验证本地管理员组中的安全组成员身份 -true 或 false/fail 或通过验证
Verify security group membership in local admin group -true or false/fail or pass validation
好的,就这样,甜美而简单。我需要验证组列表是否已添加到新构建中的本地管理员组(除其他事项外),以便我可以将服务器提升为产品...
到目前为止,我可以获取组,并将布尔值输出到远程服务器上的文件,获取该内容(我想我应该通过管道传输它,但不知道如何操作)。我想做的是 return 一组带有组名的变量,以及它是否存在于本地管理员组中。但是......事实并非如此......
对于基本的 ifElse 子句,我深表歉意,我的技能并不是最熟练的...这是我一直在使用的代码 - 提前致谢!:
$MemberNames = @()
$Servers = $HostName
foreach ( $Server in $Servers ) {
$Group= [ADSI]"WinNT://$Server/$LocalGroup,group"
$Members = @($Group.psbase.Invoke("Members"))
$Members | ForEach-Object {
$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
}
$ChildGroups | ForEach-Object {
$output = "" | Select-Object Group, InLocalAdmin
$output.Group = $_
$output.InLocalAdmin = $MemberNames -contains $_
Write-Output $output | Export-Csv -Path "c:\VerifyGroups.csv" -Append
#$output.Group "is in the Local Admin Group" $output.InLocalAdmin #| Export-Csv -Path "c:\VerifyGroups.csv" -Append
# }
}
#Validate local admin group membership
Get-Content -Path "c:\VerifyGroups.csv"
ForEach ($_){
if ($string -match "Domain Admins" -and "True") {$ResDomainAdminGrp = "Validation Passed: Domain Admin Group is a member of the Local Admin Group" }
elseif ($string -match "Domain Admins" -and "False") {$ResDomainAdminGrp = "Validation Failed: Domain Admin Group is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise Backup Admins" -and "True") {$ResEntBaKAdmGrp = "Validation Passed: Enterprise Backup Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise Backup Admins" -and "False") {$ResEntBaKAdmGrp = "Validation Failed: Enterprise Backup Admins is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise Server Admins" -and "True") {$ResEntSvrAdmGrp = "Validation Passed: Enterprise Server Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise Server Admins" -and "False") {$ResEntSvrAdmGrp = "Validation Failed: Enterprise Server Admins is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise SQLDB Admins" -and "True") {$ResEntSQLAdmGrp = "Validation Passed: Enterprise SQLDB Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise SQLDB Admins" -and "False") {$ResEntSQLAdmGrp = "Validation Failed: Enterprise SQLDB Admins is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise SVC Admins" -and "True") {$ResEntSVCAdmGrp = "Validation Passed: Enterprise SVC Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise SVC Admins" -and "False") {$ResEntSVCAdmGrp = "Validation Failed: Enterprise SVC Admins is not a member of the Local Admin Group" }
else {}
}
好吧,废话少说,我放弃了上面的代码,转而采用这种更简单的方法。不太健壮,但很简单,可以完成工作……当然,如果你有更多的组要验证,那么只需添加更多带有相应变量的 if 语句。
享受:
$group =[ADSI]"WinNT://./Administrators,group"
$members = @($group.psbase.Invoke("Members"))
$VerAdminGrp01 = ($members | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}) -contains "Domain Admins"
if($VerAdminGrp01){$ResDomAdmin = "Validation Passed: Domain Admins is a member of the local admin group."}
Else {$ResDomAdmin = "VALIDATION FAILED: Domain Admins is not a member of the local admin group."}
$VerAdminGrp02 = ($members | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}) -contains "Enterprise Backup Admins"
if($VerAdminGrp02){$ResEntBakAdmin = "Validation Passed: Enterprise Backup Admins is a member of the local admin group."}
Else {$ResEntBakAdmin = "VALIDATION FAILED: Enterprise Backup Admins is not a member of the local admin group."}
您可以稍微清理一下,方法是制作一个包含您要检查的项目的数组并遍历该数组。
$group =[ADSI]"WinNT://./Administrators,group"
$members = @($group.psbase.Invoke("Members")) | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$List = "Domain Admins","Enterprise Backup Admins"
foreach ($item in $list) {
if ($members -contains $item) {
"Validation Passed: $item is a member of the local admin group."
} else {
"VALIDATION FAILED: $item is not a member of the local admin group."
}
}
好的,就这样,甜美而简单。我需要验证组列表是否已添加到新构建中的本地管理员组(除其他事项外),以便我可以将服务器提升为产品...
到目前为止,我可以获取组,并将布尔值输出到远程服务器上的文件,获取该内容(我想我应该通过管道传输它,但不知道如何操作)。我想做的是 return 一组带有组名的变量,以及它是否存在于本地管理员组中。但是......事实并非如此......
对于基本的 ifElse 子句,我深表歉意,我的技能并不是最熟练的...这是我一直在使用的代码 - 提前致谢!:
$MemberNames = @()
$Servers = $HostName
foreach ( $Server in $Servers ) {
$Group= [ADSI]"WinNT://$Server/$LocalGroup,group"
$Members = @($Group.psbase.Invoke("Members"))
$Members | ForEach-Object {
$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
}
$ChildGroups | ForEach-Object {
$output = "" | Select-Object Group, InLocalAdmin
$output.Group = $_
$output.InLocalAdmin = $MemberNames -contains $_
Write-Output $output | Export-Csv -Path "c:\VerifyGroups.csv" -Append
#$output.Group "is in the Local Admin Group" $output.InLocalAdmin #| Export-Csv -Path "c:\VerifyGroups.csv" -Append
# }
}
#Validate local admin group membership
Get-Content -Path "c:\VerifyGroups.csv"
ForEach ($_){
if ($string -match "Domain Admins" -and "True") {$ResDomainAdminGrp = "Validation Passed: Domain Admin Group is a member of the Local Admin Group" }
elseif ($string -match "Domain Admins" -and "False") {$ResDomainAdminGrp = "Validation Failed: Domain Admin Group is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise Backup Admins" -and "True") {$ResEntBaKAdmGrp = "Validation Passed: Enterprise Backup Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise Backup Admins" -and "False") {$ResEntBaKAdmGrp = "Validation Failed: Enterprise Backup Admins is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise Server Admins" -and "True") {$ResEntSvrAdmGrp = "Validation Passed: Enterprise Server Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise Server Admins" -and "False") {$ResEntSvrAdmGrp = "Validation Failed: Enterprise Server Admins is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise SQLDB Admins" -and "True") {$ResEntSQLAdmGrp = "Validation Passed: Enterprise SQLDB Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise SQLDB Admins" -and "False") {$ResEntSQLAdmGrp = "Validation Failed: Enterprise SQLDB Admins is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise SVC Admins" -and "True") {$ResEntSVCAdmGrp = "Validation Passed: Enterprise SVC Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise SVC Admins" -and "False") {$ResEntSVCAdmGrp = "Validation Failed: Enterprise SVC Admins is not a member of the Local Admin Group" }
else {}
}
好吧,废话少说,我放弃了上面的代码,转而采用这种更简单的方法。不太健壮,但很简单,可以完成工作……当然,如果你有更多的组要验证,那么只需添加更多带有相应变量的 if 语句。
享受:
$group =[ADSI]"WinNT://./Administrators,group"
$members = @($group.psbase.Invoke("Members"))
$VerAdminGrp01 = ($members | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}) -contains "Domain Admins"
if($VerAdminGrp01){$ResDomAdmin = "Validation Passed: Domain Admins is a member of the local admin group."}
Else {$ResDomAdmin = "VALIDATION FAILED: Domain Admins is not a member of the local admin group."}
$VerAdminGrp02 = ($members | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}) -contains "Enterprise Backup Admins"
if($VerAdminGrp02){$ResEntBakAdmin = "Validation Passed: Enterprise Backup Admins is a member of the local admin group."}
Else {$ResEntBakAdmin = "VALIDATION FAILED: Enterprise Backup Admins is not a member of the local admin group."}
您可以稍微清理一下,方法是制作一个包含您要检查的项目的数组并遍历该数组。
$group =[ADSI]"WinNT://./Administrators,group"
$members = @($group.psbase.Invoke("Members")) | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$List = "Domain Admins","Enterprise Backup Admins"
foreach ($item in $list) {
if ($members -contains $item) {
"Validation Passed: $item is a member of the local admin group."
} else {
"VALIDATION FAILED: $item is not a member of the local admin group."
}
}