如何让 windows' runas.exe 在没有提示的情况下从凭证管理器获取密码?
How to make windows' runas.exe take password from credential manager with no prompt?
我正在尝试创建一个快捷方式来从凭据管理器获取凭据,就像这样
cd C:\code\Kodex-1.4.3\EPD_Prerequisite\Anaconda2\
$line1 = "cd C:\Code\EPMD\Kodex-1.4.4\Applications\Bin\EpmdTaskManager"
$line2 = "start EpmdTaskManagerGui.exe hide"
$line1 | out-file auto1.bat -Encoding Ascii
$line2 | Out-File -append auto1.bat -Encoding Ascii
$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut("C:\Users\matanv.HOBART\Desktop\Kodex 1.4.4.lnk")
$Shortcut.TargetPath = """C:\WINDOWS\system32\runas.exe"""
$argA = "/user:%computername%\Admin /savecred"
$argB = """C:\code\Kodex-1.4.3\EPD_Prerequisite\Anaconda2\auto.bat"""
$Shortcut.Arguments = $argA + " " + $argB
$Shortcut.Save()
这工作正常,但有一个问题:我第一次 运行 脚本时,系统提示我输入密码。
我不想收到输入密码的提示,并使用某些(也许是其他)脚本将其存储在凭据管理器中。
如何做到?
谢谢
从评论移到这里 OP
这是关于这个 savecred 的事情要记住的事情。这真的很危险,这取决于你在哪里使用它。一旦你这样做了,就像你已经注意到的那样,AL 你必须做的就是传递帐户名并且永远不会得到提示,这意味着,即使是最简单的技能,任何人都可以走到并接管这台机器,即使你删除启动它的快捷方式,这些信用始终有效,一旦可以创建任何快捷方式,设置属性,他们就可以参加比赛了。
因此,虽然 savecred 确实很方便,但它应该仅限于使用它的人绝对控制的机器。 For Example.
无论如何,您可以在不使用 RunAs /SaveCred 的情况下获得 CredMan 的信用,是的,即使使用 PowerShell。有许多在线脚本向您展示如何操作,甚至直接来自 TechNet Powershell Gallery 和 MS powershellgallery.com.
How to add credentials to the Windows Vault (PowerShell)
This PowerShell script shows how add credentials for specific users.
来自 powershellgallery.com,通过您的 PowerShell 会话。
Find-Module -Name '*credentialmanager*' | Format-Table -AutoSize
Version Name Repository Description
------- ---- ---------- -----------
2.0 CredentialManager PSGallery Provides access to credentials in the Windows Credential Manager
1.1.1.0 IntelliTect.CredentialManager PSGallery Provides an easy-to-use interface to the Windows Credential Manager via PowerShell.
1.0.9 pscredentialmanager PSGallery This module allows management and automation of Windows cached credentials.
1.0.0.0 BAMCIS.CredentialManager PSGallery Provides a PowerShell wrapper around the Windows Credential Manager Win32 APIs.
另请参阅:
Manipulate credentials in the Windows 8/2012 PasswordVault using Powershell
This module demonstrates how to use the new Windows 8/2012
PasswordVault API from Powershell.
您也可以使用 built-in cmdkey.exe
Creates, lists, and deletes stored user names and passwords or
credentials.
但是您需要在用户上下文中 运行 才能执行此操作,而这正是 MS SysInternals PSExec 可以提供的。只需为 RunOnce / 在启动时创建一个 ScheduledTask 来触发执行此操作的命令。
好吧,我跑题了。因此,all-in-all,有几种方法可以在 windows 上设置 Kiosk 模式,并且 MS 已经记录了 Kiosk 模式一段时间了
(你不要说出你的目标 OS - 因为类似的文章对他们来说是存在的)。
对于 Win 10,它在这里:
以上提供了如何在 PowerShell 中设置此模式的直接说明,下面是这些步骤的片段,但请务必阅读整个文档。
Set up a kiosk using Windows PowerShell
App type: UWP OS edition: Windows 10 Pro, Ent, Edu Account type: Local
standard user
You can use any of the following PowerShell cmdlets to set up assigned
access on multiple devices. Before you run the cmdlet:
- Log in as administrator.
- Create the user account for Assigned Access.
- Log in as the Assigned Access user account.
- Install the Universal Windows app that follows the assigned
access/above the lock guidelines.
- Log out as the Assigned Access user account.
- Log in as administrator.
To open PowerShell on Windows 10, search for PowerShell and find
Windows PowerShell Desktop app in the results. Run PowerShell as
administrator.
# Configure assigned access by AppUserModelID and user name
Set-AssignedAccess -AppUserModelId <AUMID> -UserName <username>
# Configure assigned access by AppUserModelID and user SID
Set-AssignedAccess -AppUserModelId <AUMID> -UserSID <usersid>
# Configure assigned access by app name and user name
Set-AssignedAccess -AppName <CustomApp> -UserName <username>
# Configure assigned access by app name and user SID
Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>
Note To set up assigned access using -AppName, the user account that
you specify for assigned access must have logged on at least once.
Learn how to get the AUMID. Learn how to get the AppName (see
Parameters).
我正在尝试创建一个快捷方式来从凭据管理器获取凭据,就像这样
cd C:\code\Kodex-1.4.3\EPD_Prerequisite\Anaconda2\
$line1 = "cd C:\Code\EPMD\Kodex-1.4.4\Applications\Bin\EpmdTaskManager"
$line2 = "start EpmdTaskManagerGui.exe hide"
$line1 | out-file auto1.bat -Encoding Ascii
$line2 | Out-File -append auto1.bat -Encoding Ascii
$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut("C:\Users\matanv.HOBART\Desktop\Kodex 1.4.4.lnk")
$Shortcut.TargetPath = """C:\WINDOWS\system32\runas.exe"""
$argA = "/user:%computername%\Admin /savecred"
$argB = """C:\code\Kodex-1.4.3\EPD_Prerequisite\Anaconda2\auto.bat"""
$Shortcut.Arguments = $argA + " " + $argB
$Shortcut.Save()
这工作正常,但有一个问题:我第一次 运行 脚本时,系统提示我输入密码。
我不想收到输入密码的提示,并使用某些(也许是其他)脚本将其存储在凭据管理器中。
如何做到?
谢谢
从评论移到这里 OP
这是关于这个 savecred 的事情要记住的事情。这真的很危险,这取决于你在哪里使用它。一旦你这样做了,就像你已经注意到的那样,AL 你必须做的就是传递帐户名并且永远不会得到提示,这意味着,即使是最简单的技能,任何人都可以走到并接管这台机器,即使你删除启动它的快捷方式,这些信用始终有效,一旦可以创建任何快捷方式,设置属性,他们就可以参加比赛了。
因此,虽然 savecred 确实很方便,但它应该仅限于使用它的人绝对控制的机器。 For Example.
无论如何,您可以在不使用 RunAs /SaveCred 的情况下获得 CredMan 的信用,是的,即使使用 PowerShell。有许多在线脚本向您展示如何操作,甚至直接来自 TechNet Powershell Gallery 和 MS powershellgallery.com.
How to add credentials to the Windows Vault (PowerShell)
This PowerShell script shows how add credentials for specific users.
来自 powershellgallery.com,通过您的 PowerShell 会话。
Find-Module -Name '*credentialmanager*' | Format-Table -AutoSize
Version Name Repository Description
------- ---- ---------- -----------
2.0 CredentialManager PSGallery Provides access to credentials in the Windows Credential Manager
1.1.1.0 IntelliTect.CredentialManager PSGallery Provides an easy-to-use interface to the Windows Credential Manager via PowerShell.
1.0.9 pscredentialmanager PSGallery This module allows management and automation of Windows cached credentials.
1.0.0.0 BAMCIS.CredentialManager PSGallery Provides a PowerShell wrapper around the Windows Credential Manager Win32 APIs.
另请参阅:
Manipulate credentials in the Windows 8/2012 PasswordVault using Powershell
This module demonstrates how to use the new Windows 8/2012 PasswordVault API from Powershell.
您也可以使用 built-in cmdkey.exe
Creates, lists, and deletes stored user names and passwords or credentials.
但是您需要在用户上下文中 运行 才能执行此操作,而这正是 MS SysInternals PSExec 可以提供的。只需为 RunOnce / 在启动时创建一个 ScheduledTask 来触发执行此操作的命令。
好吧,我跑题了。因此,all-in-all,有几种方法可以在 windows 上设置 Kiosk 模式,并且 MS 已经记录了 Kiosk 模式一段时间了
(你不要说出你的目标 OS - 因为类似的文章对他们来说是存在的)。
对于 Win 10,它在这里:
以上提供了如何在 PowerShell 中设置此模式的直接说明,下面是这些步骤的片段,但请务必阅读整个文档。
Set up a kiosk using Windows PowerShell
App type: UWP OS edition: Windows 10 Pro, Ent, Edu Account type: Local standard user
You can use any of the following PowerShell cmdlets to set up assigned access on multiple devices. Before you run the cmdlet:
- Log in as administrator.
- Create the user account for Assigned Access.
- Log in as the Assigned Access user account.
- Install the Universal Windows app that follows the assigned access/above the lock guidelines.
- Log out as the Assigned Access user account.
- Log in as administrator.
To open PowerShell on Windows 10, search for PowerShell and find Windows PowerShell Desktop app in the results. Run PowerShell as administrator.
# Configure assigned access by AppUserModelID and user name
Set-AssignedAccess -AppUserModelId <AUMID> -UserName <username>
# Configure assigned access by AppUserModelID and user SID
Set-AssignedAccess -AppUserModelId <AUMID> -UserSID <usersid>
# Configure assigned access by app name and user name
Set-AssignedAccess -AppName <CustomApp> -UserName <username>
# Configure assigned access by app name and user SID
Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>
Note To set up assigned access using -AppName, the user account that you specify for assigned access must have logged on at least once. Learn how to get the AUMID. Learn how to get the AppName (see Parameters).