Powershell启动过程脚本调用第二个脚本-如何仅制作一个脚本 [英] Powershell start-process script calls a second script - how to make one script only
问题描述
我有一个powershell脚本,该脚本接受"sender-ip = 10.10.10.100"形式的参数,并且可以在提升的凭据的情况下完美运行
I have a powershell script that accepts parameters in the form of "sender-ip=10.10.10.10" and that runs perfectly with elevated credentials
#script.ps1
$userID=$NULL
$line_array = @()
$multi_array = @()
[hashtable]$my_hash = @{}
foreach ($i in $args){
$line_array+= $i.split(" ")
}
foreach ($j in $line_array){
$multi_array += ,@($j.split("="))
}
foreach ($k in $multi_array){
$my_hash.add($k[0],$k[1])
}
$Sender_IP = $my_hash.Get_Item("sender-ip")
<#Gather information on the computer corresponding to $Sender_IP#>
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Sender_IP
<#Determine the build number#>
$Build = $Win32OS.BuildNumber
<#Running Windows Vista with SP1 and later, i.e. $Build is greater than or equal to 6001#>
if($Build -ge 6001){
$Win32User = Get-WmiObject -Class Win32_UserProfile -ComputerName $Sender_IP
$Win32User = $Win32User | Sort-Object -Property LastUseTime -Descending
$LastUser = $Win32User | Select-Object -First 1
$UserSID = New-Object System.Security.Principal.SecurityIdentifier($LastUser.SID)
$userId = $UserSID.Translate([System.Security.Principal.NTAccount])
$userId = $userId.Value
}
<#Running Windows Vista without SP1 and earlier, i.e $Build is less than or equal to 6000#>
elseif ($Build -le 6000){
$SysDrv = $Win32OS.SystemDrive
$SysDrv = $SysDrv.Replace(":","$")
$ProfDrv = "\\" + $Sender_IP + "\" + $SysDrv
$ProfLoc = Join-Path -Path $ProfDrv -ChildPath "Documents and Settings"
$Profiles = Get-ChildItem -Path $ProfLoc
$LastProf = $Profiles | ForEach-Object -Process {$_.GetFiles("ntuser.dat.LOG")}
$LastProf = $LastProf | Sort-Object -Property LastWriteTime -Descending | Select-Object -First 1
$userId = $LastProf.DirectoryName.Replace("$ProfLoc","").Trim("\").ToUpper()
}
else{
$userId = "Unknown/UserID"
}
if ($userId -ne $NULL){
return "userId=" + $userId
}
elseif ($userID -eq $NULL)
{
$userId = "Unknown/UserID"
return "userId=" + $userId
}
由于此脚本将由不使用提升凭据的第三方程序调用,因此我不得不创建第二个Powershell脚本,其中包含提升权限(第三方程序将调用)
Since this script will be invoked by a third party program that doesn't use elevated credentials, I had to create a second powershell script that includes the elevated privileges (which the third party program will invoke)
#elevated.ps1
[string]$abc = $args
<#Previously created password file in C:\Script\cred.txt, read-host -assecurestring | convertfrom-securestring | out-file C:\Script\cred.txt#>
$password = get-content C:\Script\cred.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "DOMAIN\Username",$password
[string]$output = start-process powershell -Credential $credentials -ArgumentList '-noexit','-File', 'C:\script\script.ps1', $abc
return $output
而且我可以手动调用
.\elevated.ps1 "sender-ip=10.10.10.10"
与其使用两个脚本(即一个脚本在启动过程中调用另一个脚本)来代替一个脚本,而是如何在一个脚本中创建脚本?我相信这将简化参数传递,因为第三方程序必须调用elevate.ps1并调用script.ps1,并且某处发生了一些错误.
Instead of having two scripts, i.e. one script with the start-process calling the other script, how to make this in one single script? I believe this would simplify the parameter passing because the third party program has to call elevate.ps1 which calls script.ps1 and some error is happening somewhere.
推荐答案
Windows不允许进程在运行时提升.有一些技巧,但是它们会以某种方式以提升的权利催生出一个新的过程.有关更多信息,请参见此处.因此,PowerShell的最简单方法仍然是使用一个脚本来开始处理另一个提升的脚本.
Windows does not allow a process to elevate while running. There are some tricks but in one way or another they will spawn a new process with the elevated rights. See here for more info. So the easiest way for PowerShell is still using one script to Start-Process the other script elevated.
这篇关于Powershell启动过程脚本调用第二个脚本-如何仅制作一个脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!