从非域成员的计算机修改 Powershell 中的 terminalservicesprofilepath
Modify terminalservicesprofilepath in Powershell from a machine that is non a member of the domain
我正在调用 powershell 来设置终端服务配置文件路径
在我创建的用户上,网络服务器不是我正在修改的域的成员..
我记得很久以前写powershell来修改用户的adnames,
但我不记得它是怎么做到的,我的 google-fu 让我失望了
$user = [ ADSI ] "LDAP://CN=abab.ababf,DC=AD,DC=JCSN,DC=org";
$user.psbase.Invokeset( "terminalservicesprofilepath", "\ad\rds\ProfileAlaska\abab.ababf" );
$user.setinfo();
这是我从一个更大的有效脚本中提取的代码片段。
我记得必须先登录到远程服务器...但我该怎么做?
问题原来是设置终端服务配置文件路径的旧东西太旧而无法接受凭据,所以我创建了一个 ps-session 并将它们包装在确实接受凭据的调用命令中。
这是我使用的完整解决方案,您可能需要对设置计算机的部件进行一些调整。
public void DoRDP( string sAdName, string sRdpPath )
{
//SetTerminalServiceProfilePath();
string s= QueryTerminalServices( WtsApi32.WTSUserConfigTerminalServerProfilePath );
string sPowerShell = "" + "\n" +
//==============================================================================================
//== modify this swtuff to get run once only - EWB
//==============================================================================================
// # enaqble remoting to .ddd, do before new-session - ewb "+ (only needs to be done once)
"Enable-PSRemoting –force" + "\n" +
"Set-ExecutionPolicy Unrestricted" + "\n" +
// add the ad server to teh trusted hosts (only needs to be done once)
"winrm s winrm/config/client '@{TrustedHosts=\"xx.xx.xxx.xxx\"}'"+
// also need to give the app pool idenity user win RM Access, run teh following on the command line (change app pool user name, if in different app pool (it's jus the name of the app pool) - EWB
// https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
// https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx
// Note: this took like 30 min to have an effect, maybe try bouncing iis and the app pools?
"net localgroup WinRMRemoteWMIUsers__ /add \"ASP.NET v4.0 Classic\""+
//==============================================================================================
"import-module ActiveDirectory; " + "\n" +
@"$Username = 'ad\xxxx'; " + "\n" +
"$Password = 'xxxx'; " + "\n" +
"$pass = ConvertTo-SecureString -AsPlainText $Password -Force" + "\n" +
"$SecureString = $pass; " + "\n" +
//# Users with password securly"+
"$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString; " + "\n" +
"$s = New-PSSession -ComputerName xxxxx -Credential $MySecureCreds; " + "\n" +
"if ($null -eq $s) \n{ \nthrow \"Error creating the session, it was null\" \n}" + "\n" +
@"Invoke-Command -Session $s -ScriptBlock {$user = [ ADSI ] 'LDAP://CN=" + sAdName + ",OU=xxxx Users,OU=xxxx,OU=xxxx,DC=AD,DC=xx,DC=org'; }; " + "\n" +
@"Invoke-Command -Session $s -ScriptBlock {$user.psbase.Invokeset( 'terminalservicesprofilepath', '" + sRdpPath + "' ); }; " + "\n" +
"Invoke-Command -Session $s -ScriptBlock {$user.setinfo()}; " + "\n" +
"Remove-PSSession $s; " + "\n";
RunScript( sPowerShell );
}
/// <summary>
/// Runs the given powershell script and returns the script output.
/// </summary>
/// <param name = "scriptText" > the powershell script text to run</param>
/// <returns>output of the script</returns>
private string RunScript( string scriptText )
{
try
{
var powerShell = PowerShell.Create().AddScript( scriptText );
var results = powerShell.Invoke();
var resList = results.ToList();
foreach ( dynamic item in resList )
{
if( item == null )
{
log.Trace( "item is null" );
}
else
{
log.Trace( item.ToString() );
}
}
return "";
}
catch ( Exception ex )
{
throw;
}
}
我正在调用 powershell 来设置终端服务配置文件路径 在我创建的用户上,网络服务器不是我正在修改的域的成员..
我记得很久以前写powershell来修改用户的adnames, 但我不记得它是怎么做到的,我的 google-fu 让我失望了
$user = [ ADSI ] "LDAP://CN=abab.ababf,DC=AD,DC=JCSN,DC=org";
$user.psbase.Invokeset( "terminalservicesprofilepath", "\ad\rds\ProfileAlaska\abab.ababf" );
$user.setinfo();
这是我从一个更大的有效脚本中提取的代码片段。
我记得必须先登录到远程服务器...但我该怎么做?
问题原来是设置终端服务配置文件路径的旧东西太旧而无法接受凭据,所以我创建了一个 ps-session 并将它们包装在确实接受凭据的调用命令中。
这是我使用的完整解决方案,您可能需要对设置计算机的部件进行一些调整。
public void DoRDP( string sAdName, string sRdpPath )
{
//SetTerminalServiceProfilePath();
string s= QueryTerminalServices( WtsApi32.WTSUserConfigTerminalServerProfilePath );
string sPowerShell = "" + "\n" +
//==============================================================================================
//== modify this swtuff to get run once only - EWB
//==============================================================================================
// # enaqble remoting to .ddd, do before new-session - ewb "+ (only needs to be done once)
"Enable-PSRemoting –force" + "\n" +
"Set-ExecutionPolicy Unrestricted" + "\n" +
// add the ad server to teh trusted hosts (only needs to be done once)
"winrm s winrm/config/client '@{TrustedHosts=\"xx.xx.xxx.xxx\"}'"+
// also need to give the app pool idenity user win RM Access, run teh following on the command line (change app pool user name, if in different app pool (it's jus the name of the app pool) - EWB
// https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
// https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx
// Note: this took like 30 min to have an effect, maybe try bouncing iis and the app pools?
"net localgroup WinRMRemoteWMIUsers__ /add \"ASP.NET v4.0 Classic\""+
//==============================================================================================
"import-module ActiveDirectory; " + "\n" +
@"$Username = 'ad\xxxx'; " + "\n" +
"$Password = 'xxxx'; " + "\n" +
"$pass = ConvertTo-SecureString -AsPlainText $Password -Force" + "\n" +
"$SecureString = $pass; " + "\n" +
//# Users with password securly"+
"$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString; " + "\n" +
"$s = New-PSSession -ComputerName xxxxx -Credential $MySecureCreds; " + "\n" +
"if ($null -eq $s) \n{ \nthrow \"Error creating the session, it was null\" \n}" + "\n" +
@"Invoke-Command -Session $s -ScriptBlock {$user = [ ADSI ] 'LDAP://CN=" + sAdName + ",OU=xxxx Users,OU=xxxx,OU=xxxx,DC=AD,DC=xx,DC=org'; }; " + "\n" +
@"Invoke-Command -Session $s -ScriptBlock {$user.psbase.Invokeset( 'terminalservicesprofilepath', '" + sRdpPath + "' ); }; " + "\n" +
"Invoke-Command -Session $s -ScriptBlock {$user.setinfo()}; " + "\n" +
"Remove-PSSession $s; " + "\n";
RunScript( sPowerShell );
}
/// <summary>
/// Runs the given powershell script and returns the script output.
/// </summary>
/// <param name = "scriptText" > the powershell script text to run</param>
/// <returns>output of the script</returns>
private string RunScript( string scriptText )
{
try
{
var powerShell = PowerShell.Create().AddScript( scriptText );
var results = powerShell.Invoke();
var resList = results.ToList();
foreach ( dynamic item in resList )
{
if( item == null )
{
log.Trace( "item is null" );
}
else
{
log.Trace( item.ToString() );
}
}
return "";
}
catch ( Exception ex )
{
throw;
}
}