Kịch bản khởi chạy PowerShell trong trường hợp mới

Question

Tôi có một số Kịch bản chính có một số tùy chọn. Khi bạn chọn 1 trong menu, hành động 1 sẽ được thực hiện và sau đó bạn sẽ quay lại trình đơn. Điều này làm việc tốt nhưng tôi muốn để có thể chọn ví dụ 8, mà khởi chạy khối mã của Permissions script trong một cửa sổ PowerShell mới. Tôi muốn có tất cả các mã trong một tập lệnh và không gọi một tập lệnh khác.

Tôi biết điều này có thể được thực hiện với 'Bắt ​​đầu quá trình quyền hạn' như được tìm thấy trong một số mối đe dọa. Thao tác này sẽ mở một cửa sổ PowerShell mới nhưng không thực thi khối mã đúng cách của mã số Quyền. Bất kỳ trợ giúp sẽ được đánh giá cao.

Thạc sĩ kịch bản:

<# Author: Me #> 
# Variables 
$User = [Environment]::UserName 
$OutputPath = "C:\Users\$User\Downloads\" 
# Functions 
Function Manager ($u) { 
$m = Get-ADObject -Identity $u.managedBy -Properties displayName,cn 
    if($m.ObjectClass -eq "user") { $m.displayName } Else{ $m.cn } } 
# Hit play 
do { 
    [int]$userMenuChoice = 0 
    cls 
    while ($userMenuChoice -lt 1 -or $userMenuChoice -gt 7) { 
    Write-Host "PowerShell for dummies" 
    Write-Host "__________________________________________________" 
    Write-Host "1. Groups created in the last 3 weeks" 
    Write-Host "2. Users created in the last 3 weeks" 
    Write-Host "3. All BEL Users" 
    Write-Host "4. Users with an incorrect display name or city" 
    Write-Host "5. Users de-provisioned within 3 weeks" 
    Write-Host "6. Files/Folders: Activate inheritance & set owner to admin" 
    Write-Host "7. Quit" 

    [int]$userMenuChoice = Read-Host "Please choose an option" 

    switch ($userMenuChoice) { 
     1{# Groups created in the last 3 weeks 
     $When = ((Get-Date).AddDays(-21)).Date 
     Get-ADGroup -SearchBase "OU=Groups,OU=BEL,OU=EU,DC=domain,DC=net" -Filter {whenCreated -ge $When} -Properties * | 
     Select whenCreated, cn, displayName, GroupScope, GroupCategory, description, info, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"New groups.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"New groups.csv"} 
     2{# Users created in the last 3 weeks 
     $When = ((Get-Date).AddDays(-21)).Date 
     Get-ADUser -SearchBase "OU=BEL,OU=EU,DC=domain,DC=net" -Filter {whenCreated -ge $When} -Properties * | Select whenCreated, Name,displayName, sn, givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"New users.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"New users.csv"} 
     3{# All BEL users 
     Get-ADUser -SearchBase "OU=Users,OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | Select whenCreated, @{Name="Lastlogon"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}, Name,displayName, sn, givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"BEL Service Accounts.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"BEL Service Accounts.csv"} 
     4{# Users with an incorrect display name or city 
     Get-ADUser -SearchBase "OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | where {$_.cn -NotLike "*$($_.l)*" -and $_.distinguishedname -notmatch 'OU=Terminated Users,OU=BEL,OU=EU,DC=grouphc,DC=net' -and $_.cn -ne "BNL Service Desk"} | Select whenCreated, Name,displayName, sn, givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"Incorrect users.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"Incorrect users.csv"} 
     5{# Users de-provisioned within 3 weeks 
     $LogonDate = ((Get-Date).AddDays(-80)).Date # GIT 104 days KB-3872 
     $CreaDate = ((Get-Date).AddDays(-60)).Date # GIT 60 days 
     $PwdDate = ((Get-Date).AddDays(-90)).Date # GIT 90 days 
     Get-ADUser -SearchBase "OU=Users,OU=BEL,OU=EU,DC=grouphc,DC=net" -Filter {(lastLogonDate -le $LogonDate) -and (WhenCreated -lt $CreaDate) -and (PwdLastSet -le $PwdDate)} -Properties * | Select LastLogonDate, WhenCreated, PasswordLastSet, Name, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"To be deprovisioned.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"To be deprovisioned.csv"} 
     6{# Files/Folders: Activate inheritance & set owner to admin 
     Get-ADUser -SearchBase "OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | where {$_.cn -NotLike "*$($_.l)*" -and $_.distinguishedname -notmatch 'OU=Terminated Users,OU=BEL,OU=EU,DC=grouphc,DC=net' -and $_.cn -ne "BNL Service Desk"} | Select whenCreated, Name,displayName, sn, givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"Incorrect users.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"Incorrect users.csv"} 
    } 
    } 
} while ($userMenuChoice -ne 7) 
cls 
Write-Host "We left here because there's nothing else to do.." 

Quyền kịch bản:

####### TO DO ####### 
$Target = "\\domain.net\SHARE\Target" 


# Change FOLDER owners to Admin 
If (Test-Path C:\PTemp) { Remove-Item C:\PTemp } 
New-Item -type directory -Path C:\PTemp > $null 

Write-Output "`nStart setting folder permissions on:" 

$Folders = @(Get-ChildItem -Path $Target -Directory -Recurse | Select-Object -ExpandProperty FullName) 
foreach ($Item1 in $Folders) 
{ 
# Action 
Write-Output $Item1 
$AdjustTokenPrivileges = @" 
using System; 
using System.Runtime.InteropServices; 

public class TokenManipulator 
{ 
    [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] 
    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, 
    ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen); 
    [DllImport("kernel32.dll", ExactSpelling = true)] 
    internal static extern IntPtr GetCurrentProcess(); 
    [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] 
    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr 
    phtok); 
    [DllImport("advapi32.dll", SetLastError = true)] 
    internal static extern bool LookupPrivilegeValue(string host, string name, 
    ref long pluid); 
    [StructLayout(LayoutKind.Sequential, Pack = 1)] 
    internal struct TokPriv1Luid 
    { 
    public int Count; 
    public long Luid; 
    public int Attr; 
    } 
    internal const int SE_PRIVILEGE_DISABLED = 0x00000000; 
    internal const int SE_PRIVILEGE_ENABLED = 0x00000002; 
    internal const int TOKEN_QUERY = 0x00000008; 
    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; 
    public static bool AddPrivilege(string privilege) 
    { 
    try 
    { 
    bool retVal; 
    TokPriv1Luid tp; 
    IntPtr hproc = GetCurrentProcess(); 
    IntPtr htok = IntPtr.Zero; 
    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); 
    tp.Count = 1; 
    tp.Luid = 0; 
    tp.Attr = SE_PRIVILEGE_ENABLED; 
    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); 
    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); 
    return retVal; 
    } 
    catch (Exception ex) 
    { 
    throw ex; 
    } 
    } 
    public static bool RemovePrivilege(string privilege) 
    { 
    try 
    { 
    bool retVal; 
    TokPriv1Luid tp; 
    IntPtr hproc = GetCurrentProcess(); 
    IntPtr htok = IntPtr.Zero; 
    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); 
    tp.Count = 1; 
    tp.Luid = 0; 
    tp.Attr = SE_PRIVILEGE_DISABLED; 
    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); 
    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); 
    return retVal; 
    } 
    catch (Exception ex) 
    { 
    throw ex; 
    } 
    } 
} 
"@ 
add-type $AdjustTokenPrivileges 
$Folder = Get-Item $Item1 
[void][TokenManipulator]::AddPrivilege("SeRestorePrivilege") 
[void][TokenManipulator]::AddPrivilege("SeBackupPrivilege") 
[void][TokenManipulator]::AddPrivilege("SeTakeOwnershipPrivilege") 
$NewOwnerACL = New-Object System.Security.AccessControl.DirectorySecurity 
$Admin = New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators") 
$NewOwnerACL.SetOwner($Admin) 
$Folder.SetAccessControl($NewOwnerACL) 
# Add folder Admins to ACL with Full Control to descend folder structure 
$Acl = Get-Acl -Path C:\PTemp 
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("BUILTIN\Administrators","FullControl","Allow") 
$Acl.SetAccessRule($Ar) 
Set-Acl $Item1 $Acl 
} 

# Change FILE owners to Admin 
If (Test-Path C:\PFile) { Remove-Item C:\PFile } 
New-Item -type file -Path C:\PFile > $null 

Write-Output "`nStart setting file permissions on:" 

$Files = @(Get-ChildItem -Path $Target -File -Recurse | Select-Object -ExpandProperty FullName) 
foreach ($Item2 in $Files) 
{ 
# Action 
Write-Output $Item2 
$Account = New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators") 
$FileSecurity = new-object System.Security.AccessControl.FileSecurity 
$FileSecurity.SetOwner($Account) 
[System.IO.File]::SetAccessControl($Item2, $FileSecurity) 
# Add file Admins to ACL with Full Control and activate inheritance 
$PAcl = Get-Acl -Path C:\PFile 
$PAr = New-Object system.security.accesscontrol.filesystemaccessrule("BUILTIN\Administrators","FullControl","Allow") 
$PAcl.SetAccessRule($PAr) 
Set-Acl $Item2 $PAcl 
} 

# Clean-up junk 
Write-Output "`nCleaning up.." 
rm C:\PTemp, C:\PFile 
Write-Output "`nAll done :)" 

gì tôi đã cố gắng cho đến nay, với một khối mã ngắn hơn nhưng cũng không thành công:

6{# Test 
Start-Process powershell {Get-ADUser -SearchBase "OU=Users,OU=BEL,OU=EU,DC=domain,DC=net" -Filter * -Properties * | Select whenCreated, @{Name="Lastlogon"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}, Name,displayName, sn, givenName, sAMAccountName, title, description, employeeType, info, department, company, homeDirectory, scriptPath, physicalDeliveryOfficeName, @{Label="Managed By"; expression= { Manager $_ } } | Export-Csv $OutputPath"BEL Service Accounts.csv" -NoTypeInformation -Delimiter ";" -Encoding utf8; start $OutputPath"BEL Service Accounts.csv"}}} 

Answer 1

Để khởi chạy trong một n cửa sổ PS bên ngoài, bạn có thể sử dụng như sau:

invoke-expression 'cmd /c start powershell -Command { [script block here] }' 

ví dụ .:

invoke-expression 'cmd /c start powershell -Command { write-host "Hi, new window!"; set-location "C:\"; get-childitem ; sleep 3}' 

Answer 2

dùng cmd để bắt đầu PowerShell ???

khởi động quá trình powershell -ArgumentList '-noexit -Command 'lệnh cho cái mới PowerShell''

Answer 3

Thay vì bắt đầu một cmd để bắt đầu một trường hợp PowerShell mới bạn có thể:

start powershell {echo hello} 

Để ngăn chặn lối thoát ngay lập tức của quyền mới bắt đầu:

start powershell {echo hello; Read-Host}