从 bat 为 Intune Win32 执行 PS [英] Execute PS from bat for Intune Win32
问题描述
我很困惑,实际上我也不太熟悉 PS 和 bat,因为我遇到了他们的麻烦.
I am so confused and actually also not so familiar with PS and bat after my troubles with them.
我想通过 IntuneWin 文件(WIN32 应用程序)使用 Intune 在 Windows 10 中设置锁屏.
I want to set the Lockscreen in Windows 10 with Intune through an IntuneWin file (WIN32 application).
我有一个包含图像的文件夹,我想设置它,一个copy.bat,它应该复制目录中的图像,并执行PS文件来设置登录图像和一个del.bat,用于删除图像.
I have a folder with the image, which I want to set, a copy.bat which should copy the image in the directory and also execute the PS file for setting the login image and a del.bat for deleting the image.
copy.bat
md %AllUsersProfile%\sz
copy /Y Wallpaper.jpg %AllUsersProfile%\sz
powershell -ExecutionPolicy Bypass -File Set-Lockscreen.ps1 -verb RunAs
del.bat
del /Y %AllUsersProfile%\sz\Wallpaper.jpg
Set-Lockscreen.ps1
$RegKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationLS"
$LockScreenPath = "LockScreenImagePath"
$LockScreenStatus = "LockScreenImageStatus"
$LockScreenUrl = "LockScreenImageUrl"
$StatusValue = "1"
$path = "C:\ProgramData\Elinvar"
$LockScreenImageValue = "C:\ProgramData\sz\Wallpaper.jpg"
sIf ((Test-Path -Path $path) -eq $false)
{
New-Item -Path $path -ItemType directory
}
if (!(Test-Path $RegKeyPath))
{
Write-Host "Creating registry path $($RegKeyPath)."
New-Item -Path $RegKeyPath -Force | Out-Null
}
New-ItemProperty -Path $RegKeyPath -Name $LockScreenStatus -Value $StatusValue -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $LockScreenPath -Value $LockScreenImageValue -PropertyType STRING -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $LockScreenUrl -Value $LockScreenImageValue -PropertyType STRING -Force | Out-Null
RUNDLL32.EXE USER32.DLL, UpdatePerUserSystemParameters 1, True
我使用 Microsoft Win32 内容准备工具打包所有这些文件并将其作为 Win32 文件上传到 Intune 中.上传作品,分配到一组作品,安装成功.到目前为止一切都很好,我想.
I pack all these files with Microsoft Win32 Content Prep Tool and upload this in Intune as Win32 file. Upload works, assigning to a group works, installation is successful. All good so far, I thought.
如果我检查目录,图像在 %AllUsersProfile%\sz 中.但是当我检查 reg 时,条目没有设置.
If I check the directory, the image is in %AllUsersProfile%\sz. But when I check the reg, the entry is not set.
当我手动运行 copy.bat 文件时,它不起作用.只有当我以管理员身份运行它时.当我以管理员身份在 cmd 中运行最后一行时,所以
When I run the copy.bat file manually, It doesn't work. Only when I run it as administrator. When I run the last line in cmd as administrator, so
powershell -ExecutionPolicy Bypass -File Set-Lockscreen.ps1 -verb RunAs
它也能工作.
我认为 Intune 没有以管理员身份运行脚本.在 Intune 中没有配置要说,以管理员身份运行此命令.也许有语法?有人知道吗?类似的东西
I think Intune is not running the script as administrator. In Intune there is no configuration to say, run this command as administrator. Maybe with a syntax? Does anyone know this? Something like
copy.bat RunAs
我也导出 reg 文件并用
I also export the reg file and import this with
reg import PersonalizationLS.reg
没用.
我认为必须有一种方法可以在 intune 中执行安装命令以管理员身份运行脚本.它只需要最后一行管理员权限,没有管理员权限的 md 和复制工作.(对于重要的 reg 文件也是如此).
I think there must be a way to execute the installation command in intune to run the script as admin. It needs just for the last line the administrator privilege , md and copy work without administrator privileges. (same also for important reg file).
推荐答案
Windows PowerShell CLI (powershell.exe) 没有 -Verb 参数,只有Start-Processcmdlet 可以.
The Windows PowerShell CLI (powershell.exe) has no -Verb parameter, only the
Start-Process cmdlet does.
由于只有 powershell.exe 调用需要提升(运行广告管理员),请在批处理文件中尝试以下操作:
Since it is only the powershell.exe call that requires elevation (running ad admin), try the following in your batch file:
powershell -ExecutionPolicy Bypass -c Start-Process -Verb RunAs -Wait powershell.exe '-c Set-Location "\"\\\"%CD%\\\"\""; .\Set-Lockscreen.ps1'
但是,这仅适用于交互式执行,因为用户必须手动确认 UAC 安全对话框才能进行权限提升(以管理员身份运行) - 如果他们自己不是管理员,则必须提供管理员的凭据.
如果问题与从 32 位进程运行而需要 PowerShell 脚本在 64 位进程中运行有关(鉴于 32 位和 64 位进程具有单独的注册表配置单元),替换C:\Windows\SysNative\WindowsPowerShell\v1.0\powershell.exe 用于上述命令中的(第一个)powershell.
If the problem is related to running from a 32-bit process while needing the PowerShell script to run in a 64-bit process (given that 32-bit and 64-bit process have separate registry hives), substitute
C:\Windows\SysNative\WindowsPowerShell\v1.0\powershell.exe for (the first only) powershell in the command above.
这篇关于从 bat 为 Intune Win32 执行 PS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
