远程 Powershell ps1 执行问题
今天我遇到了同样的问题,但找不到解决方案,在网络上搜索阅读了大量文章,但没有成功。 我在远程计算机上运行 PowerShell 脚本时遇到问题。 如果我在本地运行这个脚本 - 它可以工作,但远程则不行。
这就是我的完整故事。
Server:
Windows 2008 R2 with SP1 + latest updates
FW – Off
UAC – ON :
- User Account Control: Use Admin Approval Mode for the built-in Administrator account – Disable
- User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. – Disable
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – Elevate without prompting
- User Account Control: Detect application installations and prompt for elevation – Disable
Domain: hardening.com
Hostname: qwerty12345
Version of PowerShell is Installed:
PS C:\Windows\system32> $PSVersionTable
Name Value
---- -----
CLRVersion 2.0.50727.5420
BuildVersion 6.1.7601.17514
PSVersion 2.0
WSManStackVersion 2.0
PSCompatibleVersions {1.0, 2.0}
SerializationVersion 1.1.0.1
PSRemotingProtocolVersion 2.1
Client:
Windows 2008 R2 + latest updates
FW – Off
UAC – ON :
- User Account Control: Use Admin Approval Mode for the built-in Administrator account – Disable
- User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. – Disable
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – Elevate without prompting
- User Account Control: Detect application installations and prompt for elevation – Disable
Domain: systemqa.com
Version of PowerShell is Installed:
PS C:\> $PSVersionTable
Name Value
---- -----
CLRVersion 2.0.50727.4952
BuildVersion 6.1.7600.16385
PSVersion 2.0
WSManStackVersion 2.0
PSCompatibleVersions {1.0, 2.0}
SerializationVersion 1.1.0.1
PSRemotingProtocolVersion 2.1
• On Client installed also PowerCLI
1. On Server , I have file "C:\Windows\Temp\ ConfigurationWinRM.ps1” with following content:
winrm set winrm/config/client `@`{TrustedHosts=`"`*`"`}
winrm set winrm/config/winrs '@{MaxShellsPerUser="100"}'
2. My mission run those script on remote “Server” machine.
3. I run following script from “Client” machine but get always same errors:
Message = Access is denied.
Error number: -2147024891 0x80070005
a. Example 1:
$domainCrd = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "$domainUser@$domainNameFQDN",$domainPASS
$ComputerName = "qwerty12345.hardening.com"
invoke-command -ComputerName $ComputerName -Credential $domainCrd -ScriptBlock {
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
powershell -NoProfile -Command ". $ItemLocation$FileName"
}
b. Example 2:
$ComputerName = "qwerty12345.hardening.com"
$securePassword = ConvertTo-SecureString "**********" -AsPlainText -force
$credential = New-Object System.Management.Automation.PsCredential("$domainName\$domainUser",$securePassword)
Invoke-Command -ComputerName $ComputerName -ScriptBlock {
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
powershell -Command ". $ItemLocation$FileName"
} -Credential $credential
c. Example 3:
[ScriptBlock] $global:runFile = {
$FileName = "ConfigurationWinRM.ps1"
### $ItemLocation = "C:\Windows\Temp\"
$ItemLocation = "$env:windir\Temp\"
& "$ItemLocation$FileName"
}
RemotePowerShellConnect domain $runFile
WSManFault
+ CategoryInfo : NotSpecified: (WSManFault:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Message = Access is denied.
Error number: -2147024891 0x80070005
Access is denied.
WSManFault
Message = Access is denied.
Error number: -2147024891 0x80070005
Access is denied.
[vSphere PowerCLI] C:\> $error[0] | Format-List * -Force
PSMessageDetails :
OriginInfo : qwerty12345.hardening.com
Exception : System.Management.Automation.RemoteException:
Error number: -2147024891 0x80070005
Access is denied.
TargetObject :
CategoryInfo : NotSpecified: (:) [], RemoteException
FullyQualifiedErrorId : NativeCommandErrorMessage
ErrorDetails :
InvocationInfo :
PipelineIterationInfo : {}
d. Example 4:
[vSphere PowerCLI] C:\> [ScriptBlock] $global:www = {
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
function Invoke-Admin() {
param ( [string]$program = $(throw "Please specify a program" ),
[string]$argumentString = "",
[switch]$waitForExit )
$psi = new-object "Diagnostics.ProcessStartInfo"
$psi.FileName = $program
$psi.Arguments = $argumentString
$psi.Verb = "runas"
$proc = [Diagnostics.Process]::Start($psi)
if ( $waitForExit ) {
$proc.WaitForExit();
}
}
Write-Host -ForegroundColor Green "Invoke-Admin powershell $ItemLocation$FileName"
Invoke-Admin powershell $ItemLocation$FileName
}
[vSphere PowerCLI] C:\> RemotePowerShellConnect domain $www
Session state: Opened
Session availability: Available
Running
Service is running ...
You connect to VM Remote PowerShell ...
Invoke-Admin powershell C:\Windows\Temp\ConfigurationWinRM.ps1
[vSphere PowerCLI] C:\>
[vSphere PowerCLI] C:\>
Nothing heppend !!!!! No updates on remote “Server” machine !!!
e. Example 5:
.\tmp\psexec -d \\$hostNAME -u $domainName\$domainUser -p $myPASS cmd /C START /WAIT powershell %windir%\Temp\ConfigurationWinRM.ps1
PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
cmd started on qwerty12345 with process ID 3860.
[vSphere PowerCLI] C:\>
Nothing heppend !!!!! No updates on remote “Server” machine !!!
Today I have same issue and I cannot find solution, search in WEB read ton articles but without success.
My problem with running PowerShell script on remote machine.
If I run this script locally – it’s works, but remote not.
This is my full story.
Server:
Windows 2008 R2 with SP1 + latest updates
FW – Off
UAC – ON :
- User Account Control: Use Admin Approval Mode for the built-in Administrator account – Disable
- User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. – Disable
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – Elevate without prompting
- User Account Control: Detect application installations and prompt for elevation – Disable
Domain: hardening.com
Hostname: qwerty12345
Version of PowerShell is Installed:
PS C:\Windows\system32> $PSVersionTable
Name Value
---- -----
CLRVersion 2.0.50727.5420
BuildVersion 6.1.7601.17514
PSVersion 2.0
WSManStackVersion 2.0
PSCompatibleVersions {1.0, 2.0}
SerializationVersion 1.1.0.1
PSRemotingProtocolVersion 2.1
Client:
Windows 2008 R2 + latest updates
FW – Off
UAC – ON :
- User Account Control: Use Admin Approval Mode for the built-in Administrator account – Disable
- User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. – Disable
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – Elevate without prompting
- User Account Control: Detect application installations and prompt for elevation – Disable
Domain: systemqa.com
Version of PowerShell is Installed:
PS C:\> $PSVersionTable
Name Value
---- -----
CLRVersion 2.0.50727.4952
BuildVersion 6.1.7600.16385
PSVersion 2.0
WSManStackVersion 2.0
PSCompatibleVersions {1.0, 2.0}
SerializationVersion 1.1.0.1
PSRemotingProtocolVersion 2.1
• On Client installed also PowerCLI
1. On Server , I have file "C:\Windows\Temp\ ConfigurationWinRM.ps1” with following content:
winrm set winrm/config/client `@`{TrustedHosts=`"`*`"`}
winrm set winrm/config/winrs '@{MaxShellsPerUser="100"}'
2. My mission run those script on remote “Server” machine.
3. I run following script from “Client” machine but get always same errors:
Message = Access is denied.
Error number: -2147024891 0x80070005
a. Example 1:
$domainCrd = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "$domainUser@$domainNameFQDN",$domainPASS
$ComputerName = "qwerty12345.hardening.com"
invoke-command -ComputerName $ComputerName -Credential $domainCrd -ScriptBlock {
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
powershell -NoProfile -Command ". $ItemLocation$FileName"
}
b. Example 2:
$ComputerName = "qwerty12345.hardening.com"
$securePassword = ConvertTo-SecureString "**********" -AsPlainText -force
$credential = New-Object System.Management.Automation.PsCredential("$domainName\$domainUser",$securePassword)
Invoke-Command -ComputerName $ComputerName -ScriptBlock {
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
powershell -Command ". $ItemLocation$FileName"
} -Credential $credential
c. Example 3:
[ScriptBlock] $global:runFile = {
$FileName = "ConfigurationWinRM.ps1"
### $ItemLocation = "C:\Windows\Temp\"
$ItemLocation = "$env:windir\Temp\"
& "$ItemLocation$FileName"
}
RemotePowerShellConnect domain $runFile
WSManFault
+ CategoryInfo : NotSpecified: (WSManFault:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Message = Access is denied.
Error number: -2147024891 0x80070005
Access is denied.
WSManFault
Message = Access is denied.
Error number: -2147024891 0x80070005
Access is denied.
[vSphere PowerCLI] C:\> $error[0] | Format-List * -Force
PSMessageDetails :
OriginInfo : qwerty12345.hardening.com
Exception : System.Management.Automation.RemoteException:
Error number: -2147024891 0x80070005
Access is denied.
TargetObject :
CategoryInfo : NotSpecified: (:) [], RemoteException
FullyQualifiedErrorId : NativeCommandErrorMessage
ErrorDetails :
InvocationInfo :
PipelineIterationInfo : {}
d. Example 4:
[vSphere PowerCLI] C:\> [ScriptBlock] $global:www = {
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
function Invoke-Admin() {
param ( [string]$program = $(throw "Please specify a program" ),
[string]$argumentString = "",
[switch]$waitForExit )
$psi = new-object "Diagnostics.ProcessStartInfo"
$psi.FileName = $program
$psi.Arguments = $argumentString
$psi.Verb = "runas"
$proc = [Diagnostics.Process]::Start($psi)
if ( $waitForExit ) {
$proc.WaitForExit();
}
}
Write-Host -ForegroundColor Green "Invoke-Admin powershell $ItemLocation$FileName"
Invoke-Admin powershell $ItemLocation$FileName
}
[vSphere PowerCLI] C:\> RemotePowerShellConnect domain $www
Session state: Opened
Session availability: Available
Running
Service is running ...
You connect to VM Remote PowerShell ...
Invoke-Admin powershell C:\Windows\Temp\ConfigurationWinRM.ps1
[vSphere PowerCLI] C:\>
[vSphere PowerCLI] C:\>
Nothing heppend !!!!! No updates on remote “Server” machine !!!
e. Example 5:
.\tmp\psexec -d \\$hostNAME -u $domainName\$domainUser -p $myPASS cmd /C START /WAIT powershell %windir%\Temp\ConfigurationWinRM.ps1
PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
cmd started on qwerty12345 with process ID 3860.
[vSphere PowerCLI] C:\>
Nothing heppend !!!!! No updates on remote “Server” machine !!!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我的理解是否正确:只有一个脚本文件,仅在本地服务器上,而不在任何远程客户端上?
如果是这种情况,那么我认为您应该尝试以下语法:
我认为使用 scriptblock 语法时发生的情况是:
基于文件路径参数的帮助信息,使用 -filepath 将执行以下操作:
内容到
远程机器
远程机器,没有引用
此时根本没有 .ps1 文件
Am I correct in reading that there is just one script file, only on the local server, and not on any of the remote clients?
If that's the case, then I think you should try this syntax:
I think what's happening when you use the scriptblock syntax is:
Based on the help info the filepath parameter, using -filepath will do the following instead:
contents to a scriptblock object
remote machine
remote machine, no references to the
.ps1 file at all at this point