简单的 Powershell 问题(创建本地 ID 并添加本地管理员组以及一些检查)
Simple Powershell questions (Creating a local ID and adding local administrator group plus some checks)
对 powershell 有点陌生,正在寻找一些指导。我正在尝试创建一个简单的脚本来完成以下操作:
- 检查服务器列表中是否已存在本地 ID
- 如果没有,创建一个并添加到服务器列表中的本地管理员组
- 注销结果
$serverlist = Get-Content C:\temp\servers.txt
$credential = Get-Credential
foreach ($server in $serverlist){
#User to search for
$USERNAME = "John"
#Declare LocalUser Object
$ObjLocalUser = $null
Invoke-Command -Credential $credential -Authentication Default -ComputerName $Server -ScriptBlock {
$ObjLocalUser = Get-LocalUser "John"
#Create the user if it was not found (Example)
if (!$ObjLocalUser) {
Write-Verbose "Creating User $($USERNAME)" #(Example)
NET USER "John" "Generic Password" /ADD /passwordchg:no
NET LOCALGROUP "Administrators" "Joe Doe" /ADD
}
else {
Write-Verbose "John" already exists"
}
}
}
P.S,为简单起见,仅使用通用凭据,之后将转换为最佳标准。只是想获得更多编写 Powershell 的经验,稍后可能会转换为自定义函数。
根据您的脚本,我注意到以下几点可以加强
1- 您不必使用 for 循环遍历服务器列表,而是可以将服务器列表数组直接传递给 Invoke-Command[= 的 ComputerName 参数23=]
get-help Invoke-Command
Invoke-Command [[-ComputerName] <string[]>]
# <string[]: indicate that the computername property accepts an array not string
因此在您的脚本中您可以按如下方式使用它
Invoke-Command -Credential $credential -Authentication Default -ComputerName $Serverlist {...}
2- 在 Invoke-Command 中,您使用命令
搜索用户是否存在
Get-LocalUser "John"
但是如果用户不存在,这会给你一个错误
PS C:\Windows\system32> Get-LocalUser john
Get-LocalUser : User john was not found.
At line:1 char:1
+ Get-LocalUser john
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (john:String) [Get-LocalUser], UserNotFoundException
+ FullyQualifiedErrorId : UserNotFound,Microsoft.PowerShell.Commands.GetLocalUserCommand
您可以使用以下方式搜索用户:
Get-LocalUser | where {$_.name -eq $USERNAME})
3-你不需要使用变量$ObjLocalUser,你可以使用if条件直接检查搜索结果如下:
if (!(Get-LocalUser | where {$_.name -eq $USERNAME})) {
Write-output "Creating User $USERNAME"
} else {
Write-output "User: $USERNAME already exists"
}
最后:为了在 invoke-commnd 中使用局部变量,您可以使用 Using 范围修饰符来标识远程命令中的局部变量。
所以脚本可能是这样的:
$serverlist = Get-Content C:\temp\servers.txt
$credential = Get-Credential
$USERNAME = "John"
Invoke-Command -Credential $credential -Authentication Default -ComputerName $serverlist -ScriptBlock {
#Create the user if it was not found (Example)
if (!(Get-LocalUser | where {$_.name -eq $Using:USERNAME})) {
Write-output "Creating User $Using:USERNAME"
NET USER $Using:USERNAME "Generic Password" /ADD /passwordchg:no
NET LOCALGROUP "Administrators" $Using:USERNAME /ADD
} else {
Write-output "User: $Using:USERNAME already exists"
}
}
对 powershell 有点陌生,正在寻找一些指导。我正在尝试创建一个简单的脚本来完成以下操作:
- 检查服务器列表中是否已存在本地 ID
- 如果没有,创建一个并添加到服务器列表中的本地管理员组
- 注销结果
$serverlist = Get-Content C:\temp\servers.txt
$credential = Get-Credential
foreach ($server in $serverlist){
#User to search for
$USERNAME = "John"
#Declare LocalUser Object
$ObjLocalUser = $null
Invoke-Command -Credential $credential -Authentication Default -ComputerName $Server -ScriptBlock {
$ObjLocalUser = Get-LocalUser "John"
#Create the user if it was not found (Example)
if (!$ObjLocalUser) {
Write-Verbose "Creating User $($USERNAME)" #(Example)
NET USER "John" "Generic Password" /ADD /passwordchg:no
NET LOCALGROUP "Administrators" "Joe Doe" /ADD
}
else {
Write-Verbose "John" already exists"
}
}
}
P.S,为简单起见,仅使用通用凭据,之后将转换为最佳标准。只是想获得更多编写 Powershell 的经验,稍后可能会转换为自定义函数。
根据您的脚本,我注意到以下几点可以加强
1- 您不必使用 for 循环遍历服务器列表,而是可以将服务器列表数组直接传递给 Invoke-Command[= 的 ComputerName 参数23=]
get-help Invoke-Command
Invoke-Command [[-ComputerName] <string[]>]
# <string[]: indicate that the computername property accepts an array not string
因此在您的脚本中您可以按如下方式使用它
Invoke-Command -Credential $credential -Authentication Default -ComputerName $Serverlist {...}
2- 在 Invoke-Command 中,您使用命令
Get-LocalUser "John"
但是如果用户不存在,这会给你一个错误
PS C:\Windows\system32> Get-LocalUser john
Get-LocalUser : User john was not found.
At line:1 char:1
+ Get-LocalUser john
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (john:String) [Get-LocalUser], UserNotFoundException
+ FullyQualifiedErrorId : UserNotFound,Microsoft.PowerShell.Commands.GetLocalUserCommand
您可以使用以下方式搜索用户:
Get-LocalUser | where {$_.name -eq $USERNAME})
3-你不需要使用变量$ObjLocalUser,你可以使用if条件直接检查搜索结果如下:
if (!(Get-LocalUser | where {$_.name -eq $USERNAME})) {
Write-output "Creating User $USERNAME"
} else {
Write-output "User: $USERNAME already exists"
}
最后:为了在 invoke-commnd 中使用局部变量,您可以使用 Using 范围修饰符来标识远程命令中的局部变量。
所以脚本可能是这样的:
$serverlist = Get-Content C:\temp\servers.txt
$credential = Get-Credential
$USERNAME = "John"
Invoke-Command -Credential $credential -Authentication Default -ComputerName $serverlist -ScriptBlock {
#Create the user if it was not found (Example)
if (!(Get-LocalUser | where {$_.name -eq $Using:USERNAME})) {
Write-output "Creating User $Using:USERNAME"
NET USER $Using:USERNAME "Generic Password" /ADD /passwordchg:no
NET LOCALGROUP "Administrators" $Using:USERNAME /ADD
} else {
Write-output "User: $Using:USERNAME already exists"
}
}