如何获取PowerShell脚本以删除其他计算机上的用户?
我正在本地测试一个脚本,以删除VM上的用户帐户。以下是脚本:如何获取PowerShell脚本以删除其他计算机上的用户?,powershell,scripting,virtual-machine,Powershell,Scripting,Virtual Machine,我正在本地测试一个脚本,以删除VM上的用户帐户。以下是脚本: #This script will do the following actions: #1.- Get a computer list from a TXT file #2.- Get a list of users from a TXT to be removed from the local users group #3.- Do a ping to every computer on the list, if the comp
#This script will do the following actions:
#1.- Get a computer list from a TXT file
#2.- Get a list of users from a TXT to be removed from the local users group
#3.- Do a ping to every computer on the list, if the computer is offline it will skip it and pass to the next one
#4.- If the computer answers the ping it will search into the local users group and if a user matches with a user from the user list it will be removed
#5.- Creates a log with all the transactions
# Log Time Variables
$Date = Get-Date -UFormat %b-%m-%Y
$Hour = (Get-Date).Hour
$Minutes = (Get-Date).Minute
$Log = "C:\Scripts\Remove-LocalAdmins Masive-" + $Date + "-" + $Hour + "-" + $Minutes + ".log"
#Creates a log file for this process
Start-Transcript -Path $Log -Force
#List of computers to be check
$ComputerNames = Get-Content "C:\Users\admin\Downloads\User Deletion Scripts\TestLocal.txt"
#Ping the computers on the list
foreach ($ComputerName in $ComputerNames) {
#If theres no ping answer pass to the next one
if ( -not(Test-Connection $ComputerName -Quiet -Count 1 -ErrorAction Continue )) {
Write-Output "Computer $ComputerName not reachable (PING) - Skipping this computer..." }
#If computer does answer the ping
Else { Write-Output "Computer $computerName is online"
#Search into Users
$LocalUsers = "Users"
$Group = [ADSI]("WinNT://$computerName/$localUsers,group")
$Group.Members() |
foreach {
$AdsPath = $_.GetType().InvokeMember('Adspath', 'GetProperty', $null, $_, $null)
$A = $AdsPath.split('/',[StringSplitOptions]::RemoveEmptyEntries)
$Names = $a[-1]
$Domain = $a[-2]
#Gets the list of users to be removed from a TXT that you specify and checks if theres a match in the local group
foreach ($name in $names) {
Write-Output "Verifying the local users on computer $computerName"
$localuser = Get-Content "C:\Users\admin\Downloads\User Deletion Scripts\TestUsers.txt"
foreach ($localuser in $localuser) {
if ($name -eq $localuser) {
#If it finds a match it will notify you and then remove the user from the local users group
Write-Output "User $localuser found on computer $computerName ... "
Remove-LocalUser $localuser
Write-Output "Removed" }}}}}
#Passes all the information of the operations made into the log file
}Stop-Transcript
当我测试它时,VM得到ping。但我得到的是:
The following exception occurred while retrieving member "Members": "The
network path was not found.
"
At C:\Users\admin\Downloads\User Deletion Scripts\Remove-LocalAdmins
Masive.ps1:39 char:1
+ $Group.Members() |
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemExceptio
n
+ FullyQualifiedErrorId : CatchFromBaseGetMember
也许我遗漏了一些关于防火墙的东西,但是我需要一种方法让这个脚本从我的计算机运行到虚拟机。我需要在脚本中修改什么来完成用户删除
根据下面的评论,我的脚本应该是这样的
$Computer = Get-Content "C:\Users\admin\Downloads\Delete-Users\Computer(s).txt"
Invoke-Command -ComputerName $ComputerName.Trim() -ScriptBlock {
#enable remoting
Enable-PSRemoting -Force
#Get local users from admin group
$LocalUsers = "Users"
$Group = [ADSI]("WinNT://$computerName/$localUsers,group")
$Group.Members() |
foreach {
$AdsPath = $_.GetType().InvokeMember('Adspath', 'GetProperty', $null, $_, $null)
$A = $AdsPath.split('/',[StringSplitOptions]::RemoveEmptyEntries)
$Names = $a[-1]
$Domain = $a[-2]
$LocalUser = foreach ($name in $names) {
Write-Output "Verifying the local users on computer $computerName"
$localuser = Get-Content "C:\Users\admin\Downloads\Delete-Users\User(s).txt"
foreach ($localuser in $localuser) {
if ($name -eq $localuser) {
Foreach($User in $LocalUser){
#Check if the user is the one to delete and delete it using Remove-LocalUser
Write-Output "User $localuser found on computer $computerName ... "
Remove-LocalUser $localuser
Write-Output "Removed"
}
}
}
}
}
}
确保文本文件不包含任何尾随空格 我想指出代码中的一些错误
不起作用,我相信这是一个输入错误,您可以理解这一点foreach($localuser中的localuser)
不起作用,因为Remove LocalUser$LocalUser
是来自虚拟机的用户,并且$LocalUser
在本地计算机中执行Remove LocalUser
Invoke命令中执行所有操作,如下所示
$Computer = Get-Content "C:\Users\admin\Downloads\User Deletion Scripts\TestLocal.txt"
Invoke-Command -CompuerName $ComputerName.Trim() -ScriptBlock {
#Get local users from admin group
$LocalUser = #Get all the local users
Foreach($User in $LocalUser){
#Check if the user is the one to delete and delete it using Remove-LocalUser
}
}
如果您的虚拟机位于hyper-V中,则可以使用不依赖于任何网络连接的PowerShell direct
请参阅有关PowerShell direct的详细信息。确保文本文件不包含任何尾随空格
我想指出代码中的一些错误
foreach($localuser中的localuser)
不起作用,我相信这是一个输入错误,您可以理解这一点
Remove LocalUser$LocalUser
不起作用,因为$LocalUser
是来自虚拟机的用户,并且Remove LocalUser
在本地计算机中执行
您可以在Invoke命令中执行所有操作,如下所示
$Computer = Get-Content "C:\Users\admin\Downloads\User Deletion Scripts\TestLocal.txt"
Invoke-Command -CompuerName $ComputerName.Trim() -ScriptBlock {
#Get local users from admin group
$LocalUser = #Get all the local users
Foreach($User in $LocalUser){
#Check if the user is the one to delete and delete it using Remove-LocalUser
}
}
如果您的虚拟机位于hyper-V中,则可以使用不依赖于任何网络连接的PowerShell direct
请参阅有关PowerShell direct的详细信息。您没有说明正在运行的PowerShell版本吗
v5有用于本地用户管理的cmdlet,如果您不在,则MS PS Gallery上有一个用于本地用户管理的模型
您正试图访问远程主机,但并没有说明如何进行PSRemting设置。也就是说,如果这是您的工作站和主机所在的域,或者它是一个工作组
您试图在远程主机上使用本地变量,但未设置该变量的作用域
- 必须启用PSRemoting才能使其工作
- 必须确定要远程使用的变量的范围
- 您需要使用Invoke命令在远程服务器上运行此代码
主持人
- 您必须是每个远程主机上的管理员
所以,这个中间部分应该改成这样
Else
{
Write-Output "Computer $computerName is online"
Invoke-Command -ComputerName $computerName -ScriptBlock {
# Search into Users
$LocalUsers = "Users"
$Group = [ADSI]("WinNT://$Using:computerName/$localUsers,group")
$Group.Members() |
foreach
{
$AdsPath = $_.GetType().InvokeMember('Adspath', 'GetProperty', $null, $_, $null)
$A = $AdsPath.split('/',[StringSplitOptions]::RemoveEmptyEntries)
$Names = $a[-1]
$Domain = $a[-2]
# Gets the list of users to be removed from a TXT that you specify and
# checks if theres a match in the local group
foreach ($name in $names)
{
Write-Output "Verifying the local users on computer $computerName"
$localuser = Get-Content "C:\Users\admin\Downloads\User Deletion Scripts\TestUsers.txt"
foreach ($localuser in $localuser)
{
if ($name -eq $localuser)
{
# If it finds a match it will notify you and then remove
# the user from the local users group
Write-Output "User $localuser found on computer $computerName ... "
Remove-LocalUser $localuser
Write-Output "Removed"
}
}
}
}
}
你没有说你正在运行哪个版本的PowerShell
v5有用于本地用户管理的cmdlet,如果您不在,则MS PS Gallery上有一个用于本地用户管理的模型
您正试图访问远程主机,但并没有说明如何进行PSRemting设置。也就是说,如果这是您的工作站和主机所在的域,或者它是一个工作组
您试图在远程主机上使用本地变量,但未设置该变量的作用域
- 必须启用PSRemoting才能使其工作
- 必须确定要远程使用的变量的范围
- 您需要使用Invoke命令在远程服务器上运行此代码
主持人
- 您必须是每个远程主机上的管理员
所以,这个中间部分应该改成这样
Else
{
Write-Output "Computer $computerName is online"
Invoke-Command -ComputerName $computerName -ScriptBlock {
# Search into Users
$LocalUsers = "Users"
$Group = [ADSI]("WinNT://$Using:computerName/$localUsers,group")
$Group.Members() |
foreach
{
$AdsPath = $_.GetType().InvokeMember('Adspath', 'GetProperty', $null, $_, $null)
$A = $AdsPath.split('/',[StringSplitOptions]::RemoveEmptyEntries)
$Names = $a[-1]
$Domain = $a[-2]
# Gets the list of users to be removed from a TXT that you specify and
# checks if theres a match in the local group
foreach ($name in $names)
{
Write-Output "Verifying the local users on computer $computerName"
$localuser = Get-Content "C:\Users\admin\Downloads\User Deletion Scripts\TestUsers.txt"
foreach ($localuser in $localuser)
{
if ($name -eq $localuser)
{
# If it finds a match it will notify you and then remove
# the user from the local users group
Write-Output "User $localuser found on computer $computerName ... "
Remove-LocalUser $localuser
Write-Output "Removed"
}
}
}
}
}
我正在运行Power Shell版本5,但如果可能的话,我希望能够在版本4和版本3上运行它,因为我计划将来在多台服务器上使用它。顺便说一下,我尝试了您的脚本,结果是:'连接到远程服务器失败,错误消息如下:WinRM客户端无法处理请求。默认身份验证可在以下条件下与IP地址一起使用:传输为HTTPS或目标位于TrustedHosts列表中,并提供显式凭据。使用winrm.cmd配置TrustedHosts。请注意,TrustedHosts列表中的计算机可能未通过身份验证。我正在使用PSexec远程执行脚本。那还能用吗?我现在运行的是Power Shell版本5,但如果可能的话,我希望能够在版本4和3上运行它,因为我计划将来在几个服务器上使用它。顺便说一下,我尝试了您的脚本,结果是:'连接到远程服务器失败,错误消息如下:WinRM客户端无法处理该请求。默认身份验证可在以下条件下与IP地址一起使用:传输为HTTPS或目标位于TrustedHosts列表中,并提供显式凭据。使用winrm.cmd配置TrustedHosts。请注意,TrustedHosts列表中的计算机可能未通过身份验证。我正在使用PSexec远程执行脚本。这仍然有效吗?因此本质上这将替换脚本的中间部分?这将替换整个脚本,您必须用适当的代码填充注释区域。如果提供连接,psexec
适用于任何虚拟机监控程序中的虚拟机如何使用修剪字符串?我对它不太熟悉。我按照你的建议修改了脚本。我现在的问题是上面提到的。它应该是这样的吗?所以本质上这将替换脚本的中间部分?这将替换整个脚本,您必须用适当的代码填充注释区域。如果提供连接,psexec
适用于任何虚拟机监控程序中的虚拟机如何使用修剪字符串?我对它不太熟悉。我按照你的建议修改了脚本。我现在的问题是上面提到的。应该是这样的吗?