将powershell脚本作为本地Admin运行。它为什么不起作用?

时间:2014-04-07 12:58:00

标签: c# sharepoint powershell

我尝试以本地管理员身份运行此Powershell脚本($credential也具有PSShellAdmin权限):

$securePassword = ConvertTo-SecureString "Password" -AsPlainText -force
$credential = New-Object System.Management.Automation.PsCredential(".\test",$securePassword)
Invoke-Command -ComputerName RM-SERVER -ScriptBlock {Get-Process} -Credential $credential

接着说:

Connecting to remote server failed with the following error message :
 WinRM cannot process the request. The following error occured while using Kerb
eros authentication: There are currently no logon servers available to service
the logon request.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specifie
d.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does
not exist.
  -The client and remote computers are in different domains and there is no tru
st between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM
TrustedHosts configuration setting or use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command:
winrm help config. For more information, see the about_Remote_Troubleshooting H
elp topic.
    + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionStateBroken

我试图解决在PS中运行命令的问题 - > Enable-PSRemoting。但它并没有帮助我。那么,我该怎么办这个错误呢?

2 个答案:

答案 0 :(得分:0)

看起来您正在尝试使用本地帐户建立网络连接"。\ test"。

答案 1 :(得分:0)

希望这可以帮助那些做类似事情的人,但是使用C#代码。

如果您的代码作为localSystem运行(如在Window Service案例中),则在用户名之前使用PSCredential打开一个没有“\”的运行空间似乎会强制在工作组环境中运行Kerberos AuthenticationMechansim。

var username = "foobar";
var connInfo = new WSManConnectionInfo(false, hostname, Port, AppName, ShellUri,
                new PSCredential(username, password))
            {
                AuthenticationMechanism = AuthenticationMechanism.Negotiate
            };

using (var runspace = RunspaceFactory.CreateRunspace(host, connectionInfo))
{
    runspace.Open(); //will try to negotiate with Kerberos
}

修复是在用户名前面添加“\”以强制在非域环境中使用NTLM

var username = "foobar";
var domain = "";
var connInfo = new WSManConnectionInfo(false, hostname, Port, AppName, ShellUri,
                new PSCredential(domain + "\\" + username, password))
            {
                AuthenticationMechanism = AuthenticationMechanism.Negotiate
            };

using (var runspace = RunspaceFactory.CreateRunspace(host, connectionInfo))
{
    runspace.Open(); //will try to negotiate with Kerberos in domain, NTLM in non-domain
}