缺少凭据参数时，PowerShell以不同用户身份运行命令 [英] PowerShell run Command as different User when Credential Parameter is missing

问题描述

我需要运行常用的PowerShell命令，以在工作流之外的远程计算机上触发组策略更新。 该工作流在系统用户上下文中运行，该系统用户上下文不具有客户端上的本地管理员权限，无法强制远程。 因此，我使用"；Import-CliXml"；导入PowerShell凭据安全字符串，以便在客户端本地管理员用户的范围内运行该语句。

但是，我要使用的命令不支持本机Credential参数。并且我需要为远程客户端使用一个参数。 Invoke-GPUpdate -Computer $client -RandomDelayInMinutes 0

我尝试了互联网上的许多方法，但都不起作用：

Start-Process powershell.exe -Credential $credentials -ArgumentList $ProcessCommand -WorkingDirectory $env:windir -NoNewWindow -PassThru

Start-Process powershell.exe -wait -Credential $credentials -ArgumentList "-command &{Start-Process Powershell.exe -argumentlist '$($cmnd)' -verb runas -wait}"

如果我测试以远程客户端上的本地管理员用户身份启动的PowerShell控制台向外发送远程gpuldate，则可以正常工作。

有没有人有解决这个问题的办法？ 非常感谢！

推荐答案

当我使用PowerShell连接到远程计算机以在这些计算机上执行命令时，我通常会运行以下命令。我给您留下了一个代码示例，供您用来执行Invoke-GPUpdate

#Local Host Computer 
#$RequestingServer = $env:COMPUTERNAME

#Server List From Text File
#$ServerList = Get-Content 'C:	empservicetestservers.txt'

#Server List In Script 
$ServerList = 'Computer1','Computer2','Computer3','Computer4'

#Domain Admin Account 
[STRING]$DomainAccountName = (whoami)
[STRING]$DomainAccountName = $DomainAccountName.Split("")[1]
[STRING]$DomainAccountPassword = "Password01" #Obviously Change Password    
$DomainAccountSecurePassword = $DomainAccountPassword | ConvertTo-SecureString -AsPlainText -Force
$DomainCredentials = New-Object System.Management.Automation.PSCredential -ArgumentList $DomainAccountName, $DomainAccountSecurePassword
                
#Local Server Admin Account
[STRING] $LocalUser = "Administrator" #Obviously Change Account
[STRING] $LocalPassword = "Password01" #Obviously Change Password
$LocalSecurePassword = $LocalPassword | ConvertTo-SecureString -AsPlainText -Force
$LocalCredentials = New-Object System.Management.Automation.PSCredential -ArgumentList $LocalUser, $LocalSecurePassword

#If running on multiple computers / servers etc. - - See Lines 5 and 8
ForEach($ComputerName in $ServerList) {

    #Update Windows Something Locally - See Line 2
    #$DomainSession = New-PSSession -Computername $RequestingServer -Credential $DomainCredentials
    
    #Update Windows Something Remotely - See Lines 5 and 8
    $DomainSession = New-PSSession -Computername $ComputerName -Credential $DomainCredentials
        Invoke-Command -Session $DomainSession -ScriptBlock {   
        
        #Some commands need the computername currently using localhost...
        $GPUpdateServer = $Using:ComputerName
        #$GPUpdateServer = $Using:RequestingServer
        
        # enter code of what you plan to do... 
        Invoke-GPUpdate -Computer $GPUpdateServer -RandomDelayInMinutes 0
        }
} End of ForEach Statement

#If running on multiple computers / servers etc. - - See Lines 5 and 8
ForEach($ComputerName in $ServerList) {
    
    #Update Windows Something Locally - See Line 2
    #$LocalSession = New-PSSession -Computername $RequestingServer -Credential $LocalCredentials
    
    #Update Windows Something Remotely - See Lines 5 and 8
    $LocalSession = New-PSSession -Computername $ComputerName -Credential $LocalCredentials
        Invoke-Command -Session $LocalSession -ScriptBlock {
        
        #Some commands need the computername currently using localhost...
        $GPUpdateServer = $Using:ComputerName
        #$GPUpdateServer = $Using:RequestingServer
        
        # enter code of what you plan to do... 
        Invoke-GPUpdate -Computer $GPUpdateServer -RandomDelayInMinutes 0
        }
        
} End of ForEach Statement

这篇关于缺少凭据参数时，PowerShell以不同用户身份运行命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！