Powershell - 本地凭据验证 [英] Powershell - local credential verification

问题描述

我使用 Powershell 检查本地管理员凭据 作为此操作的基础片段并遇到问题.(不想线程劫持)

I utilized Powershell To Check Local Admin Credentials as the base for this snippet and am running into problems. (didn't want to threadjack)

Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('machine',$entry)
if($pc.ValidateCredentials("secretadmin", "secretpassword")){Write-host "good"}else{write-host "bad"}

它在大约 50% 的时间内有效.剩下的时间，我明白了

it works about 50 percent of the time. the rest of the time, i get this

使用2"个参数调用ValidateCredentials"的异常:同一用户与服务器或共享资源的多个连接，不允许使用多个用户名.断开所有连接之前连接到服务器或共享资源，然后重试.

Exception calling "ValidateCredentials" with "2" argument(s): "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.

这让我想起了使用 net use 验证凭据的批处理脚本，我们只需要删除映射的驱动器即可解决问题.由于没有我知道的已保存对象，我不确定如何清除此登录.我检查了登录用户，什么也没看到

which reminds me of batch scripts using net use to verify credentials where we just needed to delete the mapped drive to fix the issue. since there is no saved object that im aware of, im unsure how to clear this logon. I checked logged on users and saw nothing

基本上，我们正在为医院构建数百台服务器，需要确保符合政策，检查这些凭据只是其中的一部分，但这正是我遇到问题的地方.

Basically, we're building hundreds of servers for hospitals and need to ensure compliance with policies, checking these credentials is just part of this but this is where i have problems.

任何帮助将不胜感激.在提出这些问题之前作为旁注.凭据是正确的，它们是硬编码在脚本中的，我可以收到失败并立即通过 RDP 和 psexec 使用引发错误的相同凭据登录.防火墙允许任何从我的主机到目的地.

Any help would be greatly appreciated. As a side note before these questions are asked. the credentials are correct, they're hard-coded in the script, i can receive a failure and immediately log on via RDP and psexec with the same credentials that throw the error. the firewall allows any from my host to the destination.

推荐答案

PrincipalContext 实现了 IDisposable 所以我建议这样做:

PrincipalContext implements IDisposable so I recommend doing this:

Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$pc = New-Object DirectoryServices.AccountManagement.PrincipalContext('machine',$entry)

try {
    if($pc.ValidateCredentials("secretadmin", "secretpassword")) {
        Write-host "good"
    }
    else {
        Write-host "bad"
    }
}
finally {
    $pc.Dispose()
}

这篇关于Powershell - 本地凭据验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！