测试路径问题

时间:2019-05-14 10:22:43

标签: powershell

我试图远程枚举Windows(admin)共享,然后针对每个共享Test-Path进行枚举,以验证是否存在文件夹。 问题是,Test-Path仅在运行powershell.exe的帐户有权查看相关文件夹的情况下才返回“ True”。 因此,我试图打开一个新的powershell.exe并在具有权限的用户的上下文中运行脚本。

#share enumeration and Test-Path
$scriptBlock = {
    Param ([System.Management.Automation.PSCredential]$cred)
    $shares = Get-WmiObject -Class Win32_Share -ComputerName COMPUTER -Credential $cred
    $sharename = $shares.Name
    $sharename #shares are correctly enumerated
    foreach ($name in $sharename) {
        $name1 = '\\COMPUTER' + $name + '\FOLDER'
        $name1 #UNC location is correctly set e.g. \\COMPUTER\d$\FOLDER
        $path = Test-Path -Path $name1
        Write-Host $path #always returns FALSE
    }
}

$username = "user"
$password = ConvertTo-SecureString "password" -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $password

Start-Process powershell -ArgumentList "-noexit -command & {$scriptBlock}  $cred"

Start-Process命令无法正确接收存储在$cred中的凭据,而是要求提供凭据。即使提供了正确的凭据,Test-Path的输出也会对所有共享返回FALSE。 powershell.exe在当前用户的上下文中运行。 如果我将当前用户添加为远程计算机的管理员,则Test-Path对于包含“ \ FOLDER”的位置将返回TRUE。 这种情况不是我想要实现的,因为我们将通过框架远程运行此脚本。

1 个答案:

答案 0 :(得分:2)

请勿在脚本中使用纯文本密码,尤其是在使用管理员凭据时。您正在使自己和组织面临不必要的风险。

如果不想在脚本运行期间提示输入凭据,则需要预先以安全的方式存储它们并从那里调用。网上有很多文章介绍如何在PowerShell脚本中使用Windows凭据管理器,安全XML文件甚至注册表来保护凭据。

此...

Start-Process powershell -ArgumentList "-noexit -command & {$scriptBlock}  $cred"

...是无效的语法。应该是这个...

Start-Process powershell -ArgumentList "-noexit -command & {$scriptBlock}" -Credential $Cred

Start-Process-它确实具有凭据属性。

最后,如果您是从工作站运行此程序,并且具有执行此操作的权限,那么为什么您根本没有通过资格认证? 交互式登录(如果您使用在目标上具有烫发功能的帐户登录),它将可以正常工作,并且根本不需要启动过程。

例如,只需执行此操作...

# share enumeration and Test-Path
# Using variable squeezing to assign and output variable, debug validation effort

# $scriptBlock = {
    # Pick a random AD computer and show all shares
    "`n***"
    "*** List all share data  ***"
    "***`n"
    ($shares = Get-WmiObject -Class Win32_Share -ComputerName (Get-ADComputer -Filter '*').Name[7])

    # Process test validation
    "`n***"
    "*** Testing share path ***"
    "***`n"
    foreach ($share in $shares) 
    { ($sharename = "\\$($share.PSComputerName)\$($share.Name)") + ' : ' + ($path = Test-Path -Path $sharename)}
# }

会给你这个...

# Results

***
*** List all share data  ***
***


Name        Path                                   Description                                            
----        ----                                   -----------                                            
ADMIN$      C:\Windows                             Remote Admin
C$          C:\                                    Default share
install     C:\install                                       
IPC$                                               Remote IPC
print$      C:\Windows\system32\spool\drivers      Printer Drivers

***
*** Testing share path ***
***

\\LabServer01\ADMIN$ : True
\\LabServer01\C$ : True
\\LabServer01\install : True
\\LabServer01\IPC$ : False
\\LabServer01\print$ : True

现在,如果您登录的凭据没有烫发,那么可以,通过它们...

($cred = Get-Credential -Credential "$env:USERDOMAIN\$env:USERNAME")

...在启动过程中,或者,如果启用了PSRemoting,则更好Invoke-Command

($cred = Get-Credential -Credential "$env:USERDOMAIN\$env:USERNAME")

Invoke-Command -ComputerName $((Get-ADComputer -Filter '*').Name[7]) -ScriptBlock {
    # Pick a random AD computer and show all shares
    "`n***"
    "*** List all share data on $env:COMPUTERNAME  ***"
    "***`n"
    ($shares = Get-WmiObject -Class Win32_Share -ComputerName $env:COMPUTERNAME)

    # Process test validation
    "`n***"
    "*** Testing share path ***"
    "***`n" 
    $shares | ForEach-Object {
        Write-Host "Testing $($PSItem.Name) : "  -NoNewline
        Try {Test-Path -Path $PSItem.Path}
        Catch{"Path for $($PSItem) is empty"}
    }
} -Credential $cred


# Results

***
*** List all share data on LabServer01  ***
***


Name       Path                                      Description        PSComputerName                           
----       ----                                      -----------        --------------                           
ADMIN$     C:\Windows                                Remote Admin       LabServer01                                 
C$         C:\                                       Default share      LabServer01                                 
install    C:\install                                                   LabServer01  
IPC$                                                 Remote IPC         LabServer01                                 
print$     C:\Windows\system32\spool\drivers         Printer Drivers    LabServer01                                 

***
*** Testing share path ***
***

Testing ADMIN$ : True
Testing C$ : True
Testing install : True
Testing IPC$ : Path for Cannot bind argument to parameter 'Path' because it is an empty string. is empty
Testing print$ : True