我有一个特殊的用例,需要很多我的powershell脚本来更改它们运行的用户上下文。我有可靠的代码,但我试图把它放在一个函数中,而不是在每个脚本中重复它。
单独地,此函数中的行有效,但是当作为函数运行时,脚本不会遇到错误,但我没有得到任何结果。
如果有人能够发现我在这里缺少的东西,我会非常感激。
Function Invoke-AsUser() {
Param(
[Parameter(Mandatory=$true)]
[String]
$ScriptBlock
,
[Parameter(Mandatory=$true)]
[String]
$RunAsUser
,
[Parameter(Mandatory=$true)]
[String]
$RunAsPassword
,
[Switch]$credSSP=$false
)
#Get the execution policy and store
$ExecutionPolicy = Get-ExecutionPolicy
#Set up WSMANCredSSP
Enable-WSManCredSSP -Role Server -Force | out-null
Enable-WSManCredSSP -Role Client -DelegateComputer $env:COMPUTERNAME -Force | Out-Null
#Set WSMAN MaxMemoryPerShell
#The following Prevents "Out of memory" errors from occurring when running commands through a remote pssession.
set-item wsman:localhost\Shell\MaxMemoryPerShellMB 512
#Enable PSRemoting
try
{
enable-psremoting -force | Out-Null
}
catch
{
Write-Host "Enabling PSRemoting returned a non fatal exception."
}
#Create Credentials
$cred = new-object System.Management.Automation.PsCredential($runasuser,(ConvertTo-SecureString $RunasPassword -AsPlaintext -force))
$cred
#Create the pssession
If ($credSSP -eq $true) {
try {
write-host "Authenticating with CredSSP"
$s = new-pssession -ComputerName $ENV:COMPUTERNAME -Credential $cred -Authentication Credssp
}
Catch {
Write-Error "Creating new-pssession failed"
}
}
Else {
try {
Write-Host "Authenticating without CredSSP"
$s = new-pssession -ComputerName $ENV:COMPUTERNAME -Credential $cred
}
Catch {
Write-Error "Creating new-pssession failed"
}
}
#Invoke the command using pssession
Write-host "Running Scriptblock as $RunAsUser"
Invoke-Command -Session $s -ScriptBlock {Set-executionpolicy Bypass -Force}
Write-Host $ScriptBlock
invoke-command -Session $s -ScriptBlock { $ScriptBlock }
Write-host "Running Scripblock as $RunAsUser has finished."
#set executionpolicy back to original
$ScriptBlock = "Set-ExecutionPolicy $ExecutionPolicy -Force"
Invoke-Command -Session $s -ScriptBlock {$ScriptBlock}
#Disable psremoting
Disable-PSRemoting -force -WarningAction SilentlyContinue
}
$ErrorActionPreference = "Stop"
Invoke-AsUser -ScriptBlock "& C:\temp\test.ps1" -RunAsUser $ENV:RUNASUSER -RunAsPassword $ENV:RUNASPASSWORD -CredSSP
答案 0 :(得分:0)
从脚本中删除“|out-null”,您应该获得更好的调试输出。
答案 1 :(得分:0)
我想到了这一点。
Invoke-Command需要一个类型为“System.Management.Automation.ScriptBlock”的参数,但是它正在接收一个system.string。
当我挖得更深时,我得到的错误是: 无法在参数'ScriptBlock'上处理参数转换。无法将“System.String”类型的“echo”hello“”值转换为“System.Management.Automation.ScriptBlock”类型。
为了解决这个问题,我添加了以下内容:
#Creating a system.management.automation.scriptblock object from a string
$ScriptObj = ([ScriptBlock]::Create($ScriptBlock))
Invoke-Command -Session $s -ScriptBlock $ScriptObj
现在一切都按照我的意愿运作。