我一直在研究一个脚本,该脚本将遍历计算机列表,如果存在,则卸载旧的AV软件,如果不存在,则安装新的AV软件。该脚本通过执行两个文件来执行此操作:一个是批处理脚本(称为Sophos-Installation.bat),该脚本将检查是否存在旧的AV软件,并运行新的AV供应商的竞争对手删除工具。完成后,批处理脚本将自动启动可执行文件以安装我们的新AV软件。另一个文件将仅删除旧的AV软件,因为我的环境中有一些计算机同时具有这两种软件。这是脚本:
#Variables that store the path to 32-bit and 64-bit versions of Sophos
$Sophos64 = Test-Path 'C:\Program Files\Sophos'
$Sophos32 = Test-Path 'C:\Program Files (x86)\Sophos'
#Variables that store the path to 32-bit and 64-bit versions of Kaspersky
$Kaspersky64 = Test-Path 'C:\Program Files\Kaspersky Lab'
$Kaspersky32 = Test-Path 'C:\Program Files (x86)\Kaspersky Lab'
#The following block will run the Sophos-Installation batch file, removing any instance of Kaspersky and installing Sophos
If ($Sophos64 -eq $false -or $Sophos32 -eq $false)
{
Start-Process -FilePath C:\Temp\AVInstall\Sophos-Installation.bat
$env:COMPUTERNAME |Out-File -FilePath "\\CCIT-4BXZPN2LP\c$\Sophos Results\Sophos_Installed.txt" -Append
}
#The following block will remove Kaspersky from a machine if it is present and Sophos is already installed.
Elseif (($Kaspersky64 -eq $true -or $Kaspersky32 -eq $true) -and ($Sophos64 -eq $true -or $Sophos32 -eq $true))
{
Start-Process -FilePath C:\Temp\AVInstall\AVRemoveW.exe
$env:COMPUTERNAME | Out-File -FilePath "\\CCIT-4BXZPN2LP\c$\Sophos Results\Kaspersky_Removed.txt" -Append
}
#The last block will only be executed if Sophos is installed and Kaspersky isn't, and makes no changes to the machine.
else {$env:COMPUTERNAME | Out-File -FilePath "\\CCIT-4BXZPN2LP\c$\Sophos Results\Proper_Configuration.txt" -Append}
我正在运行另一个脚本,该脚本在启动上述脚本并将文件中的计算机名称记录到我的PC之前,将必要的文件复制到远程计算机。 (目前未成功。当脚本尝试写入.txt文件时,我收到访问被拒绝的错误。我现在不太担心这一点,但是如果有人想对此大肆抨击,请放心。)该脚本:
$computers = Get-Content -Path 'C:\Sophos Results\TestGroup.txt'
ForEach ($computer in $computers)
{
$connection = Test-Connection -ComputerName $computer -Quiet
if ($connection = $true)
{
try{
Copy-Item -Path C:\Temp\AVInstall -Destination "\\$computer\c$\Temp\AVInstall" -Recurse -Force
Invoke-Command -ComputerName $computer -FilePath 'C:\Sophos Results\InstallSophos_UninstallKaspersky_Test.ps1'
echo $computer | Out-File 'C:\Sophos Results\Script_Successful.txt' -Append
}
catch {
echo $computer | Out-File -FilePath 'C:\Sophos Results\Script_Failed.txt' -Append
}
}
else {echo $computer | Out-File -FilePath 'C:\Sophos Results\UnreachableComputers.txt'}
}
运行此脚本时,文件将正确复制,批处理文件将执行(批处理文件在运行时也会在远程计算机上创建日志,因此我知道它正在执行),但是旧的AV并未卸载并且未安装新的AV。当我远程进入一台测试计算机时,我手动运行了Sophos-Installation.bat文件并收到以下错误:
访问被拒绝。 访问被拒绝。 用户名或密码不正确。
然后提示我输入我的管理员凭据,然后该批处理文件按预期工作。所以很明显,我需要将我的管理员凭据传递给这些计算机,以使其正常工作。每当我尝试在PowerShell中传递凭据时,它都无法正常工作,因此我希望有人可以告诉我以下内容:
在回答我是PowerShell的初学者时(请注意,一般来说,这是我的第一份IT工作),请记住这一点,大约六周前,我上了一堂课,这是我实现它的第一个项目。预先感谢您的帮助!
更新:我已在脚本中添加了凭据变量。我已经在3个地方实现了它,但仍然会提示我输入凭据。这是我更新的脚本:
#Variables that store the path to 32-bit and 64-bit versions of Sophos
$Sophos64 = Test-Path 'C:\Program Files\Sophos'
$Sophos32 = Test-Path 'C:\Program Files (x86)\Sophos'
#Variables that store the path to 32-bit and 64-bit versions of Kaspersky
$Kaspersky64 = Test-Path 'C:\Program Files\Kaspersky Lab'
$Kaspersky32 = Test-Path 'C:\Program Files (x86)\Kaspersky Lab'
#The following block will run the CCOB-Sophos-Installation batch file, removing any instance of Kaspersky and installing Sophos
If ($Sophos64 -eq $false -or $Sophos32 -eq $false)
{
Start-Process -FilePath C:\Temp\AVInstall\CCOB-Sophos-Installation.bat -Credential $cred
$env:COMPUTERNAME |Out-File -FilePath "\\CCIT-4BXZPN2LP\c$\Sophos Results\Sophos_Installed.txt" -Append
}
#The following block will remove Kaspersky from a machine if it is present and Sophos is already installed.
Elseif (($Kaspersky64 -eq $true -or $Kaspersky32 -eq $true) -and ($Sophos64 -eq $true -or $Sophos32 -eq $true))
{
Start-Process -FilePath C:\Temp\AVInstall\AVRemoveW.exe -Credential $cred
$env:COMPUTERNAME | Out-File -FilePath "\\CCIT-4BXZPN2LP\c$\Sophos Results\Kaspersky_Removed.txt" -Append
}
#The last block will only be executed if Sophos is installed and Kaspersky isn't, and makes no changes to the machine.
else {$env:COMPUTERNAME | Out-File -FilePath "\\CCIT-4BXZPN2LP\c$\Sophos Results\Proper_Configuration.txt" -Append}
和:
#credentials
$username = "mydomain\myusername"
$password = Get-Content -Path 'C:\Sophos Results\mysecurestring.txt' | ConvertTo-SecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $password
$computers = Get-Content -Path 'C:\Sophos Results\TestGroup.txt'
ForEach ($computer in $computers)
{
$connection = Test-Connection -ComputerName $computer -Quiet
if ($connection -eq $true)
{
try{
Copy-Item -Path C:\Temp\AVInstall -Destination "\\$computer\c$\Temp\AVInstall" -Recurse -Force
Invoke-Command -ComputerName $computer -FilePath 'C:\Sophos Results\InstallSophos_UninstallKaspersky_Test.ps1' -Credential $cred
echo $computer | Out-File 'C:\Sophos Results\Script_Successful.txt' -Append
}
catch {
echo $computer | Out-File -FilePath 'C:\Sophos Results\Script_Failed.txt' -Append
}
}
else {echo $computer | Out-File -FilePath 'C:\Sophos Results\UnreachableComputers.txt'}
}
虽然我没有创建脚本来创建安全字符串文件的命令。我在Invoke-Command和两个Start-Process命令中使用了凭证参数,但是仍然提示我输入用户名和密码。
答案 0 :(得分:0)
能否请您测试以下我添加了凭据的代码
$Username = "administrator"
$Password = ConvertTo-SecureString 'Administrator password here' -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential $Username, $Password
$computers = Get-Content -Path 'C:\Sophos Results\TestGroup.txt'
ForEach ($computer in $computers)
{
$connection = Test-Connection -ComputerName $computer -Quiet
if ($connection = $true)
{
try{
Copy-Item -Path C:\Temp\AVInstall -Destination "\\$computer\c$\Temp\AVInstall" -Recurse -Force -Credential $Credentials
Invoke-Command -ComputerName $computer -FilePath 'C:\Sophos Results\InstallSophos_UninstallKaspersky_Test.ps1' -Credential $Credentials
echo $computer | Out-File 'C:\Sophos Results\Script_Successful.txt' -Append
}
catch {
echo $computer | Out-File -FilePath 'C:\Sophos Results\Script_Failed.txt' -Append
}
}
else {echo $computer | Out-File -FilePath 'C:\Sophos Results\UnreachableComputers.txt'}
}