[英]How can I run powershell script that uses both local & elevated permissions?
[英]How can I start a batch script with elevated permissions remotely with powershell
我正在编写一个脚本,该脚本需要在多台远程计算机上运行批处理。 该批处理脚本需要以Domain Admin特权运行。
甚至可以使用Invoke-Command
cmdlet实现此目的吗?
我已经在远程计算机上启用了WinRM,所以我认为这不是问题。
$computername = Read-Host "Enter Hostname"
$user = "mydomain\administrator"
$pwd = Read-Host "Enter Password" -AsSecureString
$cred = New-Object System.Management.Automation.PSCredential ("$user", $pwd)
Invoke-Command -ComputerName $computername -Credential $cred -ScriptBlock {
$remoteuser = "mydomain\administrator"
$remotepwd = Read-Host "Enter Password" -AsSecureString
$remotecred = New-Object System.Management.Automation.PSCredential ("$remoteuser", $remotepwd)
$script = "\\path_to_script\script.bat"
Start-Process $script -Credential $cred1
}
我希望该脚本在远程计算机上的域管理员凭据下运行。 相反,我得到这个错误:
CategoryInfo:未指定:(:) [Start-Process],UnauthorizedAccessException FullyQualifiedErrorId:System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.StartProcessCommand PSComputerName:mycomputername
您的$cred1
变量不存在,应该被$remotecred
:
Start-Process $script -Credential $remotecred
变量名$pwd
保留用于“打印工作目录”。
您可以通过运行新的powershell控制台并对其进行查询来看到此信息,您将获得当前工作目录的值:
PS C:\WINDOWS\system32> $pwd
Path
----
C:\WINDOWS\system32
请改用$pass
类的东西。
我还将调用CMD
并使用/c
( 文档链接 )传递您的批处理文件:
Start-Process CMD -ArgumentList "/c $script" -Credential $remotecred
将所有这些付诸实践:
$computername = Read-Host "Enter Hostname"
$user = "mydomain\administrator"
$pass = Read-Host "Enter Password" -AsSecureString
$cred = New-Object System.Management.Automation.PSCredential ($user, $pass)
Invoke-Command -ComputerName $computername -Credential $cred -ScriptBlock {
$remoteuser = "mydomain\administrator"
$remotepwd = Read-Host "Enter Password" -AsSecureString
$remotecred = New-Object System.Management.Automation.PSCredential ("$remoteuser", $remotepwd)
$script = "\\path_to_script\script.bat"
Start-Process CMD -ArgumentList "/c $script" -Credential $remotecred
}
如果您实际上使用与启动批处理文件相同的凭据来进行远程会话,则不需要第二组凭据。
当远程会话以mydomain\\administrator
身份运行时,它产生的任何进程也将以该用户身份运行:
$computername = Read-Host "Enter Hostname"
$user = "mydomain\administrator"
$pass = Read-Host "Enter Password" -AsSecureString
$cred = New-Object System.Management.Automation.PSCredential ($user, $pass)
Invoke-Command -ComputerName $computername -ScriptBlock {
$script = "\\path_to_script\script.bat"
Start-Process CMD -ArgumentList "/c $script"
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.