我正在调用PowerShell,以设置terminalServicesProfilePath在我创建的用户上,Web服务器不是我正在修改的域的成员。
我记得编写PowerShell做到这一点,以修改用户的广告名称,很久以前但是我不记得它是怎么做到的,我的Google-fu使我失败了
$user = [ ADSI ] "LDAP://CN=abab.ababf,DC=AD,DC=JCSN,DC=org";
$user.psbase.Invokeset( "terminalservicesprofilepath", "\adrdsProfileAlaskaabab.ababf" );
$user.setinfo();
这是完成我从较大脚本工作的工作的片段。
我记得必须先登录远程服务器...但是我该怎么做?
问题是,要设置terminalServicesProfilepath的旧内容太老了,无法接受凭据,所以我创建了一个PS-Session,并将它们包裹在Invoke命令中,以接受凭据。<<<<<<<<<<<<<<<<<<<。/p>
这是我使用的完整解决方案,您可能必须对设置计算机的零件进行一些摆弄。
public void DoRDP( string sAdName, string sRdpPath )
{
//SetTerminalServiceProfilePath();
string s= QueryTerminalServices( WtsApi32.WTSUserConfigTerminalServerProfilePath );
string sPowerShell = "" + "n" +
//==============================================================================================
//== modify this swtuff to get run once only - EWB
//==============================================================================================
// # enaqble remoting to .ddd, do before new-session - ewb "+ (only needs to be done once)
"Enable-PSRemoting –force" + "n" +
"Set-ExecutionPolicy Unrestricted" + "n" +
// add the ad server to teh trusted hosts (only needs to be done once)
"winrm s winrm/config/client '@{TrustedHosts="xx.xx.xxx.xxx"}'"+
// also need to give the app pool idenity user win RM Access, run teh following on the command line (change app pool user name, if in different app pool (it's jus the name of the app pool) - EWB
// https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
// https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx
// Note: this took like 30 min to have an effect, maybe try bouncing iis and the app pools?
"net localgroup WinRMRemoteWMIUsers__ /add "ASP.NET v4.0 Classic""+
//==============================================================================================
"import-module ActiveDirectory; " + "n" +
@"$Username = 'adxxxx'; " + "n" +
"$Password = 'xxxx'; " + "n" +
"$pass = ConvertTo-SecureString -AsPlainText $Password -Force" + "n" +
"$SecureString = $pass; " + "n" +
//# Users with password securly"+
"$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString; " + "n" +
"$s = New-PSSession -ComputerName xxxxx -Credential $MySecureCreds; " + "n" +
"if ($null -eq $s) n{ nthrow "Error creating the session, it was null" n}" + "n" +
@"Invoke-Command -Session $s -ScriptBlock {$user = [ ADSI ] 'LDAP://CN=" + sAdName + ",OU=xxxx Users,OU=xxxx,OU=xxxx,DC=AD,DC=xx,DC=org'; }; " + "n" +
@"Invoke-Command -Session $s -ScriptBlock {$user.psbase.Invokeset( 'terminalservicesprofilepath', '" + sRdpPath + "' ); }; " + "n" +
"Invoke-Command -Session $s -ScriptBlock {$user.setinfo()}; " + "n" +
"Remove-PSSession $s; " + "n";
RunScript( sPowerShell );
}
/// <summary>
/// Runs the given powershell script and returns the script output.
/// </summary>
/// <param name = "scriptText" > the powershell script text to run</param>
/// <returns>output of the script</returns>
private string RunScript( string scriptText )
{
try
{
var powerShell = PowerShell.Create().AddScript( scriptText );
var results = powerShell.Invoke();
var resList = results.ToList();
foreach ( dynamic item in resList )
{
if( item == null )
{
log.Trace( "item is null" );
}
else
{
log.Trace( item.ToString() );
}
}
return "";
}
catch ( Exception ex )
{
throw;
}
}