BUILTIN\Administrators 和普通管理员组的区别
我有一个脚本,可以在虚拟机上启动应用程序并记录该应用程序的一些数据。由于 Powershell 脚本不允许我在前台运行应用程序,我决定在 2 分钟后安排一个任务,然后继续轮询任务完成情况。
我正在使用此命令来注册我的任务
$password= "password" | ConvertTo-SecureString -asPlainText -Force;
$username = "name";
$credential = New-Object System.Management.Automation.PSCredential($username,$password);
Invoke-Command -VMName INSTANCE_ID -Credential $credential -ScriptBlock
{
$gettime = (Get-Date).AddMinutes(2);
$run = $gettime.ToString('HH:mm');
$action = New-ScheduledTaskAction -Execute 'C:\logging.bat';
$trigger = New-ScheduledTaskTrigger -Once -At $run;
$principal = New-ScheduledTaskPrincipal -GroupID "BUILTIN\Administrators" -RunLevel Highest;
Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "ID_Logging_Task" -Description "my description"
}
它工作正常,但有一个问题,即只有在用户登录时才能正常运行。更多上下文 - https://learn.microsoft.com/en-us/powershell/module/scheduledtasks/new-scheduledtaskprincipal?view=windowsserver2022-ps(示例2)
所以我查看了Register-ScheduledTask的文档并看到我可以在注册任务时向命令提供用户名和密码。因此,我使用具有管理员权限的帐户的用户名并运行新命令:
$password= "password" | ConvertTo-SecureString -asPlainText -Force;
$username = "name";
$credential = New-Object System.Management.Automation.PSCredential($username,$password);
Invoke-Command -VMName INSTANCE_ID -Credential $credential -ScriptBlock
{
$gettime = (Get-Date).AddMinutes(2);
$run = $gettime.ToString('HH:mm');
$action = New-ScheduledTaskAction -Execute 'C:\logging.bat';
$trigger = New-ScheduledTaskTrigger -Once -At $run;
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "ID_Logging_Task" -RunLevel Highest -User "myUser" -Password "myPassword" -Description "my description"
}
“myUser”是这台计算机上的管理员。这解决了无需手动登录即可运行任务的问题,但现在我的应用程序在后台启动,而不是在前台启动,这是运行这些计划任务的全部目的。
我的问题是 BUILTIN\Administrators 和管理员帐户之间有什么区别。我该如何解决我的问题?我想使用 -GroupID“BUILTIN\Administrators”的权限运行我的任务,而无需实际登录计算机。
I have a script which launches an app on the VM and logs some data for the app. As Powershell script does not allow me to run the app in foreground I decided to schedule a task after 2 mins and then keep polling for the task completion.
I was using this command to register my task
$password= "password" | ConvertTo-SecureString -asPlainText -Force;
$username = "name";
$credential = New-Object System.Management.Automation.PSCredential($username,$password);
Invoke-Command -VMName INSTANCE_ID -Credential $credential -ScriptBlock
{
$gettime = (Get-Date).AddMinutes(2);
$run = $gettime.ToString('HH:mm');
$action = New-ScheduledTaskAction -Execute 'C:\logging.bat';
$trigger = New-ScheduledTaskTrigger -Once -At $run;
$principal = New-ScheduledTaskPrincipal -GroupID "BUILTIN\Administrators" -RunLevel Highest;
Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "ID_Logging_Task" -Description "my description"
}
It was working fine but it had a problem that it ran well only when the user was logged in. More context - https://learn.microsoft.com/en-us/powershell/module/scheduledtasks/new-scheduledtaskprincipal?view=windowsserver2022-ps (Example 2)
So I looked at the documentation of Register-ScheduledTask and saw that I can provide username and password to the command while registering the task. So I took the username of the account with Administrator privileges and ran the new command:
$password= "password" | ConvertTo-SecureString -asPlainText -Force;
$username = "name";
$credential = New-Object System.Management.Automation.PSCredential($username,$password);
Invoke-Command -VMName INSTANCE_ID -Credential $credential -ScriptBlock
{
$gettime = (Get-Date).AddMinutes(2);
$run = $gettime.ToString('HH:mm');
$action = New-ScheduledTaskAction -Execute 'C:\logging.bat';
$trigger = New-ScheduledTaskTrigger -Once -At $run;
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "ID_Logging_Task" -RunLevel Highest -User "myUser" -Password "myPassword" -Description "my description"
}
"myUser" is an administrator on this machine. This solved the problem of running the task without manually logging in but now my app is getting launched in the background instead of foreground which was the whole point of running these scheduled tasks.
My question is what is the difference between BUILTIN\Administrators and an Administrator account. And how do I solve my problem? I want to run my task with the privilege of -GroupID "BUILTIN\Administrators" without actually logging into the machine.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
组和帐户之间的区别
BuiltIn\Administrators 是您可以成为其成员的组。
管理员是新安装的 Windows 中的默认帐户,通常处于禁用状态。
有一种方法可以解决这个问题,也许比看起来更容易。
实现你想要的
让我们将其分为三个部分
启动虚拟机
如果您希望虚拟机始终运行,则可以将其设置为“永远开始”。这个选项很棒,因为它将与主机一起启动虚拟机,您甚至可以指定启动延迟,这很棒,因为这减轻了磁盘和 CPU 的压力,因为启动虚拟机会导致这两个资源出现峰值。
如果您这样做,则会负责启动虚拟机。
启动应用程序
对于下一部分,这就像您已经拥有的用于运行计划任务的语法一样简单。如果您想以域帐户运行并以管理员身份运行,只需使域帐户成为系统上“管理员”组的成员即可。
在前台运行
这是问题所在,但我不明白为什么这是一个问题。仅当用户登录计算机时,计划任务才会在前台运行。
通过此选项,您可以在用户登录计算机时让应用程序出现在用户的会话中,例如信息亭应用程序或销售点系统、仪表板显示等。
如果您将应用程序设置为无论用户是否登录都运行,那么它始终会在后台运行。
您确定这很重要吗?
使应用程序在启动时在前台运行
如果您希望应用程序无需登录即可运行,它将在后台运行。
如果你确实想让它在前台运行,那么只需将机器设置为自动登录即可。如果自动登录,那么它将登录并显示桌面,然后可以执行计划任务更改为“仅在用户登录时运行”,这将使其在前台运行。
但是,为什么有人需要虚拟机中的应用程序(本质上是无头的)在前台运行呢?
Difference between the group and account
BuiltIn\Administrators is a group you can be a member of.
Administrator is a default account that comes, normally disabled, on new Windows installations.
There is a way of fixing this problem, maybe easier than it seems.
Achieving what you want
Let's break doing this into three pieces
Launching the VM
If you want your VM to always be running, you can set it to 'Always Start'. This option is great because it will start the VM with the host, and you can even specify a startup delay, which is great because this lessens the pressure on disk and cpu, as starting a vm will incur a spike to both those resources.
If you do this, this takes care of starting the VM.
Launching the app
For the next piece this is as simple as the syntax you already have for running a scheduled task. If you want to run as a domain account and run as an administrator, just make the domain account a member of the 'Administrators' group on the system.
Running in Foreground
Here is the wrinkle, but I don't understand why this is an issue. Scheduled Tasks will only run in the Foreground when a user is logged into the machine.
This option is there so that you can make an app appear in the user's session when they log onto a computer, for things like Kiosk apps, or Point-Of-sale systems, dashboard displays and that sort of thing.
If you set an app to run whether or not a user is logged in, then it always will run in the background.
Are you sure this matters?
Making an app run in the foreground on boot
If you want an app to run without having to login, it will run in the background.
If you really want it to run in the foreground, then just set the machine to automatically log in. If it automatically log's in, then it will login and show the desktop, and then the scheduled task can be changed to 'Run only when a user is logged in', which will make it run in the foreground.
But why would someone need an App within a VM, which is by nature headless to run in the foreground?