好的,我了解创建加密凭据并将其存储在 powershell 脚本中的概念
但是,当第三方程序自动调用 powershell 脚本时,如何使用提升的凭据运行它?
下面是当我手动使用“run-as”时运行良好的代码,我让最后一个用户登录
$userID=$NULL
$line_array = @()
$multi_array = @()
[hashtable]$my_hash = @{}
foreach ($i in $args){
$line_array+= $i.split(" ")
}
foreach ($j in $line_array){
$multi_array += ,@($j.split("="))
}
foreach ($k in $multi_array){
$my_hash.add($k[0],$k[1])
}
$Sender_IP = $my_hash.Get_Item("sender-ip")
<# Courtesy of http://blogs.technet.com/b/heyscriptingguy/archive/2012/02/19/use-powershell-to-find-last-logon-times-for-virtual-workstations.aspx#>
<#Gather information on the computer corresponding to $Sender_IP#>
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Sender_IP
<#Determine the build number#>
$Build = $Win32OS.BuildNumber
<#Running Windows Vista with SP1 and later, i.e. $Build is greater than or equal to 6001#>
if($Build -ge 6001){
$Win32User = Get-WmiObject -Class Win32_UserProfile -ComputerName $Sender_IP
$Win32User = $Win32User | Sort-Object -Property LastUseTime -Descending
$LastUser = $Win32User | Select-Object -First 1
$UserSID = New-Object System.Security.Principal.SecurityIdentifier($LastUser.SID)
$userId = $UserSID.Translate([System.Security.Principal.NTAccount])
$userId = $userId.Value
}
<#Running Windows Vista without SP1 and earlier, i.e $Build is less than or equal to 6000#>
elseif ($Build -le 6000){
$SysDrv = $Win32OS.SystemDrive
$SysDrv = $SysDrv.Replace(":","$")
$ProfDrv = "\\" + $Sender_IP + "\" + $SysDrv
$ProfLoc = Join-Path -Path $ProfDrv -ChildPath "Documents and Settings"
$Profiles = Get-ChildItem -Path $ProfLoc
$LastProf = $Profiles | ForEach-Object -Process {$_.GetFiles("ntuser.dat.LOG")}
$LastProf = $LastProf | Sort-Object -Property LastWriteTime -Descending | Select-Object -First 1
$userId = $LastProf.DirectoryName.Replace("$ProfLoc","").Trim("\").ToUpper()
}
else{
$userId = "Unknown/UserID"
}
if ($userId -ne $NULL){
"userId=" + $userId
}
elseif ($userID -eq $NULL)
{
$userId = "Unknown/UserID"
"userId=" + $userId
}
但是,如果我不使用 Run-As 手动调用 powershell,我会收到以下错误
Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At D:\script\dlp_current_user-UPDATED.ps1:32 char:25
+ $Win32OS = Get-WmiObject <<<< -Class Win32_OperatingSystem -ComputerName $Sender_IP
+ CategoryInfo : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:51 char:30
+ $SysDrv = $SysDrv.Replace <<<< (":","$")
+ CategoryInfo : InvalidOperation: (Replace:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Get-ChildItem : Cannot find path '\\10.1.202.240\Documents and Settings' because it does not exist.
At D:\script\dlp_current_user-UPDATED.ps1:54 char:30
+ $Profiles = Get-ChildItem <<<< -Path $ProfLoc
+ CategoryInfo : ObjectNotFound: (\\10.1.202.240\Documents and Settings:String) [Get-ChildItem], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand
You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:55 char:65
+ $LastProf = $Profiles | ForEach-Object -Process {$_.GetFiles <<<< ("ntuser.dat.LOG")}
+ CategoryInfo : InvalidOperation: (GetFiles:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:57 char:46
+ $userId = $LastProf.DirectoryName.Replace <<<< ("$ProfLoc","").Trim("\").ToUpper()
+ CategoryInfo : InvalidOperation: (Replace:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
userId=Unknown/UserID
输出是 userId=Unknown/UserID
如何解决这个问题???
编辑:
所以我在调用 Get-WmiOjbect 时尝试包含 -Credential
$cred = Get-Credential -Credential "Domain\Elevated_Account"
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Sender_IP -Credential $cred
现在它提示我输入密码。但是,当我运行脚本时,会出现其他错误:
Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At D:\script\dlp_current_user-UPDATED.ps1:39 char:31
+ $Win32User = Get-WmiObject <<<< -Class Win32_UserProfile -ComputerName $Sender_IP
+ CategoryInfo : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
New-Object : Constructor not found. Cannot find an appropriate constructor for type System.Security.Principal.SecurityIdentifier.
At D:\script\dlp_current_user-UPDATED.ps1:42 char:26
+ $UserSID = New-Object <<<< System.Security.Principal.SecurityIdentifier($LastUser.SID)
+ CategoryInfo : ObjectNotFound: (:) [New-Object], PSArgumentException
+ FullyQualifiedErrorId : CannotFindAppropriateCtor,Microsoft.PowerShell.Commands.NewObjectCommand
You cannot call a method on a null-valued expression.
At D:\script\dlp_current_user-UPDATED.ps1:43 char:33
+ $userId = $UserSID.Translate <<<< ([System.Security.Principal.NTAccount])
+ CategoryInfo : InvalidOperation: (Translate:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull