当前位置: 文江博客话题详情

使用远程 Powershell 运行空间中的脚本启动安装程序时无法启动服务

发布于 2024-09-26 05:49:54 字数 1553 浏览 1 评论 0原文

我正在使用具有远程运行空间的 powershell 在远程计算机上启动安装程序:

隐藏了一些代码,但您了解了要点...

我在 C# 中创建了我的 PSCredential:

PSCredential pwd = new PSCredential(cred.UserName,PowerShellEngine.GenerateSecurePassword(cred) 。密码)); 连接信息 = 新 WSManConnectionInfo( false,cred.HostName,5985,“/wsman”,“http://schemas.microsoft.com/powershell/Microsoft.PowerShell”,pwd); ConnectionInfo.AuthenticationMechanism = AuthenticationMechanism.Default;

创建运行空间,并执行脚本 Script

        //Load the script
        string script = System.IO.File.ReadAllText(scriptFileName);

        using (Runspace runspace = CreateRunSpace())
        {
            runspace.Open();
            Pipeline pipeline = runspace.CreatePipeline();
            pipeline.Commands.AddScript(script);

            if (parameters != null)
            {
                foreach (KeyValuePair<string, string> parm in parameters)
                {
                    pipeline.Commands[0].Parameters.Add(parm.Key, parm.Value);
                }
            }

            pipeline.Commands.Add("out-default");
            pipeline.Invoke();
        }

...(重要的部分)

$installStatement = [System.Diagnostics.Process]::Start( $App, $Switches ) $installStatement.WaitForExit() “进程退出代码:$LastExitCode”

进程启动正常..最终为:

MSI(s)(3C:18)[21:06:18:923]:产品:xxxx - 错误1920.Service xxxx无法启动。验证您是否有足够的权限来启动系统服务。

我已经验证该进程以本地管理员身份运行,该进程在使用 PSExec 的命令提示符下运行良好。我认为这一定与 WSMAN 权限或运行空间本身的安全性有关?

是否需要设置策略或其他内容来允许 powershell 运行空间能够在安装程序中启动服务?

谢谢,加文

原文

I'm launching an installer on a remote machine using powershell with a remote runspace:

some code hidden but you get the jist...

I create my PSCredential in C#:

PSCredential pwd = new PSCredential(cred.UserName,PowerShellEngine.GenerateSecurePassword(cred.Password));
ConnectionInfo = new WSManConnectionInfo(
false, cred.HostName, 5985, "/wsman","http://schemas.microsoft.com/powershell/Microsoft.PowerShell",pwd);
ConnectionInfo.AuthenticationMechanism = AuthenticationMechanism.Default;

Create the runspace, and execute the script

        //Load the script
        string script = System.IO.File.ReadAllText(scriptFileName);

        using (Runspace runspace = CreateRunSpace())
        {
            runspace.Open();
            Pipeline pipeline = runspace.CreatePipeline();
            pipeline.Commands.AddScript(script);

            if (parameters != null)
            {
                foreach (KeyValuePair<string, string> parm in parameters)
                {
                    pipeline.Commands[0].Parameters.Add(parm.Key, parm.Value);
                }
            }

            pipeline.Commands.Add("out-default");
            pipeline.Invoke();
        }

Script.... (the part that matters)

$installStatement = [System.Diagnostics.Process]::Start( $App, $Switches )
$installStatement.WaitForExit()
"Process Exit Code: $LastExitCode"

The process start fine.. end up with:

MSI (s) (3C:18) [21:06:18:923]: Product: xxxx -- Error 1920.Service xxxx failed to start. Verify that you have sufficient privileges to start system services.

I've verified the process runs as the local administrator which works fine from the command prompt is using PSExec. I assume this must have to do with WSMAN permissions or security wrapped around the runspace itself ?

Is there a policy or something that needs to be set to allow a powershell runspace to be able to start services in an installer?

Thanks, Gavin

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

怂人 2024-10-03 05:49:54

似乎 WinRM 在 NETWORK SERVICE 帐户下运行,该帐户可能没有启动/停止 Windows 服务的权限...

我无法将 Windows 远程管理更改为作为本地系统运行,因为其他服务(HTTP、RPCSS)依赖于它并且显然在同一进程下运行)

有没有办法授予网络服务启动/停止服务的能力?

Appears WinRM runs under the NETWORK SERVICE account which probably doesn't have permission to start/stop windows services...

I can't change Windows Remote Management to run as Local System because other services (HTTP, RPCSS) are dependent on it and are apparently running under the same process)

Is there a way to grant NETWORK Service the ability to start/stop services ?

回复 原文
紫罗兰の梦幻 2024-10-03 05:49:54

WinRM 服务应在网络服务下运行。它会冒充您运行脚本时设置的任何人。您能否检查一下您是否已应用您创建的凭据并且用户(通过凭据)是否能够启动服务?只需以该用户身份登录并尝试启动一些。

你也可以简化事情。使用启动服务的代码编写 Test.ps1 并运行此代码:

$pass = ConvertTo-SecureString "password" -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "domain\username", $pass 


Invoke-Command -ComputerName "remoteMachine" -FilePath "Test.ps1" -Credential $credentials -ArgumentList $parameters

如果所有设置都正确,您应该启动服务。

顺便说一句,在我看来,您正在以非常复杂的方式完成相对简单的任务。

WinRM service should run under network service. It will impersonate you to whoever you set when running the script. Could you please check that you have applied the credential you created and that user (from credentials) is able to start services? Just log in as this user and try to start some.

You could also simplify stuff. Write Test.ps1 with the code to start service and run this code:

$pass = ConvertTo-SecureString "password" -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "domain\username", $pass 


Invoke-Command -ComputerName "remoteMachine" -FilePath "Test.ps1" -Credential $credentials -ArgumentList $parameters

If all settings are correct you should get your service started.

On a side note, it looks to me that you are doing relatively simple task in a very complex way.

回复 原文
~没有更多了~

关于作者

诗化ㄋ丶相逢

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文