如果我使用“gpresult /r /scope user”,我不需要针对不同 gpo 的特定规则,我可以查看哪些 GPO(安全组)处于活动状态。现在如何将其中一些活动 GPO 过滤到我的批处理文件中?这是我的 gpresult 结果的一部分:
De gebruiker is lid van de volgende beveiligingsgroepen
Domain Users
Iedereen
SophosAdministrator
SophosUser
BUILTIN\Administrators
Gebruikers
INTERACTIEF
AANMELDEN OP DE CONSOLE
Geverifieerde gebruikers
Deze organisatie
LOKAAL
Iedereen
GS_08_cv's
Tekenkamer
GS_03_verslagen_openbaar
GS_07_overeenkomsten
GS_01_facturen
GS_04_Functieprofielen
GS_00_documenten
AEC
GS_02_functioneringsgesprekken
GS_06_offertes
GS_05_Arbeidsovereenkomsten
GS_09_ aanbevelingsbrieven
GS_03_verslagen_beperkt
Systeembeheer
Hoog verplicht niveau
我知道我可以使用 findstr 搜索特定名称(字符串?),即
gpresult /r /scope user | findstr /L /i "SysteemBeheer" > nul 2>&1
REM *alternative* gpresult /r /scope user | FIND /i "SysteemBeheer" > nul 2>&1
IF %ERRORLEVEL% EQU 0 (ECHO Sys.Beheer) ELSE ECHO NO.sys.beheer
但是我怎样才能改变它以便读取多行呢?
即(例如借用一些代码)
systeminfo | find "Microsoft Windows" > %TEMP%\osname.txt
FOR /F "usebackq delims=: tokens=2" %%i IN (%TEMP%\osname.txt) DO set vers=%%i
echo %vers% | find "Windows 7" > nul
if %ERRORLEVEL% == 0 goto ver_7
echo %vers% | find "Windows Server 2008" > nul
if %ERRORLEVEL% == 0 goto ver_2008
echo %vers% | find "Windows Vista" > nul
if %ERRORLEVEL% == 0 goto ver_vista
goto warnthenexit
我的意思是这确实搜索了多个变量,我希望一些人如何从 gpresult 函数中找到多个安全组(GPO)(或者可能是更好的方法?)
我希望它做这样的事情,如果 systeembeheer 存在 do blaat1 , 如果 aec 存在 do blaat2 , 如果 tekenkamer 存在 do blaat3 ,但是可以存在多个 GPO 所以如果上述之一确实存在,则脚本/搜索不能停止,它仍然需要查看其他人是否也存在。
***也许有点像这样?
@echo off
CLS
setlocal enabledelayedexpansion
for %%i in (systeembeheer tekenkamer aec) do (
gpresult /r /scope user | findstr /L /i %%i
if errorlevel 0 if not errorlevel 1 echo %%i ok process found !errorlevel!
if errorlevel 1 if not errorlevel 2 echo %%i no process found !errorlevel!
)
:exit
pause
并稍微改变了它:
@ECHO OFF
CLS
SETLOCAL ENABLEEXTENSIONS
SETLOCAL ENABLEDELAYEDEXPANSION
for %%i in (SysteemBeheer Administratie PersoneelsZaken TeamPlan) do (
gpresult /r /scope user | findstr /L /i %%i > nul 2>&1
if errorlevel 0 if not errorlevel 1 Set "GPO_%%i=True"
if errorlevel 1 if not errorlevel 2 Set "GPO_%%i=False"
REM if errorlevel 0 if not errorlevel 1 echo %%i ok process found !errorlevel! *debug lines*
REM if errorlevel 1 if not errorlevel 2 echo %%i no process found !errorlevel! *debug lines*
)
if "%GPO_systeemBeheer%" == "True" (Echo GPO_SysteemBeheer=%GPO_systeemBeheer%) else Echo GPO_SysteemBeheer Not Found!
if "%GPO_Administratie%" == "True" (Echo GPO_Administratie=%GPO_Administratie%) else Echo GPO_Administratie Not Found!
if "%GPO_PersoneelsZaken%" == "True" (Echo GPO_PersoneelsZaken=%GPO_PersoneelsZaken%) else Echo GPO_PersoneelsZaken Not Found!
if "%GPO_TeamPlan%" == "True" (Echo GPO_TeamPlan=%GPO_TeamPlan%) else Echo GPO_TeamPlan Not Found!
:exit
echo.
echo.
PAUSE
这似乎确实符合我的要求,但我不确定这是最好的方法还是正确的方法???