新实例中的PowerShell启动脚本_Powershell

新实例中的PowerShell启动脚本

powershell

新实例中的PowerShell启动脚本,powershell,Powershell,我有一个主脚本，它有几个选项。当您在菜单中选择1时，将执行操作1，然后返回菜单。这很好，但我希望能够选择示例8，它在新的PowerShell窗口中启动权限脚本的代码块。我希望所有代码都在一个脚本中，而不是调用另一个脚本我知道这可以通过几个威胁中的“启动进程powershell”实现。这会打开一个新的PowerShell窗口，但不会正确执行权限脚本的代码块。任何帮助都将不胜感激主脚本： <# Author: Me #> # Variables $User = [Environmen

我有一个主脚本，它有几个选项。当您在菜单中选择1时，将执行操作1，然后返回菜单。这很好，但我希望能够选择示例8，它在新的PowerShell窗口中启动权限脚本的代码块。我希望所有代码都在一个脚本中，而不是调用另一个脚本
我知道这可以通过几个威胁中的“启动进程powershell”实现。这会打开一个新的PowerShell窗口，但不会正确执行权限脚本的代码块。任何帮助都将不胜感激
主脚本：

<# Author: Me #> # Variables $User = [Environment]::UserName $OutputPath = "C:\Users\$User\Downloads\" # Functions Function Manager ($u) { $m = Get-ADObject -Identity $u.managedBy -Properties displayName,cn if($m.ObjectClass -eq "user") { $m.displayName } Else{ $m.cn } } # Hit play do { [int]$userMenuChoice = 0 cls while ( $userMenuChoice -lt 1 -or $userMenuChoice -gt 7) { Write-Host "PowerShell for dummies" Write-Host "__________________________________________________" Write-Host "1. Groups created in the last 3 weeks" Write-Host "2. Users created in the last 3 weeks" Write-Host "3. All BEL Users" Write-Host "4. Users with an incorrect display name or city" Write-Host "5. Users de-provisioned within 3 weeks" Write-Host "6. Files/Folders: Activate inheritance & set owner to admin" Write-Host "7. Quit" [int]$userMenuChoice = Read-Host "Please choose an option" switch ($userMenuChoice) { 1{# Groups created in the last 3 weeks $When = ((Get-Date).AddDays(-21)).Date Get-ADGroup -SearchBase "OU=Groups,OU=BEL,OU=EU,DC=domain,DC=net" -Filter {whenCreated -ge $When} -Properties * | Select whenCreated, cn, displayName, GroupScope, GroupCategory, description, info, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"New groups.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"New groups.csv"} 2{# Users created in the last 3 weeks $When = ((Get-Date).AddDays(-21)).Date Get-ADUser -SearchBase "OU=BEL,OU=EU,DC=domain,DC=net" -Filter {whenCreated -ge $When} -Properties * | Select whenCreated, Name,displayName, sn, givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"New users.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"New users.csv"} 3{# All BEL users Get-ADUser -SearchBase "OU=Users,OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | Select whenCreated, @{Name="Lastlogon"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}, Name,displayName, sn, givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"BEL Service Accounts.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"BEL Service Accounts.csv"} 4{# Users with an incorrect display name or city Get-ADUser -SearchBase "OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | where {$_.cn -NotLike "*$($_.l)*" -and $_.distinguishedname -notmatch 'OU=Terminated Users,OU=BEL,OU=EU,DC=grouphc,DC=net' -and $_.cn -ne "BNL Service Desk"} | Select whenCreated, Name,displayName, sn, givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"Incorrect users.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"Incorrect users.csv"} 5{# Users de-provisioned within 3 weeks $LogonDate = ((Get-Date).AddDays(-80)).Date # GIT 104 days KB-3872 $CreaDate = ((Get-Date).AddDays(-60)).Date # GIT 60 days $PwdDate = ((Get-Date).AddDays(-90)).Date # GIT 90 days Get-ADUser -SearchBase "OU=Users,OU=BEL,OU=EU,DC=grouphc,DC=net" -Filter {(lastLogonDate -le $LogonDate) -and (WhenCreated -lt $CreaDate) -and (PwdLastSet -le $PwdDate)} -Properties * | Select LastLogonDate, WhenCreated, PasswordLastSet, Name, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"To be deprovisioned.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"To be deprovisioned.csv"} 6{# Files/Folders: Activate inheritance & set owner to admin Get-ADUser -SearchBase "OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | where {$_.cn -NotLike "*$($_.l)*" -and $_.distinguishedname -notmatch 'OU=Terminated Users,OU=BEL,OU=EU,DC=grouphc,DC=net' -and $_.cn -ne "BNL Service Desk"} | Select whenCreated, Name,displayName, sn, givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"Incorrect users.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"Incorrect users.csv"} } } } while ( $userMenuChoice -ne 7 ) cls Write-Host "We left here because there's nothing else to do.."

####### TO DO ####### $Target = "\\domain.net\SHARE\Target" # Change FOLDER owners to Admin If (Test-Path C:\PTemp) { Remove-Item C:\PTemp } New-Item -type directory -Path C:\PTemp > $null Write-Output "`nStart setting folder permissions on:" $Folders = @(Get-ChildItem -Path $Target -Directory -Recurse | Select-Object -ExpandProperty FullName) foreach ($Item1 in $Folders) { # Action Write-Output $Item1 $AdjustTokenPrivileges = @" using System; using System.Runtime.InteropServices; public class TokenManipulator { [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen); [DllImport("kernel32.dll", ExactSpelling = true)] internal static extern IntPtr GetCurrentProcess(); [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); [StructLayout(LayoutKind.Sequential, Pack = 1)] internal struct TokPriv1Luid { public int Count; public long Luid; public int Attr; } internal const int SE_PRIVILEGE_DISABLED = 0x00000000; internal const int SE_PRIVILEGE_ENABLED = 0x00000002; internal const int TOKEN_QUERY = 0x00000008; internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; public static bool AddPrivilege(string privilege) { try { bool retVal; TokPriv1Luid tp; IntPtr hproc = GetCurrentProcess(); IntPtr htok = IntPtr.Zero; retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); tp.Count = 1; tp.Luid = 0; tp.Attr = SE_PRIVILEGE_ENABLED; retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); return retVal; } catch (Exception ex) { throw ex; } } public static bool RemovePrivilege(string privilege) { try { bool retVal; TokPriv1Luid tp; IntPtr hproc = GetCurrentProcess(); IntPtr htok = IntPtr.Zero; retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); tp.Count = 1; tp.Luid = 0; tp.Attr = SE_PRIVILEGE_DISABLED; retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); return retVal; } catch (Exception ex) { throw ex; } } } "@ add-type $AdjustTokenPrivileges $Folder = Get-Item $Item1 [void][TokenManipulator]::AddPrivilege("SeRestorePrivilege") [void][TokenManipulator]::AddPrivilege("SeBackupPrivilege") [void][TokenManipulator]::AddPrivilege("SeTakeOwnershipPrivilege") $NewOwnerACL = New-Object System.Security.AccessControl.DirectorySecurity $Admin = New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators") $NewOwnerACL.SetOwner($Admin) $Folder.SetAccessControl($NewOwnerACL) # Add folder Admins to ACL with Full Control to descend folder structure $Acl = Get-Acl -Path C:\PTemp $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("BUILTIN\Administrators","FullControl","Allow") $Acl.SetAccessRule($Ar) Set-Acl $Item1 $Acl } # Change FILE owners to Admin If (Test-Path C:\PFile) { Remove-Item C:\PFile } New-Item -type file -Path C:\PFile > $null Write-Output "`nStart setting file permissions on:" $Files = @(Get-ChildItem -Path $Target -File -Recurse | Select-Object -ExpandProperty FullName) foreach ($Item2 in $Files) { # Action Write-Output $Item2 $Account = New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators") $FileSecurity = new-object System.Security.AccessControl.FileSecurity $FileSecurity.SetOwner($Account) [System.IO.File]::SetAccessControl($Item2, $FileSecurity) # Add file Admins to ACL with Full Control and activate inheritance $PAcl = Get-Acl -Path C:\PFile $PAr = New-Object system.security.accesscontrol.filesystemaccessrule("BUILTIN\Administrators","FullControl","Allow") $PAcl.SetAccessRule($PAr) Set-Acl $Item2 $PAcl } # Clean-up junk Write-Output "`nCleaning up.." rm C:\PTemp, C:\PFile Write-Output "`nAll done :)"
到目前为止，我尝试的代码块更短，但也没有成功：

6{# Test Start-Process powershell {Get-ADUser -SearchBase "OU=Users,OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | Select whenCreated, @{Name="Lastlogon"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}, Name,displayName, sn, givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"BEL Service Accounts.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"BEL Service Accounts.csv"}}}

要在外部PS窗口中启动，可以使用以下命令：

invoke-expression 'cmd /c start powershell -Command { [script block here] }'
例如：

使用cmd启动powershell

start-process powershell -ArgumentList '-noexit -command 'Commands for the new PowerShell''

您可以：

start powershell {echo hello}
要防止新启动的powershell立即退出，请执行以下操作：

start powershell {echo hello; Read-Host}

虽然
start powershell
命令看起来更干净，但它不允许您使用
invoke expression
执行所有操作。例如，以下操作将打开一个新窗口，更改其标题和背景色，并使窗口保持打开状态：

invoke-expression 'cmd /c start powershell -NoExit -Command { ` cd -path $env:homedrive$env:homepath/Documents/MySillyFolder; ` $host.UI.RawUI.WindowTitle = "A Silly Little Title"; ` color -background "red"; ` }';
它还可以在另一个powershell脚本中正常运行

如果您尝试使用
启动powershell{…}
语法执行此操作，它将在标题更改行上显示错误，并且不会保持窗口打开。（我想可能有一些晦涩难懂的语法黑客会使
启动powershell
正常工作，但我还没有找到。）
谢谢Arco444，您的示例非常有效。但出于这样或那样的原因，它对我的代码块不起作用。可能是因为里面有.Net代码吗？错误是什么？确保使用
分隔命令，避开所有的引号和特殊字符等。命令将其单独调用，而不是试图将其传递到内联，当然更容易，所以我会认真考虑这一方法。您好，ARCO444您是对的，调用脚本可能更容易。现在让我们用谷歌搜索这个命令，这样我就可以使用它了。谢谢你给小费！我发现启动powershell 只能使用某些命令，而不能使用其他命令<代码>调用表达式
似乎更一般。请参阅我的答案，以获取示例。请注意，
start
是
start process
的别名，要在带有参数的新窗口中启动另一个脚本，请使用
start powershell{C:\script.ps1-arg1 value-arg2 value}
在单引号内使用双引号；否则，你早就断了线
invoke-expression 'cmd /c start powershell -NoExit -Command { ` cd -path $env:homedrive$env:homepath/Documents/MySillyFolder; ` $host.UI.RawUI.WindowTitle = "A Silly Little Title"; ` color -background "red"; ` }';