在远程计算机上的PowerShell脚本不运行作为计划任务 [英] Powershell script on remote computer not running as a scheduled task

问题描述

我对存储在Active Directory服务器上我的域名脚本。每台机器上的域具有发射时任务，调用此脚本运行。

I have a script on my domain stored on the Active Directory server. every machine on the domain has a task that when fired, calls this script to run.

从AD服务器工作机制运行的任务。从运行另一台计算机的任务无法正常工作。但是，运行一个从CMD手动在远程计算机上工作引发的命令？

Running the task from the AD server works. Running the task from another machine doesn't work. However, running the command that is triggered from cmd manually on the remote computer works?

任何人都可以照到一些光这一点。基本上我这样称呼它使得触发设置如下......

Could anyone shine some light on this. Basically I call it like this so that the trigger is set up like...

动作：PowerShell.exe

Action: PowerShell.exe

参数：-noprofile -ExecutionPolicy旁路 - 文件\\＆LT;> NameOfADServer＆LT;> \ C $ \任务\ script.ps1参数1参数2

Arguments: -noprofile –ExecutionPolicy Bypass -File "\\<>NameOfADServer<>\C$\Tasks\script.ps1" "Argument 1" "Argument 2"

推荐答案

有几个问题在这里。

1. 您正在运行的任务，因为本地系统帐户。系统一般不访问任何网络资源。
2. 您正在使用的管理共享（ \\＆LT;服务器＆GT; \ C $ ）来共享该脚本。只有具有管理员访问该服务器的用户可以访问管理共享。管理共享被设计在很大程度上受到限制，不能修改对他们的访问。

1. You're running the task as the local SYSTEM accounts. SYSTEM generally does not have access to any network resources.
2. You're using the administrative share (\\<servername>\C$) to share the script. Only users that have Administrator access to the server can access the administrative shares. Administrative shares are heavily restricted by design and you cannot modify the access on them.

我的猜测是，当你运行它手动是因为它是使用当前用户的凭据进行网络访问，当你做到这一点，但不要引用我的脚本工作。

My guess is that the script works when you run it manually is because it's using the current user's credentials for network access when you do that, but don't quote me on that.

用最少的变化，最简单的解决方法是做到这一点：

The simplest solution with the least amount of change is to do this:

1. 创建一组在Active Directory中。添加计算机帐户，或preferably，与您希望能够运行脚本这个新组的计算机帐户组。如果你真的想在域中的任何计算机上的任何系统帐户才能够运行该脚本，您可以添加域计算机组，该组中。
2. 创建服务器上的文件夹。把脚本的文件夹中。不要把任何你不想让你的用户阅读该文件夹中。分配读取NTFS权限以上的文件夹中创建的组。
3. 共享该文件夹了。授予该集团刚刚创建的完全控制共享访问。如果你愿意，你可以通过添加一个美元符号的名称末尾使其成为一个隐藏的共享。
4. 更新您的计划任务使用 \\＆LT;服务器＆GT; \＆LT;共享名称＆GT;。\ script.ps1

1. Create a group in Active Directory. Add the Computer accounts, or, preferably, groups with Computer accounts which you want to be able to run the script to this new group. If you really want any SYSTEM account on any computer in the domain to be able to run the script, you can add the "Domain Computers" group to the group.
2. Create a folder on the server. Put the script in the folder. Don't put anything in this folder you don't want your users to read. Assign the "Read" NTFS permission to the group created above to the folder.
3. Share the folder out. Grant the group you just created the "Full Control" share access. If you want, you can make it a hidden share by adding a dollar sign to the end of the name.
4. Update your scheduled tasks to use \\<servername>\<sharename>\script.ps1.

这是几乎可以肯定不是为了实现你真正想要做什么是最好的方法，但是这可能是使用脚本运行计划任务与系统帐户的网络共享的最佳方式。

This is almost certainly not the best method to accomplish what you're actually trying to do, but this is probably the best way to use scheduled tasks running scripts on a network share with the SYSTEM account.

这篇关于在远程计算机上的PowerShell脚本不运行作为计划任务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！