[英]Ask user to input user name when running a powershell or command line
I'm trying to create a command to add a domain user to the local administrator group.我正在尝试创建一个命令来将域用户添加到本地管理员组。 I already have the command to do it:
我已经有了执行此操作的命令:
Add-LocalGroupMember -Group "Administrators" -Member domain\user
or或者
net localgroup Administrators Domain\user /add
But I need to ask the user to insert him credentials when run the script.但是我需要要求用户在运行脚本时插入他的凭据。 How do I do this?
我该怎么做呢?
Get-Credential
is what you want: Get-Credential
是你想要的:
$cred = Get-Credential
This will prompt the user to enter their username and password in a secure fashion.这将提示用户以安全的方式输入他们的用户名和密码。 However...
然而...
You can't add a user to a group you aren't a member of, or at least have permissions delegated to manage members of that group (such as local Administrators).您不能将用户添加到您不是其成员的组中,或者至少不能委派权限来管理该组的成员(例如本地管理员)。 If the running user could do this already, entering their credentials wouldn't be required.
如果正在运行的用户已经可以执行此操作,则不需要输入他们的凭据。
If the running user were already in Administrators
, you would not need this either, just provide the target principal name (since adding yourself to the Administrators group requires that you already be in Administrators
) and make sure your session is elevated.如果正在运行的用户已经在
Administrators
中,则您也不需要它,只需提供目标主体名称(因为将您自己添加到 Administrators 组需要您已经在Administrators
中)并确保您的 session 已提升。
Honestly, just use a Restricted Groups GPO to control domain users and their local group status.老实说,只需使用受限组 GPO 来控制域用户及其本地组状态。 You don't want local users able to manage their local admin group in most situations anyways.
无论如何,您不希望本地用户在大多数情况下都能够管理他们的本地管理员组。 If someone does change the membership, the change will gracefully revert on the next
gpupdate
interval.如果有人确实更改了成员资格,该更改将在下一个
gpupdate
时间间隔内正常恢复。
You can use:您可以使用:
$Credentials = Get-Credential
It will give you windows login window.它会给你 windows 登录 window。
Also there is a way to extract that data like this:还有一种方法可以像这样提取数据:
$Credentials = Get-Credential
$Credentials.Password | ConvertFrom-SecureString | Set-Content C:\test\password.txt
$Username = $Credentials.Username
$Password = Get-Content “C:\test\password.txt” | ConvertTo-SecureString
$Credentials = New-Object System.Management.Automation.PSCredential $Username,$Password
There is more in here:这里还有更多:
https://sysadminguides.org/2017/05/02/how-to-pass-credentials-in-powershell/ https://sysadminguides.org/2017/05/02/how-to-pass-credentials-in-powershell/
Hope it helps;-)希望能帮助到你;-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.