Windows-Server-2008
授予 Windows 服務的權限
我遇到了另一個障礙。我有一個非管理員 IIS 身份帳戶,我想授予該帳戶啟動、停止、重新啟動和讀取一個 Windows 服務狀態的權限。我遵循了此處發布的解決方案。但是,我想通過 PowerShell 來實現自動化,因為我有很多伺服器。我能夠獲取非管理員帳戶的 SID,並獲取命令的輸出並將其保存在變數下。我轉換為字元串,但不能應用任何函式,如
StartsWith
,split
,insert
等。這是我的程式碼:#Getting the SID for non-admin ISS identity account $objUser = New-Object System.Security.Principal.NTAccount("non-admin") $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) $sid = $strSID.Value #output retuned = S-1-5-21-2103278432-2794320136-1883075150-1000 #Storing the output of cmd prompt $cmd = cmd.exe /c "sc sdshow <Service_Name>" $test = $cmd | Out-String #output returned = D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) #Storing the value that needs to be inserted in $CMD $str = "(A;;RPWPCR;;;$sid)"
我想插入 $ str just before “S:” in $ 測試,我一直不成功。我想通過 PowerShell 而不是 SubInAcl 來實現這一點。任何幫助,將不勝感激。最終程式碼應如下所示:
sc sdset <SERVICE_NAME> "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)($str)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
假設您的
$test
變數包含D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
,您可以執行以下操作:$sid = "S-1-5-21-2103278432-2794320136-1883075150-1000" $test = "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" $str = "(A;;RPWPCR;;;$sid)" $newstring = $test -replace "S:","$($str)S:" $newstring
返回:
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RPWPCR;;;S-1-5-21-2103278432-2794320136-1883075150-1000)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)