pssession功能不起作用

时间:2014-03-05 23:22:45

标签: powershell windows-server-2008 windows-server-2012 invoke-command

我有一个特殊的用例,需要很多我的powershell脚本来更改它们运行的​​用户上下文。我有可靠的代码,但我试图把它放在一个函数中,而不是在每个脚本中重复它。

单独地,此函数中的行有效,但是当作为函数运行时,脚本不会遇到错误,但我没有得到任何结果。

如果有人能够发现我在这里缺少的东西,我会非常感激。

            Function Invoke-AsUser() {
            Param(
                [Parameter(Mandatory=$true)]
                [String]
                $ScriptBlock
                ,
                [Parameter(Mandatory=$true)]
                [String]
                $RunAsUser
                ,
                [Parameter(Mandatory=$true)]
                [String]
                $RunAsPassword
                ,
                [Switch]$credSSP=$false
                )

                #Get the execution policy and store
                    $ExecutionPolicy = Get-ExecutionPolicy
                #Set up WSMANCredSSP
                    Enable-WSManCredSSP -Role Server -Force | out-null
                    Enable-WSManCredSSP -Role Client -DelegateComputer $env:COMPUTERNAME -Force | Out-Null
                #Set WSMAN MaxMemoryPerShell
                    #The following Prevents "Out of memory" errors from occurring when running commands through a remote pssession.
                    set-item wsman:localhost\Shell\MaxMemoryPerShellMB 512
                #Enable PSRemoting
                    try
                    {
                        enable-psremoting -force | Out-Null
                    }
                    catch
                    {
                        Write-Host "Enabling PSRemoting returned a non fatal exception."            
                    }
                #Create Credentials
                    $cred = new-object System.Management.Automation.PsCredential($runasuser,(ConvertTo-SecureString $RunasPassword -AsPlaintext -force))
                    $cred

                #Create the pssession
                    If ($credSSP -eq $true) {
                            try {
                                write-host "Authenticating with CredSSP"
                                $s = new-pssession -ComputerName $ENV:COMPUTERNAME -Credential $cred -Authentication Credssp
                            }

                            Catch {
                                    Write-Error "Creating new-pssession failed"
                            }
                        }
                    Else {
                            try {
                                    Write-Host "Authenticating without CredSSP"
                                    $s = new-pssession -ComputerName $ENV:COMPUTERNAME -Credential $cred
                                }

                                Catch {
                                        Write-Error "Creating new-pssession failed"
                                }
                        }

                #Invoke the command using pssession
                    Write-host "Running Scriptblock as $RunAsUser"
                    Invoke-Command -Session $s -ScriptBlock {Set-executionpolicy Bypass -Force}
                    Write-Host $ScriptBlock
                    invoke-command -Session $s -ScriptBlock { $ScriptBlock }
                    Write-host "Running Scripblock as $RunAsUser has finished."

                #set executionpolicy back to original
                    $ScriptBlock = "Set-ExecutionPolicy $ExecutionPolicy -Force"
                    Invoke-Command -Session $s -ScriptBlock {$ScriptBlock}

                #Disable psremoting
                    Disable-PSRemoting -force -WarningAction SilentlyContinue
            }

            $ErrorActionPreference = "Stop"
            Invoke-AsUser -ScriptBlock "& C:\temp\test.ps1" -RunAsUser $ENV:RUNASUSER -RunAsPassword $ENV:RUNASPASSWORD -CredSSP

2 个答案:

答案 0 :(得分:0)

从脚本中删除“|out-null”,您应该获得更好的调试输出。

答案 1 :(得分:0)

我想到了这一点。

Invoke-Command需要一个类型为“System.Management.Automation.ScriptBlock”的参数,但是它正在接收一个system.string。

当我挖得更深时,我得到的错误是: 无法在参数'ScriptBlock'上处理参数转换。无法将“System.String”类型的“echo”hello“”值转换为“System.Management.Automation.ScriptBlock”类型。

为了解决这个问题,我添加了以下内容:

        #Creating a system.management.automation.scriptblock object from a string
        $ScriptObj = ([ScriptBlock]::Create($ScriptBlock))
        Invoke-Command -Session $s -ScriptBlock $ScriptObj

现在一切都按照我的意愿运作。