登录  |  注册
当前位置:网站首页 > 更多 > 玩电脑 > 正文

[玩转系统] 重新审视本地小组成员

作者:精品下载站 日期:2024-12-14 07:48:31 浏览:14 分类:玩电脑

重新审视本地小组成员

有一天,我发布了一篇文章和函数,该文章和函数使用 ADSI 和 PowerShell 列出本地组的成员。有几个人报告了一个我无法复制的异常错误。在故障排除过程中,我对原始函数做了一些更改,至少可以更好地处理这个神秘的错误。这些更改已更新到 GitHub 并作为该函数的 1.5 版本。

但在测试和修改过程中,我决定我不妨真正改进这个命令,并加入一个使用 PowerShell 远程处理的选项,而不必跳过以前版本中的所有麻烦。

该函数的版本 2 包含一些用于远程处理的参数。这意味着定义一些参数集。我还将大部分 ADSI 代码转换为脚本块,可以使用 & 运算符正常调用它。或者使用 Invoke-Command 远程运行。脚本块的一件棘手的事情是能够打开详细输出。我的解决方案是向脚本块添加一个参数,该参数本质上继承了本地计算机的 VerbosePreference。

[玩转系统] 重新审视本地小组成员

我还意识到,如果您想导出信息,在结果中包含组名称可能会有所帮助。

您仍然可以在不进行远程处理的情况下使用该命令,这假定您可以创建与计算机的旧连接。

[玩转系统] 重新审视本地小组成员

但我认为您会发现远程选项的性能更好。

"chi-web02","chi-core01" | get-localgroupmember  -UseRemoting  | 
format-table -GroupBy Computername -Property ADSPath,Name,Class

[玩转系统] 重新审视本地小组成员

您还可以使用备用凭据和 SSL,但我尚未使用 SSL 或证书进行测试,因为我的网络上没有该设置。

该函数的版本 2 及更高版本可以在 Github 上找到:

Get-LocalGroupMember2.ps1:

#requires -version 4.0


Function Get-LocalGroupMember {

 Get-LocalGroupMember -computer chi-core01 | tmo -clip

Computername : CHI-CORE01
Group        : Administrators
Name         : Administrator
ADSPath      : WinNT://GLOBOMANTICS/chi-core01/Administrator
Class        : User
Domain       : GLOBOMANTICS
IsLocal      : True

Computername : CHI-CORE01
Group        : Administrators
Name         : Domain Admins
ADSPath      : WinNT://GLOBOMANTICS/Domain Admins
Class        : Group
Domain       : GLOBOMANTICS
IsLocal      : False

Computername : CHI-CORE01
Group        : Administrators
Name         : Chicago IT
ADSPath      : WinNT://GLOBOMANTICS/Chicago IT
Class        : Group
Domain       : GLOBOMANTICS
IsLocal      : False

Computername : CHI-CORE01
Group        : Administrators
Name         : OMAA
ADSPath      : WinNT://GLOBOMANTICS/OMAA
Class        : User
Domain       : GLOBOMANTICS
IsLocal      : False

Computername : CHI-CORE01
Group        : Administrators
Name         : LocalAdmin
ADSPath      : WinNT://GLOBOMANTICS/chi-core01/LocalAdmin
Class        : User
Domain       : GLOBOMANTICS
IsLocal      : True
.EXAMPLE
PS C:\> "chi-hvr1","chi-hvr2","chi-core01","chi-fp02" | get-localgroupmember  | where {$_.IsLocal} | Select Computername,Name,ADSPath

Computername Name          ADSPath                                      
------------ ----          -------                                      
CHI-HVR1     Administrator WinNT://GLOBOMANTICS/chi-hvr1/Administrator  
CHI-HVR2     Administrator WinNT://GLOBOMANTICS/chi-hvr2/Administrator  
CHI-HVR2     Jeff          WinNT://GLOBOMANTICS/chi-hvr2/Jeff           
CHI-CORE01   Administrator WinNT://GLOBOMANTICS/chi-core01/Administrator
CHI-CORE01   LocalAdmin    WinNT://GLOBOMANTICS/chi-core01/LocalAdmin   
CHI-FP02     Administrator WinNT://GLOBOMANTICS/chi-fp02/Administrator

.EXAMPLE
PS C:\> "chi-core01","chi-hvr1","chi-hvr2","Chi-web02","chi-test02" | Get-LocalGroupMember -useremoting -credential globomantics\administrator | Where {$_.name -notmatch "Administrator|Domain Admins"} | Select Computername,ADSPath,Class

Computername ADSPath                                    Class
------------ -------                                    -----
CHI-CORE01   WinNT://GLOBOMANTICS/Chicago IT            Group
CHI-CORE01   WinNT://GLOBOMANTICS/OMAA                  User 
CHI-CORE01   WinNT://GLOBOMANTICS/chi-core01/LocalAdmin User 
CHI-HVR1     WinNT://GLOBOMANTICS/OMAA                  User 
CHI-HVR2     WinNT://GLOBOMANTICS/chi-hvr2/Jeff         User 
CHI-HVR2     WinNT://GLOBOMANTICS/OMAA                  User 
CHI-WEB02    WinNT://GLOBOMANTICS/OMAA                  User

Using PowerShell remoting and an alternate credential, find all members of the Administrators group that is not Administrator or Domain Admins.
.EXAMPLE
PS C:\> get-localgroupmember -Name "Hyper-V administrators" -Computername chi-hvr1,chi-hvr2


Computername : CHI-HVR1
Group        : Hyper-V Administrators
Name         : jeff
ADSPath      : WinNT://GLOBOMANTICS/jeff
Class        : User
Domain       : GLOBOMANTICS
IsLocal      : False

Computername : CHI-HVR2
Group        : Hyper-V Administrators
Name         : jeff
ADSPath      : WinNT://GLOBOMANTICS/jeff
Class        : User
Domain       : GLOBOMANTICS
IsLocal      : False

Check group membership for the Hyper-V Administrators group.

.EXAMPLE
PS C:\> get-localgroupmember -Computername chi-core01 | where class -eq 'group' | select Domain,Name

Domain       Name         
------       ----         
GLOBOMANTICS Domain Admins
GLOBOMANTICS Chicago IT   

Get members of the Administrators group on CHI-CORE01 that are groups and select a few properties.


.NOTES
NAME        :  Get-LocalGroupMember
VERSION     :  2.1   
LAST UPDATED:  2/18/2016
AUTHOR      :  Jeff Hicks (@JeffHicks)

Learn more about PowerShell:
http://jdhitsolutions.com/blog/essential-powershell-resources/

  ****************************************************************
  * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED *
  * THOROUGHLY IN A LAB ENVIRONMENT. USE AT YOUR OWN RISK.  IF   *
  * YOU DO NOT UNDERSTAND WHAT THIS SCRIPT DOES OR HOW IT WORKS, *
  * DO NOT USE IT OUTSIDE OF A SECURE, TEST SETTING.             *
  ****************************************************************

.INPUTS
[string] for computer names

.OUTPUTS
[object]

#>


[cmdletbinding(DefaultParameterSetName = "ADSI")]

Param(
[Parameter(Position = 0)]
[Parameter(ParameterSetName = "remoting")]
[Parameter(ParameterSetName = "ADSI")]
[ValidateNotNullorEmpty()]
[string]$Name = "Administrators",

[Parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)]
[Parameter(ParameterSetName = "remoting")]
[Parameter(ParameterSetName = "ADSI")]
[ValidateNotNullorEmpty()]
[Alias("CN","host")]
[string[]]$Computername = $env:computername,

[Parameter(ParameterSetName = "remoting")]
[switch]$UseRemoting,
[Parameter(ParameterSetName = "remoting")]
[Alias("RunAs")]
[System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,
[Parameter(ParameterSetName = "remoting")]
[ValidateRange(1, 65535)]
[int]$Port,
[Parameter(ParameterSetName = "remoting")]
[switch]$UseSSL,
[Parameter(ParameterSetName = "remoting")]
[string]$CertificateThumbprint
)


Begin {
    Write-Verbose "[Starting] $($MyInvocation.Mycommand)"  
    Write-Verbose "[Begin]    Using parameter set $($PSCmdlet.ParameterSetName)"
    
    #define a scriptblock
    $do = {
    Param(
    [string]$Name = "Administrators",
    [string]$Computer=$env:computername,
    [string]$Verbose
    )
    
    $VerbosePreference = $Verbose

    #define a flag to indicate if there was an error
    $script:NotFound = $False
    
    #define a trap to handle errors because we're not using cmdlets that
    #could support Try/Catch. Traps must be in same scope.
    Trap [System.Runtime.InteropServices.COMException] {
        $errMsg = "Failed to enumerate $name on $computer. $($_.exception.message)"
        Write-Warning $errMsg

        #set a flag
        $script:NotFound = $True
    
        Continue    
    }

    #define a Trap for all other errors
    Trap {
      Write-Warning "Oops. There was some other type of error on $Computer : $($_.exception.message)"
      Continue
    }

    Write-Verbose "[Process]  Connecting to $computer"
    #the WinNT moniker is case-sensitive
    [ADSI]$group = "WinNT://$computer/$Name,group"
    Write-Verbose "[Process]  Querying members of the $Name group"
    $members = $group.invoke("Members") 

    Write-Verbose "[Process]  Counting group members"
    
    if (-Not $script:NotFound) {
        $found = ($members | measure).count
        Write-Verbose "[Process]  Found $found members"

        if ($found -gt 0 ) {
        $members | foreach {
        
            #define an ordered hashtable which will hold properties
            #for a custom object
            $Hash = [ordered]@{Computername = $computer.toUpper();Group = $Group.Name.Value}

            #Get the name property
            $hash.Add("Name",$_[0].GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null))
        
            #get ADS Path of member
            $ADSPath = $_[0].GetType().InvokeMember("ADSPath", 'GetProperty', $null, $_, $null)
            $hash.Add("ADSPath",$ADSPath)
    
            #get the member class, ie user or group
            $hash.Add("Class",$_[0].GetType().InvokeMember("Class", 'GetProperty', $null, $_, $null))  
    
            

            $hash.Add("Domain",$ADSPath.Split("/")[2])

            #if computer name is found between two /, then assume
            #the ADSPath reflects a local object
            if ($ADSPath -match "/$computer/") {
                $local = $True
                }
            else {
                $local = $False
                }
            $hash.Add("IsLocal",$local)

            #turn the hashtable into an object
            New-Object -TypeName PSObject -Property $hash
         } #foreach member
        } 
        else {
            Write-Warning "No members found in $Name on $Computer."
        }
    } #if no errors
    
    } #close Do scriptblock
    
    if ($PSCmdlet.ParameterSetName -eq "Remoting") {

猜你还喜欢

您需要 登录账户 后才能发表评论

取消回复欢迎 发表评论:

精品推荐!
欢迎 访客 登录没有账号?
  • 最新文章
  • 热门文章
  • 热评文章
最新评论
    热门tag
    友情链接

    关灯