我是新来的,对PowerShell也很陌生 - 我想添加一个本地管理员用户,并在txt文件中为该用户分配密码。
下面是我的脚本,但它无法设置密码:
$Username = "steve"
$Password = Get-Content .SecurePassword.txt | ConvertTo-SecureString
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
Write-Host "Creating new local user $Username."
& NET USER $Username $Password /add /y /expires:never
Write-Host "Adding local user $Username to $group."
& NET LOCALGROUP $group $Username /add
}
else {
Write-Host "Setting password for existing local user $Username."
$existing.SetPassword($Password)
}
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
这是输出:
PS C:windowsSystem32> .test.ps1
Creating new local user steve.
The command completed successfully.
Adding local user steve to Administrators.
The command completed successfully.
Ensuring password for steve never expires.
Updating property(s) of '\DESKTOP-LVUFR6RROOTCIMV2:Win32_UserAccount.Domain="DESKTOP-LVUFR6R",Name="steve"'
Property(s) update successful.
但它没有设置密码。
有什么帮助吗?
注意事项:
尽量不要重新发明轮子。使用内置功能集和 MS powershellgallery.com 模块。从PowerShell v3开始,有一个用于本地用户和组管理的模块。
Find-Module -Name '*local*Management'
<#
Version Name Repository Description ------- ---- ---------- ----------- 3.0 LocalUserManagement PSGallery a module that performs various local u... 1.2.2 Saritasa.LocalManagement PSGallery Contains functions to control local co... 0.1.1 LocalAccountManagement PSGallery Manage local and remote user accounts ... 1.0 STRemoteLocalGroupManagement PSGallery Manage local group membership on remot...
#>
[LocalUserManagement 3.0][1]
Get-Command -Name '*local*user*'
<#
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Disable-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Enable-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet New-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Rename-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Set-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
#>
Get-Command -Name '*local*group*'
<#
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Add-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet New-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Rename-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Set-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
#>
对于您所追求的,利用设置本地用户
$Password = Read-Host -AsSecureString
$UserAccount = Get-LocalUser -Name "User02"
$UserAccount | Set-LocalUser -Password $Password
既然你说你是新手,强烈建议你花一些时间加快速度,限制/避免,混乱,坏代码,坏习惯,错误等......也永远不要运行代码(尤其是破坏性代码,意味着改变你的系统/环境的东西(,无论你从哪里得到它,你都不完全理解它在做什么。否则,您确实会在系统/环境中引起重大问题。
根据脚本的逻辑,永远不会达到设置的密码方法,因为从未满足条件。删除else{}块或将设置的密码方法上移到if{}块,看看是否适合您。
$Username = "steve"
$Password = Get-Content .SecurePassword.txt | ConvertTo-SecureString
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
Write-Host "Creating new local user $Username."
& NET USER $Username $Password /add /y /expires:never
Write-Host "Adding local user $Username to $group."
& NET LOCALGROUP $group $Username /add
Write-Host "Setting password for existing local user $Username."
$existing.SetPassword($Password)
} else {
# do something else that you want handled
}
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE