我是这里的新手,也是PowerShell的新手-我想添加一个本地管理员用户,并在txt文件中为该用户分配密码。
下面是我的脚本,但是无法设置密码:
$Username = "steve"
$Password = Get-Content .\SecurePassword.txt | ConvertTo-SecureString
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
Write-Host "Creating new local user $Username."
& NET USER $Username $Password /add /y /expires:never
Write-Host "Adding local user $Username to $group."
& NET LOCALGROUP $group $Username /add
}
else {
Write-Host "Setting password for existing local user $Username."
$existing.SetPassword($Password)
}
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
这是输出:
PS C:\windows\System32> .\test.ps1
Creating new local user steve.
The command completed successfully.
Adding local user steve to Administrators.
The command completed successfully.
Ensuring password for steve never expires.
Updating property(s) of '\\DESKTOP-LVUFR6R\ROOT\CIMV2:Win32_UserAccount.Domain="DESKTOP-LVUFR6R",Name="steve"'
Property(s) update successful.
但是它没有设置密码。
有帮助吗?
答案 0 :(得分:1)
重点:
尽量不要重新发明轮子。使用内置功能集和MS powershellgallery.com模块。从PowerShell v3开始,提供了一个用于本地用户和组管理的模块。
Find-Module -Name '*local*Management'
<#
Version Name Repository Description ------- ---- ---------- ----------- 3.0 LocalUserManagement PSGallery a module that performs various local u... 1.2.2 Saritasa.LocalManagement PSGallery Contains functions to control local co... 0.1.1 LocalAccountManagement PSGallery Manage local and remote user accounts ... 1.0 STRemoteLocalGroupManagement PSGallery Manage local group membership on remot...
#>
[LocalUserManagement 3.0][1]
Get-Command -Name '*local*user*'
<#
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Disable-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Enable-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet New-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Rename-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Set-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
#>
Get-Command -Name '*local*group*'
<#
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Add-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet New-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Rename-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Set-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
#>
对于您追求的目标,请利用Set-LocalUser
$Password = Read-Host -AsSecureString
$UserAccount = Get-LocalUser -Name "User02"
$UserAccount | Set-LocalUser -Password $Password
因为您说自己是新手,所以强烈建议您花一些时间来提高/限制/避免混乱,不良代码,不良习惯,错误等。也不要运行代码(尤其是破坏性代码,意思是会改变您的系统/环境的内容),无论您从何处获得它,都无法完全理解它在做什么。如果不是这样,您确实会在系统/环境上造成重大问题。
答案 1 :(得分:0)
基于脚本的逻辑,由于从未满足条件,因此永远不会达到您设置的密码方法。要么删除else{}块,要么将设置的密码方法移至if{}块,看看是否对您有用。
$Username = "steve"
$Password = Get-Content .\SecurePassword.txt | ConvertTo-SecureString
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
Write-Host "Creating new local user $Username."
& NET USER $Username $Password /add /y /expires:never
Write-Host "Adding local user $Username to $group."
& NET LOCALGROUP $group $Username /add
Write-Host "Setting password for existing local user $Username."
$existing.SetPassword($Password)
} else {
# do something else that you want handled
}
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE