创建Powershell脚本以自动配置域中的计算机。
(在运行脚本之前,先运行Set-ExecutionPolicy Unrestricted,然后以管理员身份运行脚本。)
由于某些原因,计划的任务在加入域并重新启动后将无法运行。第一次重新启动后,如果我不做任何更改就打开了任务,然后在提示时重新输入密码,它将在以后的重新启动中运行并继续运行。
我本来要以SYSTEM身份运行它,但是我无法保存凭据并以这种方式恢复它们(因为它们是由首先打开脚本的当前用户加密的)。同样,Chocolatey在以SYSTEM身份运行时似乎不喜欢安装软件包。
我的直觉是重新启动计算机时重命名计算机或加入域会导致问题。
这里是我认为相关的部分,但是如果我错过了重要的事情,完整的脚本在下面的Github上。
完整脚本:https://github.com/gotylergo/w10-helpdesk-toolkit/blob/master/provision-pc.ps1
$ScriptDir = "$env:ProgramData\ProvisionPC"
$ScriptPath = "$ScriptDir\ProvisionPC.ps1"
function Set-ScheduledRebootTask {
$TaskAction = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NonInteractive -NoLogo -NoProfile -File $ScriptPath"
$TaskTrigger = New-ScheduledTaskTrigger -RandomDelay (New-TimeSpan -Minutes 5) -AtStartup
$TaskSettings = New-ScheduledTaskSettingsSet -DontStopOnIdleEnd -RestartInterval (New-TimeSpan -Minutes 1) -RestartCount 10 -StartWhenAvailable
$Task = New-ScheduledTask -Action $TaskAction -Trigger $TaskTrigger -Settings $TaskSettings
$CurrentUser = Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object -expand UserName
$Task | Register-ScheduledTask -TaskName "ProvisionPC" -User $CurrentUser -Password $LocalAdminPwd
if ($?) {
Write-Output "Scheduled task created. Script will continue after reboot."
} else {
Write-Error "Scheduled task could not be created. Run script manually after reboot."
}
$DomainAdminUser = Read-Host "Enter your domain admin username in the form of domain.com\username"
$DomainAdminPwd = Read-Host "Enter your domain admin password" -AsSecureString
$Credentials = [System.Management.Automation.PSCredential]::new($DomainAdminUser, $DomainAdminPwd)
$DomainName = $Credentials.GetNetworkCredential().Domain
$NewPCName = Read-Host "Enter the new computer name"
$LocalAdminPwd = ""
if ($Pwd1_txt -eq $Pwd2_txt) {
$LocalAdminPwd = $Pwd1_txt
# Set password and enable Administrator account
Set-LocalUser -Name "Administrator" -Password $Pwd1 -PasswordNeverExpires:$true
if ($?) {
Write-Output "Administer password set."
} else {
Write-Error "Error: Couldn't set Administrator password. "
}
Enable-LocalUser -Name "Administrator"
if ($?) {
Write-Output "Administer account enabled."
} else {
Write-Error "Error: Couldn't enable administrator account. "
}
# Set currently logged in admin account password to Administrator password
Set-LocalUser -Name $env:UserName -Password $Pwd1 -PasswordNeverExpires:$true
if ($?) {
Write-Output "$env:UserName password set."
} else {
Write-Error "Error: Couldn't set $env:UserName password. "
}
} else {
throw "Passwords don't match!"
}
Set-ScheduledRebootTask
# Join to domain and restart
Add-Computer -DomainName $DomainName -Server HQ-corpdc01 -NewName $NewPCName -Credential $Credentials -Restart -Force