在 Windows 中,NT 权限/系统能否以另一个用户身份运行 powershell 脚本
[英]In Windows, can NT Authority/System run a powershell script as another user
问题描述
I am running a powershell script remotely via an agent.
我正在通过代理远程运行 powershell 脚本。 The agent on the machine runs the powershell script as "NT Authority/SYSTEM" but I want to the switch to another user on the system and run the powershell script.机器上的代理将 powershell 脚本作为“NT Authority/SYSTEM”运行,但我想切换到系统上的另一个用户并运行 powershell 脚本。
Below is the code that I used to switch to "Administrator" account but I am getting permission denied error.下面是我用来切换到“管理员”帐户的代码,但我收到权限被拒绝错误。
$username = "domainname\administrator"
$pw = "XXXXXXXX"
$password = $pw | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList $username,$password
Start-Process Powershell.exe -Credential $cred -ArgumentList '-noexit','-File', ' C:\Users\Administrator\test.ps1'
Below is the error I am getting.
Start-Process : This command cannot be run due to the error: Access is denied.
2 个解决方案
解决方案1
0 2021-03-08 09:49:57
Try using invoke-command like below尝试使用如下所示的调用命令
$remoteSession=New-PSSession RemoteComputername -credential $credential1
Invoke-Command -session $remoteSession -scriptblock {
$newcredential = New-Object System.Management.Automation.PsCredential("domain\myuser", (ConvertTo-SecureString "password" -AsPlainText -Force))
Start-Process powershell.exe -Credential $newcredential ArgumentList '-noexit','-File', ' C:\Users\Administrator\test.ps1'
}
References:参考:
https://community.idera.com/database-tools/powershell/ask_the_experts/f/powershell_remoting-24/14483/runas-a-different-user-on-a-remote-server https://community.idera.com/database-tools/powershell/ask_the_experts/f/powershell_remoting-24/14483/runas-a-different-user-on-a-remote-server
解决方案2
0 2022-06-08 16:27:20
I had the exact same issue while trying to launch a powershell script on my Windows 10 guest from a Linux host, through qemu-guest-agent.我在尝试通过 qemu-guest-agent 在 Linux 主机上的 Windows 10 来宾上启动 powershell 脚本时遇到了完全相同的问题。
Part of what my script did was launching a desktop software and interacting with its gui.我的脚本所做的部分工作是启动一个桌面软件并与它的 gui 交互。
My problem was solved using PsExec.使用 PsExec 解决了我的问题。
My agent command:我的代理命令:
virsh -c qemu:///system qemu-agent-command my_domain \
'{"execute": "guest-exec", "arguments": { "path": "cmd.exe", "arg": [ "/c", "c:\\path\\to\\my_psexec_script.cmd" ], "capture-output": true }}'
My PsExec script, in the cmd file:我的 PsExec 脚本,在 cmd 文件中:
C:\path\to\PsExec.exe -accepteula \\DESKTOP-NAME -u user -p password -i sessionid powershell.exe -File C:\path\to\powershell_script.ps1
This is not a secure solution since the password is stored within the script.这不是一个安全的解决方案,因为密码存储在脚本中。
To get the session id of the user of your choice, use the following command:要获取您选择的用户的 session id,请使用以下命令:
query session
The reason I used an intermediary script to launch PsExec was simply because it was easier to do so on my guest rather than entering all the arguments from my agent.我使用中间脚本启动 PsExec 的原因仅仅是因为在我的客人上这样做比从我的代理输入所有 arguments 更容易。
I based my solution on this post我的解决方案基于这篇文章
It was also important that my script executed in the foreground.我的脚本在前台执行也很重要。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.