仅通过计划任务拒绝PowerShell测试路径UNC访问
PowerShell 3 Windows 2012 主要次要构建修订仅通过计划任务拒绝PowerShell测试路径UNC访问,powershell,task,access-denied,taskscheduler,unc,Powershell,Task,Access Denied,Taskscheduler,Unc,PowerShell 3 Windows 2012 主要次要构建修订 30-1-1 我有一些PowerShell脚本在过去几年中一直有效 现在,它们似乎无法通过计划任务成功运行 如果我在任务调度器之外手动运行PowerShell脚本,它将正常工作 脚本只是在UNC路径上创建一个新文件夹 尝试“测试路径”时出现访问被拒绝错误 这似乎是一个权限问题,但是,它使用相同的登录名工作,只需双击脚本 计划任务设置为使用与手动运行脚本时登录到服务器的凭据相同的凭据 我已经在调度程序中创建了一个新的基本任务,
30-1-1 我有一些PowerShell脚本在过去几年中一直有效 现在,它们似乎无法通过计划任务成功运行 如果我在任务调度器之外手动运行PowerShell脚本,它将正常工作 脚本只是在UNC路径上创建一个新文件夹 尝试“测试路径”时出现访问被拒绝错误 这似乎是一个权限问题,但是,它使用相同的登录名工作,只需双击脚本 计划任务设置为使用与手动运行脚本时登录到服务器的凭据相同的凭据 我已经在调度程序中创建了一个新的基本任务,但它仍然无法工作 我已经将代码剥离到一个基本测试路径并创建了一个文件夹,但仍然无法工作 我创建了一个批处理文件来读取并在目录中创建一个文件夹,将其设置为通过计划任务运行,这样就可以了 错误输出:
C:\Scripts>c:
C:\Scripts>cd\scripts
C:\Scripts>powershell.exe c:\scripts\makefolder.ps1
Creating New Folders...
Test-Path Result with SilentlyContinue... Does the folder exist already?
False
The folder is: \\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions\MyTest
test-path : Access is denied
At C:\scripts\makefolder.ps1:23 char:6
+ IF (test-path -path $today_folder)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied:
(\\intranet.myco...missions\My
Test:String) [Test-Path], UnauthorizedAccessException
+ FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.Powe
rShell.Commands.TestPathCommand
New-Item : Access is denied
At C:\scripts\makefolder.ps1:28 char:11
+ {New-Item -ItemType Directory -Path $today_folder
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (\\intranet.myco...missions\My
Test:String) [New-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.Powe
rShell.Commands.NewItemCommand
计划任务执行的批处理文件。这只是运行PowerShell脚本。我还删除了此批处理文件,并让计划任务直接运行PowerShell,结果相同:
c:
cd\scripts
powershell.exe c:\scripts\makefolder.ps1
Write-Host 'Creating New Folders...
' -fore black -back yellow
$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions\MyTest"
Write-Host 'Test-Path Result with SilentlyContinue... Does the folder exist already?
' -fore black -back yellow
test-path -path $today_folder -ErrorAction SilentlyContinue
write-host 'The folder is: ' $today_folder
write-host '
'
IF (test-path -path $today_folder)
#Folder Already Exist
{ Write-Host $today_folder ":Already Exist, moving on..." -fore black -back green }
ELSE
#Create the Folder
{New-Item -ItemType Directory -Path $today_folder
Write-Host $today_folder ":Created" -fore black -back yellow}
#To see the console window
sleep 5
#Read-Host -Prompt "Press Enter to exit"
@echo off
echo Hello this a test batch file
pause
net use L: "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"
dir L:
pause
mkdir L:\M2019
pause
net use L: /delete
echo all done
pause
下面是PowerShell脚本:
c:
cd\scripts
powershell.exe c:\scripts\makefolder.ps1
Write-Host 'Creating New Folders...
' -fore black -back yellow
$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions\MyTest"
Write-Host 'Test-Path Result with SilentlyContinue... Does the folder exist already?
' -fore black -back yellow
test-path -path $today_folder -ErrorAction SilentlyContinue
write-host 'The folder is: ' $today_folder
write-host '
'
IF (test-path -path $today_folder)
#Folder Already Exist
{ Write-Host $today_folder ":Already Exist, moving on..." -fore black -back green }
ELSE
#Create the Folder
{New-Item -ItemType Directory -Path $today_folder
Write-Host $today_folder ":Created" -fore black -back yellow}
#To see the console window
sleep 5
#Read-Host -Prompt "Press Enter to exit"
@echo off
echo Hello this a test batch file
pause
net use L: "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"
dir L:
pause
mkdir L:\M2019
pause
net use L: /delete
echo all done
pause
如果我只使用批处理文件执行类似的功能,它就会工作:
c:
cd\scripts
powershell.exe c:\scripts\makefolder.ps1
Write-Host 'Creating New Folders...
' -fore black -back yellow
$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions\MyTest"
Write-Host 'Test-Path Result with SilentlyContinue... Does the folder exist already?
' -fore black -back yellow
test-path -path $today_folder -ErrorAction SilentlyContinue
write-host 'The folder is: ' $today_folder
write-host '
'
IF (test-path -path $today_folder)
#Folder Already Exist
{ Write-Host $today_folder ":Already Exist, moving on..." -fore black -back green }
ELSE
#Create the Folder
{New-Item -ItemType Directory -Path $today_folder
Write-Host $today_folder ":Created" -fore black -back yellow}
#To see the console window
sleep 5
#Read-Host -Prompt "Press Enter to exit"
@echo off
echo Hello this a test batch file
pause
net use L: "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"
dir L:
pause
mkdir L:\M2019
pause
net use L: /delete
echo all done
pause
计划任务:
我通过在PowerShell脚本中添加网络使用和指定凭据使其正常工作 感谢@Adminof Things至少让我有了不同的想法 我不知道为什么这才开始发生。我也不明白为什么只有任务调度器的权限有问题。我使用了与登录时使用的登录凭据相同的登录凭据、创建任务的登录凭据以及存储在每个任务上的登录凭据
$user = 'corp\crazyuser'
$passwd = 'myPassword'
$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"
$subfolder = "TestFolder"
$complete_folder = $today_folder + '\' + $subfolder
#open path
NET USE $today_folder /user:$user $passwd
IF (test-path -path $complete_folder)
#Folder Already Exist
{ Write-Host $complete_folder ":Already Exist, moving on..." -fore black -back green }
ELSE
#Create the Folder
{New-Item -ItemType Directory -Path $complete_folder
Write-Host $complete_folder ":Created" -fore black -back yellow}
write-host '
Closing NET UNC path
'
NET USE /DELETE $today_folder
我通过在PowerShell脚本中添加网络使用和指定凭据来实现这一点 感谢@Adminof Things至少让我有了不同的想法 我不知道为什么这才开始发生。我也不明白为什么只有任务调度器的权限有问题。我使用了与登录时使用的登录凭据相同的登录凭据、创建任务的登录凭据以及存储在每个任务上的登录凭据
$user = 'corp\crazyuser'
$passwd = 'myPassword'
$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"
$subfolder = "TestFolder"
$complete_folder = $today_folder + '\' + $subfolder
#open path
NET USE $today_folder /user:$user $passwd
IF (test-path -path $complete_folder)
#Folder Already Exist
{ Write-Host $complete_folder ":Already Exist, moving on..." -fore black -back green }
ELSE
#Create the Folder
{New-Item -ItemType Directory -Path $complete_folder
Write-Host $complete_folder ":Created" -fore black -back yellow}
write-host '
Closing NET UNC path
'
NET USE /DELETE $today_folder
您是否以用户配置为在任务计划程序中运行作业的身份成功运行脚本?是。我以该用户的身份登录。如果我执行批处理或Powershell文件,它可以正常工作。此登录名也是计划任务的作者。如果将
测试路径
逻辑替换为[System.IO.Directory]::Exists($today\u folder)
是否获得更好的结果?谢谢,嗯,建议的“[System.IO.Directory]::Exists($today\u folder)”没有错误但是现在错误转移到尝试创建文件夹::New Item:Access在C:\scripts\makefolder.ps1:28 char:11+{New Item-ItemType Directory-Path$today\u folder+被拒绝,那么我想你可以用[System.IO.Directory]::CreateDirectory($today\u folder)替换New Item
逻辑
。您是否以配置为在任务计划程序中运行作业的用户的身份成功运行脚本?是的。我以该用户的身份登录。如果我执行批处理或Powershell文件,它工作正常。此登录名也是计划任务的作者。如果将测试路径
逻辑替换为[System.IO.Directory]::存在($today\u folder)
您得到了更好的结果吗?谢谢,嗯,您建议的“[System.IO.Directory]::Exists($today\u folder)”没有错误,但现在错误转移到尝试创建文件夹::New Item:Access在C:\scripts\makefolder.ps1:28 char:11+{New Item-ItemType Directory-Path$today\u folder+,然后我想你可以用[System.IO.Directory]::CreateDirectory($today\u folder)
替换New Item
逻辑。如果你不想在脚本中输入密码,有一个破解方法:以足够的权限打开你的文件夹(例如域用户)以管理员身份打开powershell,并创建从UNC到本地路径的符号链接New Item-ItemType SymbolicLink-path“C:\LocalTemp\”-Value“\UNC”现在,您可以直接在powershell脚本中使用UNC路径,它将使用计划任务中提供的凭据打开它。计划任务中的凭据可能存在一些问题,但我认为这仍然比脚本中清除或伪混淆的密码更好。如果您不想拥有密码,则存在黑客攻击脚本中的ord:以足够的权限打开文件夹(例如,域用户)以管理员身份打开powershell,并创建从UNC到本地路径的符号链接新建项-ItemType symbolicink-path“C:\LocalTemp\”-Value“\UNC”现在,您可以直接在powershell脚本中使用UNC路径,它将使用计划任务中提供的凭据打开它。计划任务中的凭据可能存在一些问题,但我认为这仍然比脚本中清除或伪模糊的密码更好。