非管理员远程 PowerShell 执行
我在目标服务器上以非管理员身份远程执行脚本时遇到问题。
这是我尝试运行的脚本的一部分:
New-PSSession -computername ServerA.DomainA.org -Credential $LoginCredentials
$PSServerA = Get-PSSession -computername bl ServerA.DomainA.org
Invoke-Command -Session $PSServerA -scriptblock {Add-PSSnapin Quest.ActiveRoles.ADManagement}
我收到以下错误:
加载扩展类型数据文件时发生以下错误:Quest.ActiveRoles.ADManagement,C:\Program Files\Quest Software\AD\Quest.ActiveRoles.ADManagement.Types.ps1xml 的管理外壳:由于以下原因跳过了文件以下验证异常:AuthorizationManager 检查失败..
这是我正在编写的帐户创建脚本的一小部分。我希望帮助台能够执行该脚本,尽管他们是服务器操作员组的成员,但他们不是目标服务器上管理员组的成员。我可以以它们的身份登录到目标服务器,并从标准(非管理员)PowerShell 提示符中成功运行命令 Add-PSSnapin。
目标服务器上的 ExecutionPolicy 不受限制。
我已授予用户对默认 microsoft.Powershell 远程会话配置的执行权限,这是成功的,因为他们可以打开会话。
所以我的问题是我需要为用户分配什么权限才能让他们远程执行命令?
I’m having a problem remotely executing scripts as a non administrator on the target server.
This is an portion of the scripts I’m trying to run:
New-PSSession -computername ServerA.DomainA.org -Credential $LoginCredentials
$PSServerA = Get-PSSession -computername bl ServerA.DomainA.org
Invoke-Command -Session $PSServerA -scriptblock {Add-PSSnapin Quest.ActiveRoles.ADManagement}
I get the following error:
The following error occurred while loading the extended type data file: Quest.ActiveRoles.ADManagement, C:\Program Files\Quest Software\Management Shell for AD\Quest.ActiveRoles.ADManagement.Types.ps1xml : File skipped because of the following validation exception: AuthorizationManager check failed..
This is a small part of an account creation script I’m writing. I want the helpdesk to be able to execute the script and they are not members of the administrators group on the target server although they are members of the server operators group. I can logon to the target server as them and from a Standard (non admin) PowerShell prompt I can successfully run the command the Add-PSSnapin.
The ExecutionPolicy on the target server is Unrestricted.
I have given the users Execute rights to the default microsoft.Powershell remote session configuration, this is successful as they can open the session.
So the question I have is what rights do I need to assign the users in order for them to execute the commands remotely?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可能遇到了 PowerShell 双跳限制。当您远程进入一台计算机然后尝试从那里访问另一台计算机时,PowerShell 不喜欢它。不过,我以前从未使用过 AD 管理单元。这是我最好的猜测。
您是否可以联系 AD 管理单元的开发人员寻求帮助?他们可能知道。
You're probably running into a PowerShell double-hop restriction. PowerShell doesn't like it when you remote into a machine and then try to access another computer from there. I've never used the AD snap-in before, though. This is my best guess.
Any chance you can contact the developer's of your AD snap-in for help? They might know.