2011-03-27 124 views
1

今天我有同樣的問題,我找不到解決方案,在WEB中搜索讀噸文章,但沒有成功。 我在遠程計算機上運行PowerShell腳本的問題。 如果我在本地運行此腳本 - 它是有效的,但遠程不是。遠程PowerShell ps1執行問題

這是我的全部故事。

 

Server: 
Windows 2008 R2 with SP1 + latest updates 
FW – Off 
UAC – ON : 
- User Account Control: Use Admin Approval Mode for the built-in Administrator account – Disable 
- User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. – Disable 
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – Elevate without prompting 
- User Account Control: Detect application installations and prompt for elevation – Disable 
Domain: hardening.com 
Hostname: qwerty12345 

Version of PowerShell is Installed: 

PS C:\Windows\system32> $PSVersionTable 

Name       Value 
----       ----- 
CLRVersion      2.0.50727.5420 
BuildVersion     6.1.7601.17514 
PSVersion      2.0 
WSManStackVersion    2.0 
PSCompatibleVersions   {1.0, 2.0} 
SerializationVersion   1.1.0.1 
PSRemotingProtocolVersion  2.1 


Client: 
Windows 2008 R2 + latest updates 
FW – Off 
UAC – ON : 
- User Account Control: Use Admin Approval Mode for the built-in Administrator account – Disable 
- User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. – Disable 
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – Elevate without prompting 
- User Account Control: Detect application installations and prompt for elevation – Disable 
Domain: systemqa.com 

Version of PowerShell is Installed: 

PS C:\> $PSVersionTable 

Name       Value 
----       ----- 
CLRVersion      2.0.50727.4952 
BuildVersion     6.1.7600.16385 
PSVersion      2.0 
WSManStackVersion    2.0 
PSCompatibleVersions   {1.0, 2.0} 
SerializationVersion   1.1.0.1 
PSRemotingProtocolVersion  2.1 


• On Client installed also PowerCLI 


1. On Server , I have file "C:\Windows\Temp\ ConfigurationWinRM.ps1」 with following content: 
winrm set winrm/config/client `@`{TrustedHosts=`"`*`"`} 
winrm set winrm/config/winrs '@{MaxShellsPerUser="100"}' 

2. My mission run those script on remote 「Server」 machine. 

3. I run following script from 「Client」 machine but get always same errors: 
Message = Access is denied. 
Error number: -2147024891 0x80070005 

a. Example 1: 
$domainCrd = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "[email protected]$domainNameFQDN",$domainPASS 
$ComputerName = "qwerty12345.hardening.com" 

invoke-command -ComputerName $ComputerName -Credential $domainCrd -ScriptBlock { 
    $FileName = "ConfigurationWinRM.ps1" 
      $ItemLocation = "C:\Windows\Temp\" 
      powershell -NoProfile -Command ". $ItemLocation$FileName" 
} 

b. Example 2: 
$ComputerName = "qwerty12345.hardening.com" 

$securePassword = ConvertTo-SecureString "**********" -AsPlainText -force 
$credential = New-Object System.Management.Automation.PsCredential("$domainName\$domainUser",$securePassword) 

Invoke-Command -ComputerName $ComputerName -ScriptBlock { 
      $FileName = "ConfigurationWinRM.ps1" 
      $ItemLocation = "C:\Windows\Temp\" 
      powershell -Command ". $ItemLocation$FileName" 

} -Credential $credential 

c. Example 3: 
[ScriptBlock] $global:runFile = { 

$FileName = "ConfigurationWinRM.ps1" 
### $ItemLocation = "C:\Windows\Temp\" 
$ItemLocation = "$env:windir\Temp\" 

& "$ItemLocation$FileName" 
} 

RemotePowerShellConnect domain $runFile 


WSManFault 
    + CategoryInfo   : NotSpecified: (WSManFault:String) [], RemoteException 
    + FullyQualifiedErrorId : NativeCommandError 

    Message = Access is denied. 
Error number: -2147024891 0x80070005 
Access is denied. 
WSManFault 
    Message = Access is denied. 
Error number: -2147024891 0x80070005 
Access is denied. 
[vSphere PowerCLI] C:\> $error[0] | Format-List * -Force 


PSMessageDetails  : 
OriginInfo   : qwerty12345.hardening.com 
Exception    : System.Management.Automation.RemoteException: 
         Error number: -2147024891 0x80070005 
         Access is denied. 

TargetObject   : 
CategoryInfo   : NotSpecified: (:) [], RemoteException 
FullyQualifiedErrorId : NativeCommandErrorMessage 
ErrorDetails   : 
InvocationInfo  : 
PipelineIterationInfo : {} 



d. Example 4: 
[vSphere PowerCLI] C:\> [ScriptBlock] $global:www = { 
$FileName = "ConfigurationWinRM.ps1" 
$ItemLocation = "C:\Windows\Temp\" 

function Invoke-Admin() { 
    param ([string]$program = $(throw "Please specify a program"), 
      [string]$argumentString = "", 
      [switch]$waitForExit) 

    $psi = new-object "Diagnostics.ProcessStartInfo" 
    $psi.FileName = $program 
    $psi.Arguments = $argumentString 
    $psi.Verb = "runas" 
    $proc = [Diagnostics.Process]::Start($psi) 
    if ($waitForExit) { 
     $proc.WaitForExit(); 
    } 
} 

Write-Host -ForegroundColor Green "Invoke-Admin powershell $ItemLocation$FileName" 
Invoke-Admin powershell $ItemLocation$FileName 

} 

[vSphere PowerCLI] C:\> RemotePowerShellConnect domain $www 
Session state: Opened 
Session availability: Available 
Running 
Service is running ... 
You connect to VM Remote PowerShell ... 
Invoke-Admin powershell C:\Windows\Temp\ConfigurationWinRM.ps1 
[vSphere PowerCLI] C:\> 
[vSphere PowerCLI] C:\> 

Nothing heppend !!!!! No updates on remote 「Server」 machine !!! 

e. Example 5: 
.\tmp\psexec -d \\$hostNAME -u $domainName\$domainUser -p $myPASS cmd /C START /WAIT powershell %windir%\Temp\ConfigurationWinRM.ps1 

PsExec v1.98 - Execute processes remotely 
Copyright (C) 2001-2010 Mark Russinovich 
Sysinternals - www.sysinternals.com 


cmd started on qwerty12345 with process ID 3860. 
[vSphere PowerCLI] C:\> 

Nothing heppend !!!!! No updates on remote 「Server」 machine !!! 

+0

有關於它的全部源代碼,任何解決 的.ps1文件中沒有引用? – Kiquenet 2012-05-30 07:27:34

回答

1

上午我在讀糾正只有一個腳本文件,只有本地服務器上,而不是在任何遠程的客戶?

如果是這樣的話,那麼我認爲你應該試試這個語法:

$FileName = "ConfigurationWinRM.ps1" 
$ItemLocation = "C:\Windows\Temp\" 
Invoke-Command -ComputerName $ComputerName -filepath "$ItemLocation$FileName" -cred $credential 

我覺得發生了什麼,當你使用腳本塊語法是:定義本地機器上

  1. 腳本塊,封裝作爲對象
  2. 將scriptblock對象傳遞給每個遠程機器
  3. scriptblock在遠程機器上逐字執行,因此它在尋找g下對遠程機腳本文件位於C:\ WINDOWS \ TEMP(它不存在,所以它拋出一些BS拒絕訪問的錯誤)根據幫助信息的文件路徑參數,使用

- 文件路徑將執行以下操作來代替:

  1. 讀腳本文件在本地,轉換 內容一個腳本塊對象
  2. 腳本塊對象傳遞給每個 遠程機器
  3. 在 遠程機器上執行逐字
  4. 腳本塊,都在這一點上