使用带有凭据的删除项目

发布于 2024-09-06 17:26:39 字数 497 浏览 6 评论 0原文

我正在尝试使用Remove-Item cmdlet 作为系统自动化的一部分。这些文件存储在需要提升权限才能执行文件删除的服务器上。我有权访问用于此类自动化脚本的域管理员帐户。

下面的代码将构建 PSCredential 对象：

$password = New-Object System.Security.SecureString
"passwordhere".ToCharArray() | ForEach-Object { $password.AppendChar($_) }
$cred = New-Object System.Management.Automation.PSCredential("domain\username",$password)
$cred

我将此对象传递给以下操作：

Remove-Item -LiteralPath $path -Force -Credential $cred

有什么想法吗？

原文

I am attempting to use the Remove-Item cmdlet as part of an automation for a system. The files are stored on a server that requires elevated rights to perform the file deletion. I have access to a domain admin account that I use for such automation scripts.

The code below will build the PSCredential object:

$password = New-Object System.Security.SecureString
"passwordhere".ToCharArray() | ForEach-Object { $password.AppendChar($_) }
$cred = New-Object System.Management.Automation.PSCredential("domain\username",$password)
$cred

I am passing this object to the following action:

Remove-Item -LiteralPath $path -Force -Credential $cred

Any ideas?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

山人契 2024-09-13 17:26:39

我不清楚这些文件是本地的（您在服务器上运行脚本）还是远程的（在另一台机器上）。如果是本地尝试使用后台作业运行命令并将凭据传递给 Start-Job：

$job = Start-Job { Remove-Item -LiteralPath $path -force } -cred $cred 
Wait-Job $job
Receive-Job $job

如果是远程，请尝试使用远程处理：

Invoke-Command -computername servername `
               -scriptblock { Remove-Item -LiteralPath $path -force } `
               -Cred $cred

注意：这要求您在远程计算机上执行 Enable-PSRemoting。

一般来说，将原始密码放入脚本中并不是一个好主意。您可以使用 DPAPI 及更高版本以加密方式存储密码，只有该用户帐户才能解密密码，例如：

# Stick password into DPAPI storage once - accessible only by current user 
Add-Type -assembly System.Security 
$passwordBytes = [System.Text.Encoding]::Unicode.GetBytes("Open Sesame") 
$entropy = [byte[]](1,2,3,4,5) 
$encrytpedData = [System.Security.Cryptography.ProtectedData]::Protect( ` 
                       $passwordBytes, $entropy, 'CurrentUser') 
$encrytpedData | Set-Content -enc byte .\password.bin 

# Retrieve and decrypted password 
$encrytpedData = Get-Content -enc byte .\password.bin 
$unencrytpedData = [System.Security.Cryptography.ProtectedData]::Unprotect( ` 
                       $encrytpedData, $entropy, 'CurrentUser') 
$password = [System.Text.Encoding]::Unicode.GetString($unencrytpedData) 
$password

It's not clear to me if the files are local (you're running the script on the server) or remote (on another machine). If local try running the command using a background job and pass in the credentials to Start-Job:

$job = Start-Job { Remove-Item -LiteralPath $path -force } -cred $cred 
Wait-Job $job
Receive-Job $job

If they're remote, try using remoting:

Invoke-Command -computername servername `
               -scriptblock { Remove-Item -LiteralPath $path -force } `
               -Cred $cred

Note: This requires that you execute Enable-PSRemoting on the remote machine.

In general, putting raw passwords in your script isn't a great idea. You can store the password in an encrypted manner using DPAPI and later, only that user account can decrypt the password e.g.:

# Stick password into DPAPI storage once - accessible only by current user 
Add-Type -assembly System.Security 
$passwordBytes = [System.Text.Encoding]::Unicode.GetBytes("Open Sesame") 
$entropy = [byte[]](1,2,3,4,5) 
$encrytpedData = [System.Security.Cryptography.ProtectedData]::Protect( ` 
                       $passwordBytes, $entropy, 'CurrentUser') 
$encrytpedData | Set-Content -enc byte .\password.bin 

# Retrieve and decrypted password 
$encrytpedData = Get-Content -enc byte .\password.bin 
$unencrytpedData = [System.Security.Cryptography.ProtectedData]::Unprotect( ` 
                       $encrytpedData, $entropy, 'CurrentUser') 
$password = [System.Text.Encoding]::Unicode.GetString($unencrytpedData) 
$password

回复收藏 0 原文

可是我不能没有你 2024-09-13 17:26:39

由于授权，删除项目可能会失败。或者，找到每个文件的引用并使用 .Delete() 删除它，或者将所有文件移至回收站。

foreach ($svr in $computers) 
{
    Invoke-Command -ComputerName $svr { 

    $folderitems = Get-ChildItem $cachefolder -Recurse

    # Method 1: .Delete
    foreach ($cachefolderitem in $cachefolderitems)
    {
        if ($cachefolderitem -like "*.ini")
        {
            $cachefolderitem.Delete()
        }
    }

   # Method 2: Move all matching files to the recycle bin
   Move-Item "$cachefolder\*.ini" 'C:\$Recycle.Bin' -Force 
}

Remove-Item can fail due to authorisation. Alternatively, either find the reference for each file and hit it with a .Delete() or move all of the files to the recycle bin.

foreach ($svr in $computers) 
{
    Invoke-Command -ComputerName $svr { 

    $folderitems = Get-ChildItem $cachefolder -Recurse

    # Method 1: .Delete
    foreach ($cachefolderitem in $cachefolderitems)
    {
        if ($cachefolderitem -like "*.ini")
        {
            $cachefolderitem.Delete()
        }
    }

   # Method 2: Move all matching files to the recycle bin
   Move-Item "$cachefolder\*.ini" 'C:\$Recycle.Bin' -Force 
}

回复收藏 0 原文

~没有更多了~