这个脚本背后的想法是让我们的jr变得容易。管理员登录,自动复制指定的文件,以便他们可以执行他们的工作,然后执行"退出"将内容返回到原始位置的脚本。恰好这些文件适用于本地组策略,请暂时忽略该事实,因为这是一个完全不同的对话。我有远程登录部分,我只是无法弄清楚如何在远程机器上执行后续命令集。任何帮助将不胜感激!
[string]$username = [Environment]::UserName
$errorlog_path = "c:\Users\" + $username + \Desktop\GPOLogonErrors.txt"
####Prompt User for name of the machine#####
[string]$remote_computer = Read-Host 'Enter the name of the PC you want to connect to'
<# Check to see if the requested machine is available for remote connections,lines 15-57 will execute if the test returns true otherwise if false is returned lines 62-77 will execute#>
if (Test-WSMan -ErrorAction SilentlyContinue $remote_computer)
{
####Begins remote session based on NETBIOS name entered####
$remote_session = Enter-PSSession -ComputerName $remote_computer
<# Start of section to create a new directory on the desktop,
copy over existing local GPOs then remove the original files #>
#####Make a new directory in C:\Users\Administrator\Desktop####
$newdir_func = New-Item -Force C:\Users\Administrator\Desktop\GroupPolicy -ItemType directory
<# Test that the variable $new_dir_func completed properly and if so
execute the command to copy the local GPOs #>
if ($newdir_func -ne $null)
{
$copy_func = Copy-Item -Force C:\Windows\System32\GroupPolicy\* C:\Users\Administrator\Desktop\GroupPolicy
if ($Copy_func -ne $null)
{
<#Removes original copies#>
$remove_func = Remove-Item -Force C:\Windows\System32\GroupPolicy
<# Tests the removal of the original GPO files #>
if ($remove_func -eq $null) {
echo "The original GPO files were not removed, please check manually"
}
else{
echo "The script has run properly, please perform the necessary work and reinstall the GPOs"
}
else {
<# Report if there is an error at this step #>
echo "The original GPOs were probably not copied to the desktop, please perform a manual check"
}
}
}
else{
echo "The GroupPolicy directory was not created on the desktop."
}
<#Nested if statements to check for completion of the variable $copy_func #>
}
}
else {
####Report if the machine is not available for connection, then attempt to ping it####
echo "The machine you requested is not available, double checking now to see if it is responding to traffic"
$test_connection = Test-Connection -Quiet -ComputerName $remote_computer
if ( $test_connection -eq $false){
tracert $remote_computer >> $errorlog_path
echo "The requested machine has not responded. Please be sure that you have correctly spelt the
name of the machine. An error log showing the traceroute has also been generated on your desktop
for analysis GPOLogonErrors.txt"
}
else{
echo "The machine has not responded please be sure that remote management with Powershell
is enabled and that you have correctly typed the name of the machine."
}
}
答案 0 :(得分:1)
嗯,这是脚本的显示阻止:
Enter-PSSession -ComputerName $remote_computer
Enter-PSSession只能在控制台上以交互方式使用。在脚本中,您应该新建一个PSSession并将其与Invoke-Command一起使用,例如:
$session = New-PSSession $remote_computer
Invoke-Command -Session $session -ScriptBlock { ..your script here ...}
Remove-PSSession $session
请注意,脚本需要的任何参数都需要明确传递,例如:
Invoke-Command -Session $session -ScriptBlock {param($name) ..your script here ...} -Arg 'A Name'
你的脚本很复杂,我会把“远程执行”位放在一个文件中说remote.ps1,然后将它传递给远程计算机执行,例如:
Invoke-Command -Session $session -FilePath .\remote.ps1
这种方法很酷的是PowerShell将获取“本地”脚本文件的内容并将其发送到执行它的远程计算机。这样,您就不必担心将脚本部署到远程计算机或处理第二跳问题,因为脚本位于网络共享上。