Powershell 忽略输出-不应在屏幕上打印
我可以向特定用户或组添加Powershell 忽略输出-不应在屏幕上打印,powershell,Powershell,我可以向特定用户或组添加LogOnAsAService权限。在运行函数时,它显示输出 我的要求是它不应该打印输出 我有以下作为服务登录权限的工作功能 #region LogOnAsService-Right Function LogOnAsService-Right { param( [string] $Servername = ("{0}.{1}" -f $env:COMPUTERNAME.ToLower(), $env:USERDNSDOMAIN.ToLower()), [string] $
LogOnAsAService
权限。在运行函数时,它显示输出
我的要求是它不应该打印输出
我有以下作为服务登录权限的工作功能
#region LogOnAsService-Right
Function LogOnAsService-Right
{
param(
[string] $Servername = ("{0}.{1}" -f $env:COMPUTERNAME.ToLower(), $env:USERDNSDOMAIN.ToLower()),
[string] $username = ("{0}\{1}" -f $env:USERDOMAIN, $env:USERNAME)
)
try{
Invoke-Command -ComputerName $Servername -Script {
param([string] $username)
$tempPath = [System.IO.Path]::GetTempPath()
$import = Join-Path -Path $tempPath -ChildPath "import.inf"
if(Test-Path $import) { Remove-Item -Path $import -Force }
$export = Join-Path -Path $tempPath -ChildPath "export.inf"
if(Test-Path $export) { Remove-Item -Path $export -Force }
$secedt = Join-Path -Path $tempPath -ChildPath "secedt.sdb"
if(Test-Path $secedt) { Remove-Item -Path $secedt -Force }
try {
Write-Host ("Granting SeServiceLogonRight to user account: {0} on host: {1}." -f $username, $Servername)
$sid = ((New-Object System.Security.Principal.NTAccount($username)).Translate([System.Security.Principal.SecurityIdentifier])).Value
secedit /export /cfg $export
$sids = (Select-String $export -Pattern "SeServiceLogonRight").Line
foreach ($line in @("[Unicode]", "Unicode=yes", "[System Access]", "[Event Audit]", "[Registry Values]", "[Version]", "signature=`"`$CHICAGO$`"", "Revision=1", "[Profile Description]", "Description=GrantLogOnAsAService security template", "[Privilege Rights]", "$sids,*$sid")){
Add-Content $import $line
}
secedit /import /db $secedt /cfg $import
secedit /configure /db $secedt
gpupdate /force
Remove-Item -Path $import -Force
Remove-Item -Path $export -Force
Remove-Item -Path $secedt -Force
} catch {
Write-Host ("Failed to grant SeServiceLogonRight to user account: {0} on host: {1}." -f $username, $Servername)
$error[0]
}
} -ArgumentList $username
}
catch
{
$_.exception.message
}
}
#endregion
预期结果:它不应该在屏幕上打印每个步骤
实际结果-打印每个步骤:
The task has completed successfully.
See log %windir%\security\logs\scesrv.log for detail info.
Completed 1 percent (0/63) Process Privilege Rights area
Completed 3 percent (1/63) Process Privilege Rights area
Completed 4 percent (2/63) Process Privilege Rights area
Completed 6 percent (3/63) Process Privilege Rights area
Completed 7 percent (4/63) Process Privilege Rights area
Completed 9 percent (5/63) Process Privilege Rights area
Completed 11 percent (6/63) Process Privilege Rights area
Completed 12 percent (7/63) Process Privilege Rights area
Completed 14 percent (8/63) Process Privilege Rights area
Completed 15 percent (9/63) Process Privilege Rights area
Completed 17 percent (10/63) Process Privilege Rights area
Completed 19 percent (11/63) Process Privilege Rights area
Completed 20 percent (12/63) Process Privilege Rights area
Completed 22 percent (13/63) Process Privilege Rights area
Completed 23 percent (14/63) Process Privilege Rights area
Completed 25 percent (15/63) Process Privilege Rights area
Completed 25 percent (15/63) Process Group Membership area
Completed 49 percent (30/63) Process Group Membership area
Completed 49 percent (30/63) Process Registry Keys area
Completed 49 percent (30/63) Process File Security area
Completed 49 percent (30/63) Process Services area
Completed 65 percent (40/63) Process Services area
Completed 73 percent (45/63) Process Services area
Completed 73 percent (45/63) Process Security Policy area
Completed 77 percent (48/63) Process Security Policy area
Completed 84 percent (52/63) Process Security Policy area
Completed 88 percent (55/63) Process Security Policy area
Completed 93 percent (58/63) Process Security Policy area
Completed 100 percent (63/63) Process Security Policy area
The task has completed successfully.
See log %windir%\security\logs\scesrv.log for detail info.
Updating policy...
Computer Policy update has completed successfully.
User Policy update has completed successfully.
任务已成功完成。
有关详细信息,请参阅日志%windir%\security\logs\scesrv.log。
已完成百分之一(0/63)进程权限区域
已完成3%(1/63)进程权限区域
已完成4%(2/63)进程权限区域
已完成6%(3/63)进程权限区域
已完成7%(4/63)进程权限区域
已完成9%(5/63)进程权限区域
已完成11%(6/63)进程权限区域
已完成12%(7/63)进程权限区域
已完成14%(8/63)进程权限区域
已完成15%(9/63)进程权限区域
已完成17%(10/63)进程特权区域
完成19%(11/63)的进程特权区域
完成20%(12/63)的进程特权区域
完成22%(13/63)进程特权区域
完成23%(14/63)的进程特权区域
已完成25%(15/63)进程特权区域
完成25%(15/63)进程组成员区域
完成49%(30/63)的过程组成员区域
完成49%(30/63)进程注册表项区域
完成49%(30/63)进程文件安全区域
完成49%(30/63)的工艺服务区域
完成65%(40/63)的工艺服务区域
完成73%(45/63)的工艺服务领域
完成73%(45/63)进程安全策略区域
完成77%(48/63)进程安全策略区域
完成84%(52/63)进程安全策略区域
完成88%(55/63)进程安全策略区域
完成93%(58/63)进程安全策略区域
完成100%(63/63)进程安全策略区域
任务已成功完成。
有关详细信息,请参阅日志%windir%\security\logs\scesrv.log。
正在更新策略。。。
计算机策略更新已成功完成。
用户策略更新已成功完成。
你可以用
|输出为空
要设置不输出,即使它正在打印所有行输出来自第二个
secedit
Secedit
有一个名为/quiet
的可选参数,用于抑制屏幕和日志输出。您仍然可以使用Microsoft管理控制台(MMC)的安全配置和分析管理单元查看分析结果
比如:
Secedit /configure /db <database file name> [/cfg <configuration file name>] [/overwrite] [/areas SECURITYPOLICY | GROUP_MGMT | USER_RIGHTS | REGKEYS | FILESTORE | SERVICES] [/log <log file name>] [/quiet]
或者,您可以使用Out Null
或将其重定向到$Null
secedit /configure /db $secedt | Out-Null
secedit /configure /db $secedt > $null
所有这些都应该起作用
希望能有帮助 将不应该写入控制台的命令管道化为
Out Null
,将服务帐户权限授予用户会引发大量安全问题。如果您有一个需要作为服务运行的程序,请为该程序创建一个帐户以在其下运行,而不是将该权限授予用户。该文本似乎来自gpupdate.exe
。。。所以,如果你不使用它,你可以将它重定向到$Null。谢谢你的帮助是的,它工作了。。。“secedit/import/db$secedt/cfg$import | Out Null”
secedit /configure /db $secedt | Out-Null
secedit /configure /db $secedt > $null