以管理员身份运行的Powershell不工作？_Powershell

以管理员身份运行的Powershell不工作？

powershell

以管理员身份运行的Powershell不工作？,powershell,Powershell,我需要一些方法以管理员身份运行下面的脚本获取安全事件日志的脚本： $DateAfter = (Get-Date).AddDays(-1) $DateBefore = (Get-Date) $EventLogTest = Get-EventLog -LogName Security -InstanceId 4625 -Before $DateBefore -After $DateAfter -Newest 5 $WinEventTest = Get-WinEvent -FilterHashtab

我需要一些方法以管理员身份运行下面的脚本

获取安全事件日志的脚本：

$DateAfter = (Get-Date).AddDays(-1)
$DateBefore = (Get-Date)
$EventLogTest = Get-EventLog -LogName Security -InstanceId 4625 -Before $DateBefore -After $DateAfter -Newest 5
$WinEventTest = Get-WinEvent -FilterHashtable @{ LogName = 'Security'; Id = 4625; StartTime = $DateAfter; EndTime = $DateBefore } -MaxEvents 5

Write-Host "$EventLogTest result is: "
$EventLogTest

Write-Host "$WinEventTest result is: "
$WinEventTest

我已经编译了下面的代码片段，但是不知怎么的，结果没有显示或者什么都没有？组合脚本：

$Role = "Domain Admins"
$CurrentLoginPrincipal = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent())
$IsDomainAdminGroupMember = $CurrentLoginPrincipal.IsInRole($Role)
$IsLocalComputerAdminMember = $CurrentLoginPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

If( -not ($IsDomainAdminGroupMember -and $IsLocalComputerAdminMember) ) {
    Write-Warning "You are not running this as $($Role) and Local Administrator of $($ENV:COMPUTERNAME).$($ENV:USERDNSDOMAIN). The script will be re-executed as Local Administrator"
    Try {
        Start-Process PowerShell -Verb RunAs "-NoProfile -ExecutionPolicy Bypass -Command `"cd '$pwd'; & '$PSCommandPath';`"" -Verbose
    }
    Catch {
       Write-Warning -Message "[PROCESS] Something wrong happened"
       Write-Warning -Message $Error[0].Exception.Message
        $out.Details = $_.Exception.Message
        Write-Host " ERROR: $($out.Details)" -ForegroundColor Red
    }
}
Else {
    #a user running the script has the Domain Admins and Local PC Admin rights
    Write-Host " $($CurrentLoginPrincipal.Identity.Name.ToString()) is currently member of $($Role) and Local Administrator of $($ENV:COMPUTERNAME).$($ENV:USERDNSDOMAIN) " -ForegroundColor Green
}

$DateAfter = (Get-Date).AddDays(-1)
$DateBefore = (Get-Date)
$EventLogTest = Get-EventLog -LogName Security -InstanceId 4625 -Before $DateBefore -After $DateAfter -Newest 5
$WinEventTest = Get-WinEvent -FilterHashtable @{ LogName = 'Security'; Id = 4625; StartTime = $DateAfter; EndTime = $DateBefore } -MaxEvents 5

Write-Host "$EventLogTest result is: "
$EventLogTest

Write-Host "$WinEventTest result is: "
$WinEventTest

但是，仍未以管理员身份执行，以显示结果。如何修复此问题？
我注意到的第一件事是，如果条件错误，您的
。它在应该是或的地方使用-和（因为域管理员或本地管理员都可以运行此操作）接下来，Start Process 的参数不正确。就个人而言，我喜欢使用-ArgumentList 作为数组最后，在catch 块中，使用未定义的变量$out ，该变量具有同样未定义的属性$out.Details 。在下面的代码中，我将其更改为只重新抛出异常从if..else 的位置开始： if( -not ($IsDomainAdminGroupMember -or $IsLocalComputerAdminMember) ) { Write-Warning "You are not running this as $($Role) or Local Administrator of $($ENV:COMPUTERNAME).$($ENV:USERDNSDOMAIN). The script will be re-executed as Local Administrator" # give the user some time to see this message Start-Sleep 4 # Build base arguments for powershell.exe as string array $argList = '-NoLogo', '-NoProfile', '-NoExit', '-ExecutionPolicy Bypass', '-File', ('"{0}"' -f $PSCommandPath) # Add script arguments if any $argList += $MyInvocation.BoundParameters.GetEnumerator() | ForEach-Object {"-$($_.Key)", "$($_.Value)"} try { Start-Process PowerShell.exe -Verb Runas -WorkingDirectory $pwd -ArgumentList $argList -Verbose -ErrorAction Stop # exit the current script. exit # Use return if you want to keep this instance open aswell } catch { throw } } else { #a user running the script has the Domain Admins and Local PC Admin rights Write-Host " $($CurrentLoginPrincipal.Identity.Name.ToString()) is currently member of $($Role) and Local Administrator of $($ENV:COMPUTERNAME).$($ENV:USERDNSDOMAIN) " -ForegroundColor Green } 你太酷了，谢谢你在这件事上的帮助。