Powershell 带巧克力糖的ARM模板部署CSE在PS脚本上失败_Powershell_Azure_Chocolatey_Arm Template

Powershell 带巧克力糖的ARM模板部署CSE在PS脚本上失败

powershell azure

Powershell 带巧克力糖的ARM模板部署CSE在PS脚本上失败,powershell,azure,chocolatey,arm-template,Powershell,Azure,Chocolatey,Arm Template,我一直遵循这个ARM模板，通过Chocolate构建虚拟机并部署应用程序：尽管GitHub上的扩展显示为Linux扩展，而不是MS扩展，但我还是成功地部署了VM。但是，用于安装Chocolate的PowerShell自动化脚本失败长话短说，我发现它在Server2012上运行得非常好，但在Server2016上无法运行以下是PowerShell脚本： param([Parameter(Mandatory=$true)][string]$chocoPackages) cls #New-It

我一直遵循这个ARM模板，通过Chocolate构建虚拟机并部署应用程序：

尽管GitHub上的扩展显示为Linux扩展，而不是MS扩展，但我还是成功地部署了VM。但是，用于安装Chocolate的PowerShell自动化脚本失败

长话短说，我发现它在Server2012上运行得非常好，但在Server2016上无法运行

以下是PowerShell脚本：

param([Parameter(Mandatory=$true)][string]$chocoPackages)
cls

#New-Item "c:\jdchoco" -type Directory -force | Out-Null
#$LogFile = "c:\jdchoco\JDScript.log"
#$chocoPackages | Out-File $LogFile -Append

# Get username/password & machine name
$userName = "artifactInstaller"
[Reflection.Assembly]::LoadWithPartialName("System.Web") | Out-Null
$password = $([System.Web.Security.Membership]::GeneratePassword(12,4))
$cn = [ADSI]"WinNT://$env:ComputerName"

# Create new user
$user = $cn.Create("User", $userName)
$user.SetPassword($password)
$user.SetInfo()
$user.description = "Choco artifact installer"
$user.SetInfo()

# Add user to the Administrators group
$group = [ADSI]"WinNT://$env:ComputerName/Administrators,group"
$group.add("WinNT://$env:ComputerName/$userName")

# Create pwd and new $creds for remoting
$secPassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential("$env:COMPUTERNAME\$($username)", $secPassword)

# Ensure that current process can run scripts. 
#"Enabling remoting" | Out-File $LogFile -Append
Enable-PSRemoting -Force -SkipNetworkProfileCheck

#"Changing ExecutionPolicy" | Out-File $LogFile -Append
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force

# Install Choco
#"Installing Chocolatey" | Out-File $LogFile -Append
$sb = { iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')) }
Invoke-Command -ScriptBlock $sb -ComputerName $env:COMPUTERNAME -Credential $credential | Out-Null

#"Disabling UAC" | Out-File $LogFile -Append
$sb = { Set-ItemProperty -path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System -name EnableLua -value 0 }
Invoke-Command -ScriptBlock $sb -ComputerName $env:COMPUTERNAME -Credential $credential

#"Install each Chocolatey Package"
$chocoPackages.Split(";") | ForEach {
    $command = "cinst " + $_ + " -y -force"
    $command | Out-File $LogFile -Append
    $sb = [scriptblock]::Create("$command")

    # Use the current user profile
    Invoke-Command -ScriptBlock $sb -ArgumentList $chocoPackages -ComputerName $env:COMPUTERNAME -Credential $credential | Out-Null
}

Disable-PSRemoting -Force

# Delete the artifactInstaller user
$cn.Delete("User", $userName)

# Delete the artifactInstaller user profile
gwmi win32_userprofile | where { $_.LocalPath -like "*$userName*" } | foreach { $_.Delete() }

如果我要打开PowerShell ISE并直接在Server 2016计算机上运行它，系统会提示我以下错误：

[asdf] Connecting to remote server asdf failed with the following error message : Access is denied. For more information, 
see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (asdf:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken
[asdf] Connecting to remote server asdf failed with the following error message : Access is denied. For more information, 
see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (asdf:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken
Out-File : Cannot bind argument to parameter 'FilePath' because it is null.
At line:48 char:25
+     $command | Out-File $LogFile -Append
+                         ~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Out-File], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.OutFileCommand

[asdf] Connecting to remote server asdf failed with the following error message : Access is denied. For more information, 
see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (asdf:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken

“asdf”是机器的名称

我可以一步一步地运行代码，但在以下情况下它总是会失败：

Invoke-Command -ScriptBlock $sb -ComputerName $env:COMPUTERNAME -Credential $credential

我可以看到帐户被创建了，密码被创建了，它被分配了管理员权限，但我猜在某些地方它只是不喜欢将凭据传递到命令中的方式。为什么这在2012年有效，而不是2016年，我不知道。我不是PowerShell大师，因此非常感谢您的帮助。

要回答我自己的问题，似乎我必须运行winrm quickconfig，它在注册表中启用了以下项：

"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"
-Name 'LocalAccountTokenFilterPolicy' -Value '1' -PropertyType 'DWord'

因此，我调整了脚本，以在操作之前和之后包含以下代码段

之前：

# Enable LocalAccountTokenFilterPolicy
$LocalAccToken1 = Get-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"
If(!($LocalAccToken1.GetValue("LocalAccountTokenFilterPolicy") -eq 1)) {
    New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' `
    -Name 'LocalAccountTokenFilterPolicy' -Value '1' -PropertyType 'DWord' -Force
}

在我删除了“以防万一”的设置后，可能会产生邪恶活动：

# Disable LocalAccountTokenFilterPolicy
$LocalAccToken2 = Get-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"
If($LocalAccToken2.GetValue("LocalAccountTokenFilterPolicy") -eq 1) {
    Remove-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' `
    -Name 'LocalAccountTokenFilterPolicy' -Force
    }

…我希望MS更新他们的模板。

尽管GitHub上的扩展显示为Linux扩展，但不是MS one，这意味着什么？您还可以使用DSC资源制作巧克力，这可能要好得多。另外，在哪些调用命令上失败？GitHub模板将扩展显示为publisher:Microsoft.Azure.Extensions，而不是publisher:Microsoft.Compute。是的，我本来可以而且很想。。。改为使用DSC，但这不是最终客户想要的。请为他们提交pr