用于远程调用当前PowerShell的凭据 [英] Use current Powershell credentials for remote call

问题描述

我有一个用于远程调用其他服务器上的其他PowerShell脚本PowerShell脚本。该脚本用于关闭和不同的服务器上启动服务。 PowerShell脚本是在这样一种方式设置，所有我需要做的就是通过调用 serverStartStop [START | STOP]调用它，它会自动地，有条不紊进入服务器的列表并关闭服务的列表中的每个服务器上

I have a Powershell script that is used to remotely call other Powershell scripts on other servers. The script is used to shut down and start up services on the different servers. The Powershell script is setup in such a way that all I have to do is invoke it by calling serverStartStop [START|STOP] and it goes automatically and methodically to a list of servers and turns off a list of services on each server.

我最近有一个升级，需要一个批处理脚本启动一些服务后运行该系统。我能够远程调用批处理脚本，但批处理脚本调用尝试访问网络上共享另一个命令。因为正在使用的任何用户调用命令没有足够的权限来访问共享的命令失败。

I recently had an upgrade to the system that requires a batch script to be run after starting a few services. I'm able to call the batch script remotely, but the batch script calls another command that tries to access a share on the network. The command fails because whatever user is being used to call the command does not have sufficient privileges to access the share.

我试过几件事情要纠正这种情况，并做了一些研究，在PowerShell中和运行方式调用命令命令行C $ C>为Windows批处理命令。在运行方式命令要求对于用户来说，这是不能接受的，因为这是一个自动化的脚本的密码。没有人有任何想法，我怎样才能使这项工作不是让初始启动干净并且无需用户交互等或停止打电话？

I've tried several things to remedy this situation and done some research into the Invoke-Command commandlet in Powershell and the runas command for Windows Batch. The runas command asks for a password for the user, which is not acceptable as this is an automated script. Does anyone have any ideas as to how I can make this work cleanly and without user interaction other than making the initial START or STOP call?

推荐答案

在调用命令的-Credential方法可能是你想要的。我觉得这是pretty用于存储脚本使用凭据集加密的形式是有用的。

The -Credential method on Invoke-Command is probably what you want. I find this pretty useful for storing a credential set for scripting use in an encrypted fashion.

Add-Type -assembly System.Security

# String to Crypt
$passwordASCII = Read-Host -Prompt "Enter the Password"

# String to INT Array
$enc = [system.text.encoding]::Unicode
$clearPWD_ByteArray = $enc.GetBytes( $passwordASCII.tochararray())

# Crypting
$secLevel = [System.Security.Cryptography.DataProtectionScope]::LocalMachine
$bakCryptedPWD_ByteArray = [System.Security.Cryptography.ProtectedData]::Protect($clearPWD_ByteArray, $null, $secLevel)

# Store in Base 64 form
$B64PWD_ByteArray = [Convert]::ToBase64String($bakCryptedPWD_ByteArray)
Set-Content -LiteralPath c:\Temp\pass.txt -Value $B64PWD_ByteArray

<#>
Use...
Add-Type -assembly System.Security
$resCryptedPWD_ByteArray = [Convert]::FromBase64String((Get-Content -LiteralPath "$Password_File"))
$secLevel = [System.Security.Cryptography.DataProtectionScope]::LocalMachine
$clearPWD_ByteArray = [System.Security.Cryptography.ProtectedData]::Unprotect( $resCryptedPWD_ByteArray, $null, $secLevel )
$enc = [system.text.encoding]::Unicode

...To retrieve the password from $Password_File

Then use...

$enc.GetString($clearPWD_ByteArray)

...As your password
</#>

这篇关于用于远程调用当前PowerShell的凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！