它创建了 tmp11.inf,但并未将用户权限导出到 tmp11.inf 0kb。脚本在 $currentConfig = Get-Content -Path $tempConfigFile 处失败,因为 tmp11.inf 为空
- 我已添加下面的行以以管理员身份运行,但问题仍然存在。
Start-Process -FilePath "powershell" -ArgumentList "$('-File ""')$(Get-Location)$('\')$($MyInvocation.MyCommand.Name)$('""')" -Verb runAs**
2) OneOps execution both failed same issue,
Method 1. ```powershell.exe -file E:\apps-packages\GrantLogonRights.ps1```
Method 2. ```PowerShell -NoProfile -ExecutionPolicy Bypass -Command "Start-Process PowerShell -ArgumentList '-ExecutionPolicy Unrestricted','-File E:\apps-packages\GrantLogonRights.ps1' -Verb RunAs" ```
$username = "domain\account"
$rightBatch = "SeBatchLogonRight"
$tempConfigFile = "C:\Users\admin\AppData\Local\Temp\tmp11.inf"
$tempDbFile = "C:\Users\admin\AppData\Local\Temp\tmp11.sdb"
secedit /export /cfg $tempConfigFile /areas USER_RIGHTS
$currentConfig = Get-Content -Path $tempConfigFile
$sid = ((New-Object System.Security.Principal.NTAccount($username)).Translate([System.Security.Principal.SecurityIdentifier])).Value
$newConfig = $currentConfig -replace "^$right .+", "`$0,*$sid"
Set-Content -Path $tempConfigFile -Encoding ascii -Value $newConfig
secedit /import /cfg $tempConfigFile /db $tempDbFile
secedit /configure /db $tempDbFile /cfg $tempConfigFile /areas USER_RIGHTS
gpupdate /force