将Register-ScheduledJob作为系统帐户(无需传递凭据) [英] Register-ScheduledJob as the system account (without having to pass in credentials)
问题描述
我相信对于Register-ScheduledTask,您可以指定-User "System"或执行类似操作:
I believe for Register-ScheduledTask you can specify -User "System"or do something like:
$principal = New-ScheduledTaskPrincipal -UserId SYSTEM -LogonType ServiceAccount -RunLevel Highest
我该如何使用Register-ScheduledJob?
此命令将运行本地管理员的上下文,因此它将有权执行此操作.我只是在cmdlet中看不到此选项.
This command will be running the context of the local admin so it will have access to do this. I just don't see this option in the cmdlet.
Windows是否通过设计使这成为不可能?如果我打开一个交互式PS会话作为系统(使用psexec)并尝试创建计划的作业,则会收到错误消息:
edit: Does windows make this impossible by design? If I open an interactive PS session as the system (using psexec) and try to create a schedualed job I get an error:
PS C:\Windows\system32> Register-ScheduledJob -Name systemsssss -ScriptBlock {'s
dfsdfsdfsd'}
Register-ScheduledJob : An error occurred while registering scheduled job
definition systemsssss to the Windows Task Scheduler. The Task Scheduler
error is: (32,4):UserId:.
At line:1 char:1
+ Register-ScheduledJob -Name systemsssss -ScriptBlock {'sdfsdfsdfsd'}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Microsoft.Power...edJobDefini
tion:ScheduledJobDefinition) [Register-ScheduledJob], ScheduledJobExceptio
n
+ FullyQualifiedErrorId : CantRegisterScheduledJobDefinition,Microsoft.Pow
erShell.ScheduledJob.RegisterScheduledJobCommand
以本地管理员帐户运行时,此命令也可以正常工作
This same command works fine when run as the local administrator account
推荐答案
首先使用 Register-ScheduledJob 创建PowerShell作业.
First use Register-ScheduledJob to create your PowerShell job.
然后使用 Set-ScheduledTask 将启动帐户更改为LocalSystem或任何其他内置帐户.
Then use Set-ScheduledTask to change the startup account to LocalSystem or any another built-in account.
以下PS代码示例说明了所有内容.如果要检查它的工作原理,可以在一个管理帐户下多次运行它.
The following PS-code example explains everything. You can run it multiple times under an administrative account if you want to check how it works.
还要注意 -RunElevated
顺便说一句,我更喜欢使用 Register-ScheduledJob ,因为它允许我使用PowerShell脚本块而不是脚本文件.
BTW, I prefer to use Register-ScheduledJob as it allows me to use PowerShell script blocks instead of script files.
$ErrorActionPreference = 'Stop'
Clear-Host
$taskName = "it3xl_dummy_PowerShell_job"
# Unregister-ScheduledJob it3xl_dummy_PowerShell_job -Confirm:$false
$task = Get-ScheduledJob -Name $taskName -ErrorAction SilentlyContinue
if ($task -ne $null)
{
Unregister-ScheduledJob $task -Confirm:$false
Write-Host "Old $taskName job has been unregistered"; Write-Host;
}
$trigger = New-JobTrigger -AtStartup;
$options = New-ScheduledJobOption -StartIfOnBattery -RunElevated;
Write-Host "Registering new $taskName job";
Register-ScheduledJob -Name $taskName -Trigger $trigger -ScheduledJobOption $options `
-ScriptBlock {
Write-Host In our PowerShell job we say - oppa!;
}
$accountId = "NT AUTHORITY\SYSTEM";
#$accountId = "NT AUTHORITY\LOCAL SERVICE";
$principal = New-ScheduledTaskPrincipal -UserID $accountId `
-LogonType ServiceAccount -RunLevel Highest;
$psSobsSchedulerPath = "\Microsoft\Windows\PowerShell\ScheduledJobs";
$someResult = Set-ScheduledTask -TaskPath $psSobsSchedulerPath `
-TaskName $taskName -Principal $principal
Write-Host;
Write-Host "Let's show proofs that our PowerShell job will be running under the LocalSytem account"
$task = Get-ScheduledTask -TaskName $taskName
$task.Principal
Write-Host "Let's start $taskName"
Start-Job -DefinitionName $taskName | Format-Table
Write-Host "Let's proof that our PowerShell job was ran"
Start-Sleep -Seconds 3
Receive-Job -Name $taskName
这篇关于将Register-ScheduledJob作为系统帐户(无需传递凭据)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
