今天我有同样的问题,我找不到解决方案,在WEB阅读文章中搜索但没有成功。 我在远程机器上运行PowerShell脚本的问题。 如果我在本地运行这个脚本 - 它可以工作,但不能远程运行。
这是我的全部故事。
Server:
Windows 2008 R2 with SP1 + latest updates
FW – Off
UAC – ON :
- User Account Control: Use Admin Approval Mode for the built-in Administrator account – Disable
- User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. – Disable
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – Elevate without prompting
- User Account Control: Detect application installations and prompt for elevation – Disable
Domain: hardening.com
Hostname: qwerty12345
Version of PowerShell is Installed:
PS C:\Windows\system32> $PSVersionTable
Name Value
---- -----
CLRVersion 2.0.50727.5420
BuildVersion 6.1.7601.17514
PSVersion 2.0
WSManStackVersion 2.0
PSCompatibleVersions {1.0, 2.0}
SerializationVersion 1.1.0.1
PSRemotingProtocolVersion 2.1
Client:
Windows 2008 R2 + latest updates
FW – Off
UAC – ON :
- User Account Control: Use Admin Approval Mode for the built-in Administrator account – Disable
- User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. – Disable
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – Elevate without prompting
- User Account Control: Detect application installations and prompt for elevation – Disable
Domain: systemqa.com
Version of PowerShell is Installed:
PS C:\> $PSVersionTable
Name Value
---- -----
CLRVersion 2.0.50727.4952
BuildVersion 6.1.7600.16385
PSVersion 2.0
WSManStackVersion 2.0
PSCompatibleVersions {1.0, 2.0}
SerializationVersion 1.1.0.1
PSRemotingProtocolVersion 2.1
• On Client installed also PowerCLI
1. On Server , I have file "C:\Windows\Temp\ ConfigurationWinRM.ps1” with following content:
winrm set winrm/config/client `@`{TrustedHosts=`"`*`"`}
winrm set winrm/config/winrs '@{MaxShellsPerUser="100"}'
2. My mission run those script on remote “Server” machine.
3. I run following script from “Client” machine but get always same errors:
Message = Access is denied.
Error number: -2147024891 0x80070005
a. Example 1:
$domainCrd = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "$domainUser@$domainNameFQDN",$domainPASS
$ComputerName = "qwerty12345.hardening.com"
invoke-command -ComputerName $ComputerName -Credential $domainCrd -ScriptBlock {
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
powershell -NoProfile -Command ". $ItemLocation$FileName"
}
b. Example 2:
$ComputerName = "qwerty12345.hardening.com"
$securePassword = ConvertTo-SecureString "**********" -AsPlainText -force
$credential = New-Object System.Management.Automation.PsCredential("$domainName\$domainUser",$securePassword)
Invoke-Command -ComputerName $ComputerName -ScriptBlock {
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
powershell -Command ". $ItemLocation$FileName"
} -Credential $credential
c. Example 3:
[ScriptBlock] $global:runFile = {
$FileName = "ConfigurationWinRM.ps1"
### $ItemLocation = "C:\Windows\Temp\"
$ItemLocation = "$env:windir\Temp\"
& "$ItemLocation$FileName"
}
RemotePowerShellConnect domain $runFile
WSManFault
+ CategoryInfo : NotSpecified: (WSManFault:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Message = Access is denied.
Error number: -2147024891 0x80070005
Access is denied.
WSManFault
Message = Access is denied.
Error number: -2147024891 0x80070005
Access is denied.
[vSphere PowerCLI] C:\> $error[0] | Format-List * -Force
PSMessageDetails :
OriginInfo : qwerty12345.hardening.com
Exception : System.Management.Automation.RemoteException:
Error number: -2147024891 0x80070005
Access is denied.
TargetObject :
CategoryInfo : NotSpecified: (:) [], RemoteException
FullyQualifiedErrorId : NativeCommandErrorMessage
ErrorDetails :
InvocationInfo :
PipelineIterationInfo : {}
d. Example 4:
[vSphere PowerCLI] C:\> [ScriptBlock] $global:www = {
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
function Invoke-Admin() {
param ( [string]$program = $(throw "Please specify a program" ),
[string]$argumentString = "",
[switch]$waitForExit )
$psi = new-object "Diagnostics.ProcessStartInfo"
$psi.FileName = $program
$psi.Arguments = $argumentString
$psi.Verb = "runas"
$proc = [Diagnostics.Process]::Start($psi)
if ( $waitForExit ) {
$proc.WaitForExit();
}
}
Write-Host -ForegroundColor Green "Invoke-Admin powershell $ItemLocation$FileName"
Invoke-Admin powershell $ItemLocation$FileName
}
[vSphere PowerCLI] C:\> RemotePowerShellConnect domain $www
Session state: Opened
Session availability: Available
Running
Service is running ...
You connect to VM Remote PowerShell ...
Invoke-Admin powershell C:\Windows\Temp\ConfigurationWinRM.ps1
[vSphere PowerCLI] C:\>
[vSphere PowerCLI] C:\>
Nothing heppend !!!!! No updates on remote “Server” machine !!!
e. Example 5:
.\tmp\psexec -d \\$hostNAME -u $domainName\$domainUser -p $myPASS cmd /C START /WAIT powershell %windir%\Temp\ConfigurationWinRM.ps1
PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
cmd started on qwerty12345 with process ID 3860.
[vSphere PowerCLI] C:\>
Nothing heppend !!!!! No updates on remote “Server” machine !!!
答案 0 :(得分:1)
我在阅读中是否只有一个脚本文件,仅在本地服务器上,而不是在任何远程客户端上?
如果是这种情况,那么我认为您应该尝试这种语法:
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
Invoke-Command -ComputerName $ComputerName -filepath "$ItemLocation$FileName" -cred $credential
我认为使用scriptblock语法时发生的事情是:
根据帮助信息filepath参数,使用-filepath将执行以下操作: