stackoom
  简体   繁体   中英

Difference between a local admin account and a user with admin privileges. for encryption GPO Bitlocker

 原文  2022-05-30 10:22:25       powershell/ gpo/ bitlocker

Question

I would like to know exactly what is the difference between an administrator account and a user with administrator privileges ? I ask you this because when I run a script by GPO as an Administrator, the scrpit works but when I run the GPO with a user account of the domain that has administrator privileges, the script does not run.

Here is the script with the administrator account:

$username = 'labo\Administrator'
$password = 'Qzerty13.'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword

$Command =
{
        if ((get-tpm).TpmPresent -eq $True ) # test if puce tpm present
        { 
             write-host "Puce tpm présente"
            if ((get-tpm).TpmReady -eq $True) # test if puce tpm ready
            {
             write-host "Puce tpm prête"
                if((Get-BitLockerVolume -MountPoint $env:SystemDrive).VolumeStatus -eq "FullyDecrypted") # test the disk is not encrypted
                {
                 write-host "Unencrypted disk"
                 Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -TpmProtector
                 Enable-BitLocker -MountPoint $env:SystemDrive -RecoveryPasswordProtector -SkipHardwareTest
                 write-host "Disk Encryption with TPM"
                }
            }
        }
}


  Start-Process powershell.exe -Credential $Credential -ArgumentList "-NoExit -Command & {$($Command -replace '"', '\"')} -ExecutionPolicy Bypass"

When I run this script through a gpo, it works, but when I want to change the admin account by putting a user account that has admin privileges, it doesn't start.

here is the error message when I wish to run the script with a user account with administration privileges:

Start-Process : Impossible d’exécuter cette commande en raison de l’erreur : Nom de répertoire non valide.
Au caractère C:\Users\testeur\Desktop\tpm 30_05_2022.ps1:26 : 3
+   Start-Process powershell.exe -Credential $Credential -ArgumentList  ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation : (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Can you enlighten me on that, please. my best regards. Nordine

1 answers

solution1
 0  2022-05-30 10:30:50

尝试将RunAs选项添加到您的 Start-Process

Start-Process powershell.exe -Verb RunAs -ArgumentList "-NoExit -Command & {$($Command -replace '"', '\"')} -ExecutionPolicy Bypass"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Install as local admin user Universal test for Admin privileges How to create a local admin account in powershell studio Setting custom shell with admin privileges How to add user to local admin group in Powershell? Invisible powershell script to create local admin account with secured password Find computers with a specific user in local admin group PowerShell Access Denied only for Local user who is also Admin but not for domain user who is local admin Bitlocker: Encrypted all computers by cmd and GPO Revove local admin but NOT Domain admin
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM