我有两个有效的PowerShell脚本。您可以使用:
调用script1.ps1.\script1.ps1 "sender-ip=10.10.10.10"
该脚本应该返回userId=DOMAIN/UserId
。第一个脚本:
#script1.ps1
$abc = $args
$startInfo = $NULL
$process = $NULL
$standardOut = $NULL
<#Previously created password file in C:\Script\cred.txt, read-host -assecurestring | convertfrom-securestring | out-file C:\Script\cred.txt#>
$password = get-content C:\Script\cred.txt | convertto-securestring
$startInfo = New-Object System.Diagnostics.ProcessStartInfo
$startInfo.FileName = "powershell.exe"
$startInfo.Arguments = "C:\script\script2.ps1 " + $abc
$startInfo.RedirectStandardOutput = $true
$startInfo.UseShellExecute = $false
$startInfo.CreateNoWindow = $false
$startInfo.Username = "Username"
$startInfo.Domain = "DOMAIN"
$startInfo.Password = $password
$process = New-Object System.Diagnostics.Process
$process.StartInfo = $startInfo
$process.Start() | Out-Null
$standardOut = $process.StandardOutput.ReadToEnd()
$process.WaitForExit()
# $standardOut should contain the results of "C:\script\script1.ps1"
$standardOut
这是整个工作脚本.ps1
#script2.ps1
$line_array = @()
$multi_array = @()
[hashtable]$my_hash = @{}
$Sender_IP = $NULL
$Win32OS = $NULL
$Build = $NULL
$LastUser = $NULL
$UserSID = $NULL
$userID=$NULL
$output = $NULL
foreach ($i in $args){
$line_array+= $i.split(" ")
}
foreach ($j in $line_array){
$multi_array += ,@($j.split("="))
}
foreach ($k in $multi_array){
$my_hash.add($k[0],$k[1])
}
$Sender_IP = $my_hash.Get_Item("sender-ip")
<#Gather information on the computer corresponding to $Sender_IP#>
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Sender_IP
<#Determine the build number#>
$Build = $Win32OS.BuildNumber
<#Running Windows Vista with SP1 and later, i.e. $Build is greater than or equal to 6001#>
if($Build -ge 6001){
$Win32User = Get-WmiObject -Class Win32_UserProfile -ComputerName $Sender_IP
$Win32User = $Win32User | Sort-Object -Property LastUseTime -Descending
$LastUser = $Win32User | Select-Object -First 1
$UserSID = New-Object System.Security.Principal.SecurityIdentifier($LastUser.SID)
$userId = $UserSID.Translate([System.Security.Principal.NTAccount])
$userId = $userId.Value
}
<#Running Windows Vista without SP1 and earlier, i.e $Build is less than or equal to 6000#>
elseif ($Build -le 6000){
$SysDrv = $Win32OS.SystemDrive
$SysDrv = $SysDrv.Replace(":","$")
$ProfDrv = "\\" + $Sender_IP + "\" + $SysDrv
$ProfLoc = Join-Path -Path $ProfDrv -ChildPath "Documents and Settings"
$Profiles = Get-ChildItem -Path $ProfLoc
$LastProf = $Profiles | ForEach-Object -Process {$_.GetFiles("ntuser.dat.LOG")}
$LastProf = $LastProf | Sort-Object -Property LastWriteTime -Descending | Select-Object -First 1
$userId = $LastProf.DirectoryName.Replace("$ProfLoc","").Trim("\").ToUpper()
}
else{
$userId = "Unknown/UserID"
}
if ($userId -ne $NULL){
$output = "userId=" + $userId
}
elseif ($userID -eq $NULL)
{
$userId = "Unknown/UserID"
$output = "userId=" + $userId
}
$output.replace("\","/")
这是我的问题。在我们域中的大多数IP地址上,它返回:
Get-WmiObject:访问被拒绝。 (HRESULT的例外情况:0x80070005 (E_ACCESS DENIED))
我研究了这个,并且 "get-wmiobject win32_process -computername" gets error "Access denied , code 0x80070005"建议授予提升的帐户权限,以便在整个域中运行WMI。
这篇文章http://technet.microsoft.com/en-us/library/cc787533(v=ws.10).aspx解释了如何做到这一点。
但是说服负责域名的团队为这个提升的帐户授予WMI权限将是一个延伸。并且,该脚本能够返回域中某些IP地址的UserId。
还有另一种解决方法吗?我应该在谷歌上研究什么?
答案 0 :(得分:1)
您是否考虑过使用Invoke-Command并使用PowerShell Remoting远程执行脚本2?
您的远程脚本可以使用其他凭据执行,您可能会更好地说服您的安全团队启用PowerShell远程处理而不是WMI。通过invoke-command运行时,你的wmi查询将是机器的本地查询,因此将有更好的工作机会,它也避免了读取标准输出缓冲区的需要。
为了帮助您入门,请尝试Enter-PSSession,因为这样您就可以快速确定让PS Remoting在您的环境中工作所需的工作量。
将来您可能希望同时定位多台计算机,在这种情况下,PS Remoting和Start-Job会有所帮助。