在 python 脚本中运行 powershell 命令作为 cli 工具来定位 azure vm 会生成权限错误

我正在尝试使用 python 创建一个 CLI 工具，列出 azure 帐户中的所有订阅。然后，用户需要输入他们要查阅的订阅号。之后，该订阅中的所有虚拟机都会列出。然后，用户输入想要安装日志传送程序 (winlogbeat) 的 VM 的选项号。然后，该脚本应该下载并安装 dn run winlogbeat 作为该虚拟机内的服务。我正在使用托管身份。

我面临的问题与访问该虚拟机中某些路径的权限有关，尽管我在 subprocess.run 中使用选项 -Verb runAs ，如下所示：

subprocess.run(['powershell', '-Command', f'Start-Process powershell -ArgumentList "-ExecutionPolicy Bypass -NoExit -Command \"{powershell_command}\"" -Verb runAs'], check=True)

这是我的代码：

def run_command_as_admin(command):
    subprocess.run(['powershell', '-Command', f'Start-Process powershell -ArgumentList "-ExecutionPolicy Bypass -NoExit -Command \\"{command}\\"" -Verb runAs'])

def install_winlogbeat_service(vm_name):
    try:
        download_winlogbeat()
        
        run_command_as_admin(f'& "C:\\Program Files\\Winlogbeat\\install-service-winlogbeat.ps1"')
        click.echo(f"Winlogbeat installed and service started on VM '{vm_name}'")
    except subprocess.CalledProcessError as e:
        click.echo(f"Error: Failed to install Winlogbeat and start service on VM '{vm_name}': {e}")

def download_winlogbeat():
    winlogbeat_version = "7.16.3"  # Example version
    winlogbeat_url = f"https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-{winlogbeat_version}-windows-x86_64.zip"
    
    download_dir = os.path.expanduser("~")  # User's home directory
    zip_file_path = os.path.join(download_dir, "winlogbeat.zip")

    subprocess.run(['powershell', '-Command', f'Invoke-WebRequest -Uri "{winlogbeat_url}" -OutFile "{zip_file_path}"'], check=True)
    
    subprocess.run(['powershell', '-Command', f'Expand-Archive -Path "{zip_file_path}" -DestinationPath "C:\\Program Files" -Force'], check=True)

    os.rename(os.path.join("C:\\Program Files", f"winlogbeat-{winlogbeat_version}-windows-x86_64"), "C:\\Program Files\\Winlogbeat")

这是我收到的错误：

New-Item : Access to the path 'powershell' is denied.
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psm1:986 char:21
+ ...New-Item $currentArchiveEntryPath -Type Directory -Confir ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: PermissionDenied: (C:\Program File...ule\powershell:String) [New-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : CreateDirectoryUnauthorizedAccessError,Microsoft.PowerShell.Commands.NewItemCommand

同样适用于：

New-Item : Access to the path 'visualization' is denied.
New-Item : Access to the path 'security' is denied. 
New-Item : Access to the path 'config' is denied.
New-Item : Access to the path 'sysmon' is denied.