0

好的,我了解创建加密凭据并将其存储在 powershell 脚本中的概念

Powershell如何加密连接字符串到数据库

但是,当第三方程序自动调用 powershell 脚本时,如何使用提升的凭据运行它?

下面是当我手动使用“run-as”时运行良好的代码,我让最后一个用户登录

$userID=$NULL
$line_array = @()
$multi_array = @()
[hashtable]$my_hash = @{}

foreach ($i in $args){
   $line_array+= $i.split(" ")
}

foreach ($j in $line_array){
    $multi_array += ,@($j.split("="))
}

foreach ($k in $multi_array){
    $my_hash.add($k[0],$k[1])
}

$Sender_IP = $my_hash.Get_Item("sender-ip")




<# Courtesy of http://blogs.technet.com/b/heyscriptingguy/archive/2012/02/19/use-powershell-to-find-last-logon-times-for-virtual-workstations.aspx#>

<#Gather information on the computer corresponding to $Sender_IP#>
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Sender_IP

<#Determine the build number#>
$Build = $Win32OS.BuildNumber


<#Running Windows Vista with SP1 and later, i.e. $Build is greater than or equal to 6001#>
if($Build -ge 6001){
    $Win32User = Get-WmiObject -Class Win32_UserProfile -ComputerName $Sender_IP
    $Win32User = $Win32User | Sort-Object -Property LastUseTime -Descending
    $LastUser = $Win32User | Select-Object -First 1
    $UserSID = New-Object System.Security.Principal.SecurityIdentifier($LastUser.SID)
    $userId = $UserSID.Translate([System.Security.Principal.NTAccount])
    $userId = $userId.Value
}

<#Running Windows Vista without SP1 and earlier, i.e $Build is less than or equal to 6000#>
elseif ($Build -le 6000){
    $SysDrv = $Win32OS.SystemDrive
    $SysDrv = $SysDrv.Replace(":","$")
    $ProfDrv = "\\" + $Sender_IP + "\" + $SysDrv
    $ProfLoc = Join-Path -Path $ProfDrv -ChildPath "Documents and Settings"
    $Profiles = Get-ChildItem -Path $ProfLoc
    $LastProf = $Profiles | ForEach-Object -Process {$_.GetFiles("ntuser.dat.LOG")}
    $LastProf = $LastProf | Sort-Object -Property LastWriteTime -Descending | Select-Object -First 1
    $userId = $LastProf.DirectoryName.Replace("$ProfLoc","").Trim("\").ToUpper()
}

else{
    $userId = "Unknown/UserID"
}

if ($userId -ne $NULL){
    "userId=" + $userId
}
elseif ($userID -eq $NULL)
{
    $userId = "Unknown/UserID"
    "userId=" + $userId
}

但是,如果我不使用 Run-As 手动调用 powershell,我会收到以下错误

Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At D:\script\dlp_current_user-UPDATED.ps1:32 char:25
+ $Win32OS = Get-WmiObject <<<<  -Class Win32_OperatingSystem -ComputerName $Sender_IP 
    + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:51 char:30
+     $SysDrv = $SysDrv.Replace <<<< (":","$")
    + CategoryInfo          : InvalidOperation: (Replace:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Get-ChildItem : Cannot find path '\\10.1.202.240\Documents and Settings' because it does not exist.
At D:\script\dlp_current_user-UPDATED.ps1:54 char:30
+     $Profiles = Get-ChildItem <<<<  -Path $ProfLoc
    + CategoryInfo          : ObjectNotFound: (\\10.1.202.240\Documents and Settings:String) [Get-ChildItem], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:55 char:65
+     $LastProf = $Profiles | ForEach-Object -Process {$_.GetFiles <<<< ("ntuser.dat.LOG")}
    + CategoryInfo          : InvalidOperation: (GetFiles:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:57 char:46
+     $userId = $LastProf.DirectoryName.Replace <<<< ("$ProfLoc","").Trim("\").ToUpper()
    + CategoryInfo          : InvalidOperation: (Replace:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

userId=Unknown/UserID

输出是 userId=Unknown/UserID

如何解决这个问题???

编辑:

所以我在调用 Get-WmiOjbect 时尝试包含 -Credential

$cred = Get-Credential -Credential "Domain\Elevated_Account"
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Sender_IP -Credential $cred

现在它提示我输入密码。但是,当我运行脚本时,会出现其他错误:

Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At D:\script\dlp_current_user-UPDATED.ps1:39 char:31
+     $Win32User = Get-WmiObject <<<<  -Class Win32_UserProfile -ComputerName $Sender_IP
    + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

New-Object : Constructor not found. Cannot find an appropriate constructor for type System.Security.Principal.SecurityIdentifier.
At D:\script\dlp_current_user-UPDATED.ps1:42 char:26
+     $UserSID = New-Object <<<<  System.Security.Principal.SecurityIdentifier($LastUser.SID)
    + CategoryInfo          : ObjectNotFound: (:) [New-Object], PSArgumentException
    + FullyQualifiedErrorId : CannotFindAppropriateCtor,Microsoft.PowerShell.Commands.NewObjectCommand

You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:43 char:33
+     $userId = $UserSID.Translate <<<< ([System.Security.Principal.NTAccount])
    + CategoryInfo          : InvalidOperation: (Translate:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull
4

1 回答 1

2

你不能使用启动过程 CmdLet :

start-process 'c:\system32\WindowsPowerShell\v1.0\powershell.exe' -verb runas -argumentlist "-file toto.ps1"

toto.ps1 将以提升模式运行。

于 2013-08-29T14:09:33.540 回答