[英]Difference between a local admin account and a user with admin privileges. for encryption GPO Bitlocker
I would like to know exactly what is the difference between an administrator account and a user with administrator privileges ?我想确切地知道管理员帐户和具有管理员权限的用户之间有什么区别? I ask you this because when I run a script by GPO as an Administrator, the scrpit works but when I run the GPO with a user account of the domain that has administrator privileges, the script does not run.
我问你这个是因为当我以管理员身份通过 GPO 运行脚本时,脚本可以工作,但是当我使用具有管理员权限的域的用户帐户运行 GPO 时,脚本不会运行。
Here is the script with the administrator account:这是管理员帐户的脚本:
$username = 'labo\Administrator'
$password = 'Qzerty13.'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
$Command =
{
if ((get-tpm).TpmPresent -eq $True ) # test if puce tpm present
{
write-host "Puce tpm présente"
if ((get-tpm).TpmReady -eq $True) # test if puce tpm ready
{
write-host "Puce tpm prête"
if((Get-BitLockerVolume -MountPoint $env:SystemDrive).VolumeStatus -eq "FullyDecrypted") # test the disk is not encrypted
{
write-host "Unencrypted disk"
Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -TpmProtector
Enable-BitLocker -MountPoint $env:SystemDrive -RecoveryPasswordProtector -SkipHardwareTest
write-host "Disk Encryption with TPM"
}
}
}
}
Start-Process powershell.exe -Credential $Credential -ArgumentList "-NoExit -Command & {$($Command -replace '"', '\"')} -ExecutionPolicy Bypass"
When I run this script through a gpo, it works, but when I want to change the admin account by putting a user account that has admin privileges, it doesn't start.当我通过 gpo 运行此脚本时,它可以工作,但是当我想通过放置具有管理员权限的用户帐户来更改管理员帐户时,它不会启动。
here is the error message when I wish to run the script with a user account with administration privileges:这是我希望使用具有管理权限的用户帐户运行脚本时的错误消息:
Start-Process : Impossible d’exécuter cette commande en raison de l’erreur : Nom de répertoire non valide.
Au caractère C:\Users\testeur\Desktop\tpm 30_05_2022.ps1:26 : 3
+ Start-Process powershell.exe -Credential $Credential -ArgumentList ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation : (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
Can you enlighten me on that, please.你能告诉我吗,拜托。 my best regards.
我最诚挚的问候。 Nordine
诺丁
尝试将RunAs
选项添加到您的 Start-Process
Start-Process powershell.exe -Verb RunAs -ArgumentList "-NoExit -Command & {$($Command -replace '"', '\"')} -ExecutionPolicy Bypass"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.