Powershell 脚本不通过计划任务运行 [英] Powershell script does not run via Scheduled Tasks
问题描述
我的域控制器上有一个小脚本,用于通过 SMTP 向我发送有关最新安全事件 4740 的电子邮件.
I have a small script on my Domain Controller that is setup to email me via SMTP about the latest Security Event 4740.
脚本在手动执行时会按预期运行;然而,当设置为通过计划任务运行时,虽然它显示已执行,但没有任何反应(没有电子邮件).
The script, when executed manually, will run as intended; however, when setup to run via Scheduled Tasks, and although it shows to have been executed, nothing happens (no email).
脚本如下:
If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
$arguments = "& '" + $myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}
$Event = Get-EventLog -LogName Security -InstanceId 4740 -Newest 5
$MailBody= $Event.Message + "`r`n`t" + $Event.TimeGenerated
$MailSubject= "Security Event 4740 - Detected"
$SmtpClient = New-Object system.net.mail.smtpClient
$SmtpClient.host = "smtp.domain.com"
$MailMessage = New-Object system.net.mail.mailmessage
$MailMessage.from = "fromemail@domain.com"
$MailMessage.To.add("toemail.domain.com")
$MailMessage.IsBodyHtml = 1
$MailMessage.Subject = $MailSubject
$MailMessage.Body = $MailBody
$SmtpClient.Send($MailMessage)
计划任务设置如下:
RunsAs:LOCAL SYSTEM
Trigger: On event - Log: Security, Event ID: 4740
Action: Start Program - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Argument: -executionpolicy bypass c:\path\event4740.ps1
我还尝试了以下方法:
Trigger: On event - Log: Security, Event ID: 4740
Action: Start Program - C:\path\event4740.ps1
根据任务历史记录:任务已启动、操作已启动、已创建任务进程、操作已完成、任务已完成.我浏览了网站上具有相同问题"的一些不同链接,但它们似乎都有某种我没有的变量.我也尝试了一些提到的解决方案,认为它们可能有些相关,但是没有任何效果.我什至尝试删除我的计划任务并按照此处所述重置它:http://blogs.technet.com/b/heyscriptingguy/archive/2012/08/11/weekend-scripter-use-the-windows-task-scheduler-to-run-a-windows-powershell-script.aspx
According to the Tasks History: Task Started, Action Started, Created Task Process, Action Completed, Task Completed. I have looked through some various links on the site with the same 'issue' but they all seem to have some sort of variable that I do not have. I have also tried some of the mentioned solutions thinking they may be somewhat related, but alas nothing is working. I have even tried removing my Scheduled Task and resetting it as mentioned here: http://blogs.technet.com/b/heyscriptingguy/archive/2012/08/11/weekend-scripter-use-the-windows-task-scheduler-to-run-a-windows-powershell-script.aspx
有没有人遇到过这种类型的错误或知道如何绕过这个问题?
Has anyone run into this type of error before or know how to bypass this issue?
问题排查:
我决定尝试通过计划任务调用 .bat 文件.我创建了一个简单的文件,它将当前日期/时间回显到一个受监控的文件夹.手动和通过 4740 事件触发的任务运行文件达到了预期的结果.将 .bat 文件更改为手动调用 .ps1 文件.当由 4740 事件触发时,现在 .bat 将不再运行.
I decided to try an call a .bat file via a scheduled task. I created a simple file that would echo the current date/time to a monitored folder. Running the file manually and via a task triggered by the 4740 Event achieved desired results. Changing the .bat file to instead call the .ps1 file worked manually. When triggered by the 4740 Event, now the .bat will no longer run.
推荐答案
将您的操作更改为:
powershell -noprofile -executionpolicy bypass -file C:\path\event4740.ps1
在 Windows 2008 服务器 R2 上:在常规选项卡下的任务计划程序中 -确保将运行身份"用户设置为具有执行脚本所需的正确权限的帐户.
On a Windows 2008 server R2: In Task Scheduler under the General Tab - Make sure the 'Run As' user is set to an account with the right permissions it takes to execute the script.
此外,我相信您已选中仅在用户登录时运行"选项.将其更改为无论用户是否登录都运行".不选中不存储密码"选项,您可能需要标记以最高权限运行"选项.
Also, I believe you have the "Run only when user is logged on" Option checked off. Change that to "Run whether user is logged on or not". Leave the Do Not Store password option unchecked, and you'll probably need the "Run with Highest Privileges" option marked.
这篇关于Powershell 脚本不通过计划任务运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
