程桌面)至少一次且有数千次登录的计算机。服务器进行检查,这不是一个选择。
I thought it might be that logging in manually created the home folder for the admin account I am using, but that can't be because I am getting the results of other powershell commands that I piped to files. 我认为可能是登录时为我正在使用的admin帐户手动创建了主文件夹,但这不能是因为我正在获取通过管道传输到文件的其他powershell命令的结果。 I thought it might be that logging in manually updated the group policy on that machine, but that also cannot be, I think, because I added the gpupdate /force , and it made no difference. 我认为可能是在该计算机上手动更新了组策略,但是我认为那也不可能,因为我添加了gpupdate /force ,这没有什么区别。
Any clues? 有什么线索吗?
1 个解决方案
解决方案1
3 已采纳 2019-05-07 22:53:31
From the documentation for gpresult : 从gpresult的文档中 :
Because you can apply overlapping policy settings to any computer or user, the Group Policy feature generates a resulting set of policy settings when the user logs on. gpresult displays the resulting set of policy settings that were enforced on the computer for the specified user when the user logged on.
Since you are talking about enforcing policy on servers, which should not be expected to normally have a user logged in, perhaps you can try adding the /scope computer option to get just the machine policies, which should always be available. 由于您正在谈论在服务器上强制执行策略,通常不应期望该策略使用户登录,因此您可以尝试添加/scope computer选项以仅获取机器策略,该策略应始终可用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.