0

我有一个特殊的用例,它需要我的大量 powershell 脚本来更改它们运行的​​用户上下文。我有可靠工作的代码,但我试图将它放入一个函数中,而不是在每个脚本中重复它。

单独地,此函数中的行有效,但是当作为函数运行时,脚本不会遇到错误,但我没有得到任何结果。

如果有人能发现我在这方面缺少的东西,我将不胜感激。

            Function Invoke-AsUser() {
            Param(
                [Parameter(Mandatory=$true)]
                [String]
                $ScriptBlock
                ,
                [Parameter(Mandatory=$true)]
                [String]
                $RunAsUser
                ,
                [Parameter(Mandatory=$true)]
                [String]
                $RunAsPassword
                ,
                [Switch]$credSSP=$false
                )

                #Get the execution policy and store
                    $ExecutionPolicy = Get-ExecutionPolicy
                #Set up WSMANCredSSP
                    Enable-WSManCredSSP -Role Server -Force | out-null
                    Enable-WSManCredSSP -Role Client -DelegateComputer $env:COMPUTERNAME -Force | Out-Null
                #Set WSMAN MaxMemoryPerShell
                    #The following Prevents "Out of memory" errors from occurring when running commands through a remote pssession.
                    set-item wsman:localhost\Shell\MaxMemoryPerShellMB 512
                #Enable PSRemoting
                    try
                    {
                        enable-psremoting -force | Out-Null
                    }
                    catch
                    {
                        Write-Host "Enabling PSRemoting returned a non fatal exception."            
                    }
                #Create Credentials
                    $cred = new-object System.Management.Automation.PsCredential($runasuser,(ConvertTo-SecureString $RunasPassword -AsPlaintext -force))
                    $cred

                #Create the pssession
                    If ($credSSP -eq $true) {
                            try {
                                write-host "Authenticating with CredSSP"
                                $s = new-pssession -ComputerName $ENV:COMPUTERNAME -Credential $cred -Authentication Credssp
                            }

                            Catch {
                                    Write-Error "Creating new-pssession failed"
                            }
                        }
                    Else {
                            try {
                                    Write-Host "Authenticating without CredSSP"
                                    $s = new-pssession -ComputerName $ENV:COMPUTERNAME -Credential $cred
                                }

                                Catch {
                                        Write-Error "Creating new-pssession failed"
                                }
                        }

                #Invoke the command using pssession
                    Write-host "Running Scriptblock as $RunAsUser"
                    Invoke-Command -Session $s -ScriptBlock {Set-executionpolicy Bypass -Force}
                    Write-Host $ScriptBlock
                    invoke-command -Session $s -ScriptBlock { $ScriptBlock }
                    Write-host "Running Scripblock as $RunAsUser has finished."

                #set executionpolicy back to original
                    $ScriptBlock = "Set-ExecutionPolicy $ExecutionPolicy -Force"
                    Invoke-Command -Session $s -ScriptBlock {$ScriptBlock}

                #Disable psremoting
                    Disable-PSRemoting -force -WarningAction SilentlyContinue
            }

            $ErrorActionPreference = "Stop"
            Invoke-AsUser -ScriptBlock "& C:\temp\test.ps1" -RunAsUser $ENV:RUNASUSER -RunAsPassword $ENV:RUNASPASSWORD -CredSSP
4

2 回答 2

0

从你的脚本中删除“ |out-null”,你应该得到更好的调试输出。

于 2014-03-06T03:01:15.433 回答
0

我已经想通了。

Invoke-Command 需要一个“System.Management.Automation.ScriptBlock”类型的参数,但它正在接收一个 system.string。

当我深入挖掘时得到的错误是:无法处理参数'ScriptBlock'的参数转换。无法将“System.String”类型的“echo“hello””值转换为“System.Management.Automation.ScriptBlock”类型。

为了解决这个问题,我添加了以下行:

        #Creating a system.management.automation.scriptblock object from a string
        $ScriptObj = ([ScriptBlock]::Create($ScriptBlock))
        Invoke-Command -Session $s -ScriptBlock $ScriptObj

现在一切都按我的意愿工作。

于 2014-03-06T22:16:47.453 回答