我正在尝试创建一个脚本,将用户添加到root和所有子命名空间,并授予他以下权限:Execute Methods, Enable Account, Remote Enable and Read Security
通过脚本,就像您在wmimgmt中手动进行操作一样。我尝试使用以下命令导出wmimgmt设置:
$SidHelper = New-Object System.Management.ManagementClass Win32_SecurityDescriptorHelper
$SdList = @($null)
$(Get-WMIObject -Namespace "root" -Class __SystemSecurity).PsBase.InvokeMethod("GetSD",$SdList)
[System.Management.Automation.PSSerializer]::Serialize($SdList) | Set-Content sdlist.txt
并使用以下命令将其导入:
$SdList = [System.Management.Automation.PSSerializer]::Deserialize($(Get-Content sdlist.txt))
$SidHelper = New-Object System.Management.ManagementClass Win32_SecurityDescriptorHelper
$RootSecurity = $(Get-WMIObject -Namespace "root" -Class __SystemSecurity)
$RootSecurity.PsBase.InvokeMethod("SetSd",$SdList)
(发现为here)执行此操作时,将授予正确的权限,但我要添加的不是用户的SID,而是未知用户。1.你们知道为什么脚本未按预期运行吗?2.除了上面提到的脚本外,您是否知道如何通过脚本在wmimgmt中添加用户并向其授予权限?
感谢和欢呼,Uno
$sdlist.getType()
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True Object[] System.Array
**脱盐后**
$sdlist2.getType() IsPublic IsSerial Name BaseType -------- -------- ---- -------- True True ArrayList System.Object
**尝试使用下面的[[[System.Array] **]输入类型。**对我有用-谢谢:)正是我想要的。
$SdList = [System.Array] [System.Management.Automation.PSSerializer]::Deserialize($(Get-Content sdlist.txt)) $SidHelper = New-Object System.Management.ManagementClass Win32_SecurityDescriptorHelper $RootSecurity = $(Get-WMIObject -Namespace "root" -Class __SystemSecurity) $RootSecurity.PsBase.InvokeMethod("SetSd",$SdList)