仅通过计划任务拒绝PowerShell测试路径UNC访问

PowerShell 3

Windows 2012

主要次要构建修订

---

30-1-1

我有一些PowerShell脚本在过去几年中一直有效

现在，它们似乎无法通过计划任务成功运行

如果我在任务调度器之外手动运行PowerShell脚本，它将正常工作

脚本只是在UNC路径上创建一个新文件夹

尝试“测试路径”时出现访问被拒绝错误

这似乎是一个权限问题，但是，它使用相同的登录名工作，只需双击脚本

计划任务设置为使用与手动运行脚本时登录到服务器的凭据相同的凭据

我已经在调度程序中创建了一个新的基本任务，但它仍然无法工作

我已经将代码剥离到一个基本测试路径并创建了一个文件夹，但仍然无法工作

我创建了一个批处理文件来读取并在目录中创建一个文件夹，将其设置为通过计划任务运行，这样就可以了

错误输出：

C:\Scripts>c:

C:\Scripts>cd\scripts

C:\Scripts>powershell.exe c:\scripts\makefolder.ps1 

Creating New Folders...


Test-Path Result with SilentlyContinue... Does the folder exist already?

False

The folder is:  \\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions\MyTest



test-path : Access is denied
At C:\scripts\makefolder.ps1:23 char:6
+     IF (test-path -path $today_folder)
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: 
(\\intranet.myco...missions\My 
Test:String) [Test-Path], UnauthorizedAccessException
+ FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.Powe 
rShell.Commands.TestPathCommand

New-Item : Access is denied
At C:\scripts\makefolder.ps1:28 char:11
+             {New-Item -ItemType Directory -Path $today_folder
+              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : PermissionDenied: (\\intranet.myco...missions\My 
   Test:String) [New-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.Powe 
rShell.Commands.NewItemCommand

计划任务执行的批处理文件。这只是运行PowerShell脚本。我还删除了此批处理文件，并让计划任务直接运行PowerShell，结果相同：

c:
cd\scripts
powershell.exe c:\scripts\makefolder.ps1

Write-Host 'Creating New Folders...
' -fore black -back yellow



$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions\MyTest"


Write-Host 'Test-Path Result with SilentlyContinue... Does the folder exist already?
' -fore black -back yellow

test-path -path $today_folder -ErrorAction SilentlyContinue


write-host 'The folder is: ' $today_folder
write-host '

'


    IF (test-path -path $today_folder) 
        #Folder Already Exist
            { Write-Host $today_folder ":Already Exist, moving on..." -fore black -back green }
        ELSE
        #Create the Folder 
            {New-Item -ItemType Directory -Path $today_folder  
                    Write-Host $today_folder ":Created" -fore black -back yellow}



#To see the console window
sleep 5

#Read-Host -Prompt "Press Enter to exit"

@echo off
 echo Hello this a test batch file
 pause
net use L: "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"
 dir L:
 pause

mkdir L:\M2019

pause

net use L: /delete

echo all done
pause

下面是PowerShell脚本：

c:
cd\scripts
powershell.exe c:\scripts\makefolder.ps1

Write-Host 'Creating New Folders...
' -fore black -back yellow



$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions\MyTest"


Write-Host 'Test-Path Result with SilentlyContinue... Does the folder exist already?
' -fore black -back yellow

test-path -path $today_folder -ErrorAction SilentlyContinue


write-host 'The folder is: ' $today_folder
write-host '

'


    IF (test-path -path $today_folder) 
        #Folder Already Exist
            { Write-Host $today_folder ":Already Exist, moving on..." -fore black -back green }
        ELSE
        #Create the Folder 
            {New-Item -ItemType Directory -Path $today_folder  
                    Write-Host $today_folder ":Created" -fore black -back yellow}



#To see the console window
sleep 5

#Read-Host -Prompt "Press Enter to exit"

@echo off
 echo Hello this a test batch file
 pause
net use L: "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"
 dir L:
 pause

mkdir L:\M2019

pause

net use L: /delete

echo all done
pause

如果我只使用批处理文件执行类似的功能，它就会工作：

c:
cd\scripts
powershell.exe c:\scripts\makefolder.ps1

Write-Host 'Creating New Folders...
' -fore black -back yellow



$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions\MyTest"


Write-Host 'Test-Path Result with SilentlyContinue... Does the folder exist already?
' -fore black -back yellow

test-path -path $today_folder -ErrorAction SilentlyContinue


write-host 'The folder is: ' $today_folder
write-host '

'


    IF (test-path -path $today_folder) 
        #Folder Already Exist
            { Write-Host $today_folder ":Already Exist, moving on..." -fore black -back green }
        ELSE
        #Create the Folder 
            {New-Item -ItemType Directory -Path $today_folder  
                    Write-Host $today_folder ":Created" -fore black -back yellow}



#To see the console window
sleep 5

#Read-Host -Prompt "Press Enter to exit"

@echo off
 echo Hello this a test batch file
 pause
net use L: "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"
 dir L:
 pause

mkdir L:\M2019

pause

net use L: /delete

echo all done
pause

计划任务：

---

我通过在PowerShell脚本中添加网络使用和指定凭据使其正常工作

感谢@Adminof Things至少让我有了不同的想法

我不知道为什么这才开始发生。我也不明白为什么只有任务调度器的权限有问题。我使用了与登录时使用的登录凭据相同的登录凭据、创建任务的登录凭据以及存储在每个任务上的登录凭据

$user = 'corp\crazyuser'
$passwd = 'myPassword'

$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"


$subfolder = "TestFolder"


$complete_folder = $today_folder + '\' + $subfolder

#open path
NET USE $today_folder /user:$user $passwd 


    IF (test-path -path $complete_folder) 
        #Folder Already Exist
            { Write-Host $complete_folder ":Already Exist, moving on..." -fore black -back green }
        ELSE
        #Create the Folder 
            {New-Item -ItemType Directory -Path $complete_folder
                    Write-Host $complete_folder ":Created" -fore black -back yellow}

write-host '
Closing NET UNC path
'
NET USE /DELETE  $today_folder

---

我通过在PowerShell脚本中添加网络使用和指定凭据来实现这一点

感谢@Adminof Things至少让我有了不同的想法

我不知道为什么这才开始发生。我也不明白为什么只有任务调度器的权限有问题。我使用了与登录时使用的登录凭据相同的登录凭据、创建任务的登录凭据以及存储在每个任务上的登录凭据

$user = 'corp\crazyuser'
$passwd = 'myPassword'

$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"


$subfolder = "TestFolder"


$complete_folder = $today_folder + '\' + $subfolder

#open path
NET USE $today_folder /user:$user $passwd 


    IF (test-path -path $complete_folder) 
        #Folder Already Exist
            { Write-Host $complete_folder ":Already Exist, moving on..." -fore black -back green }
        ELSE
        #Create the Folder 
            {New-Item -ItemType Directory -Path $complete_folder
                    Write-Host $complete_folder ":Created" -fore black -back yellow}

write-host '
Closing NET UNC path
'
NET USE /DELETE  $today_folder

---

您是否以用户配置为在任务计划程序中运行作业的身份成功运行脚本？是。我以该用户的身份登录。如果我执行批处理或Powershell文件，它可以正常工作。此登录名也是计划任务的作者。如果将

测试路径

逻辑替换为

[System.IO.Directory]：：Exists（$today\u folder）

是否获得更好的结果？谢谢，嗯，建议的“[System.IO.Directory]：：Exists（$today\u folder）”没有错误但是现在错误转移到尝试创建文件夹：：New Item:Access在C:\scripts\makefolder.ps1:28 char:11+{New Item-ItemType Directory-Path$today\u folder+被拒绝，那么我想你可以用

[System.IO.Directory]：：CreateDirectory（$today\u folder）替换
New Item
逻辑

。您是否以配置为在任务计划程序中运行作业的用户的身份成功运行脚本？是的。我以该用户的身份登录。如果我执行批处理或Powershell文件，它工作正常。此登录名也是计划任务的作者。如果将

测试路径

逻辑替换为

[System.IO.Directory]：：存在（$today\u folder）

您得到了更好的结果吗？谢谢，嗯，您建议的“[System.IO.Directory]：：Exists（$today\u folder）”没有错误，但现在错误转移到尝试创建文件夹：：New Item:Access在C:\scripts\makefolder.ps1:28 char:11+{New Item-ItemType Directory-Path$today\u folder+，然后我想你可以用

[System.IO.Directory]：：CreateDirectory（$today\u folder）

替换

New Item

逻辑。如果你不想在脚本中输入密码，有一个破解方法：以足够的权限打开你的文件夹（例如域用户）以管理员身份打开powershell，并创建从UNC到本地路径的符号链接New Item-ItemType SymbolicLink-path“C:\LocalTemp\”-Value“\UNC”现在，您可以直接在powershell脚本中使用UNC路径，它将使用计划任务中提供的凭据打开它。计划任务中的凭据可能存在一些问题，但我认为这仍然比脚本中清除或伪混淆的密码更好。如果您不想拥有密码，则存在黑客攻击脚本中的ord：以足够的权限打开文件夹（例如，域用户）以管理员身份打开powershell，并创建从UNC到本地路径的符号链接新建项-ItemType symbolicink-path“C:\LocalTemp\”-Value“\UNC”现在，您可以直接在powershell脚本中使用UNC路径，它将使用计划任务中提供的凭据打开它。计划任务中的凭据可能存在一些问题，但我认为这仍然比脚本中清除或伪模糊的密码更好。