使用Powershell作为特定用户运行脚本块 [英] run script block as a specific user with Powershell

问题描述

当我使用具有-Credential $ cred

I am not getting anywhere when using Start-Process / Start-Job cmdlets with -Credential $cred

我有部署中的服务帐户（无人值守模式）。以前已经添加到本地管理员组。我想通过从管理员组中删除此用户并为该用户显式分配文件夹权限来减少潜在的损害。

I have a service account use in deployment (unattended mode). Previously it has been added to local administrator group. I want to reduce potential damage I could do by removing this user from admin group and explicitly assign folder permissions to this user.

• 我宁愿得到一个权限错误，而不是执行一些偶然发生的事情。
  删除项$ notdefined\ *

但是在这个相同的PowerShell脚本中，我想要能够提升执行以下操作：

However in this same powershell script i want to be able to elevate to execute things like:

• sc.exe


• 应用程序池重启
  一个管理员用户。

$job = Start-Job -ScriptBlock { 

param(
    [string]$myWebAppId
)

Import-Module WebAdministration

Write-Host "Will get the application pool of: IIS:\Sites\$myWebAppId and try to restart"
$appPoolName = Get-ItemProperty "IIS:\Sites\$myWebAppId" ApplicationPool 
Restart-WebAppPool "$($appPoolName.applicationPool)" 
Write-Host "restart of apppool succeeded."

} -Credential $cred -ArgumentList @("appname")

Write-Host "started completed"

Wait-Job $job

Write-Host "wait completed"

Receive-Job $job -Verbose

Write-Host "receive completed"

推荐答案

我最终使用WinRM quickconfig启用WinRM

I ended up enabling WinRM using WinRM quickconfig

我可以使用Invoke-Command

I was then able to use Invoke-Command

    $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

Invoke-Command {
    param(
        [string]$WebAppName 
    )
     #elevated command here

} -comp $computerName -cred $cred  -ArgumentList @("$myWebAppId")

这篇关于使用Powershell作为特定用户运行脚本块的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！