我想知道是否有人可以帮忙解决这个问题。本质上,我希望能够从以普通用户(而不是管理员)身份运行的脚本中连接到 Exchange Online 和安全与合规性 PowerShell。
如果我将这些命令放入未提升的 PS 窗口中,它们将成功连接并返回有关这两个命令的一些信息。如果我将相同的命令放入 PS1 文件中并在提升的 PS 控制台中执行它,它们也会成功运行。
Connect-IPPSSession
Get-Command Get-DlpCompliancePolicy
Connect-ExchangeOnline
Get-Command Get-Mailbox
但是,如果我将这些命令放入 PS1 文件中并从未提升的 PS1 会话中运行,我会收到类似“get-command:术语‘get-dlpcompliancepolicy’不被识别为 cmdlet、函数、脚本文件或可操作程序的名称”的错误。
如果我在脚本中运行 Get-ConnectionInformation,我可以看到有两个连接 -
ConnectionId : 745f6176-5d1f-46ec-a786-b8e84f273791
State : Connected
Id : 1
Name : ExchangeOnlineProtection_1
UserPrincipalName : *********
ConnectionUri : https://eur01b.ps.compliance.protection.outlook.com
AzureAdAuthorizationEndpointUri : https://login.microsoftonline.com/organizations
TokenExpiryTimeUTC : 20/04/2024 10:01:24 +00:00
CertificateAuthentication : False
ModuleName : C:\Users\*******\AppData\Local\Temp\tmpEXO_5lnrtren.etr
ModulePrefix :
Organization :
DelegatedOrganization :
AppId :
PageSize : 1000
TenantID : 081cc50b-e5a5-4e76-b6b7-d7c274899193
TokenStatus : Active
ConnectionUsedForInbuiltCmdlets : False
IsEopSession : True
ConnectionId : 3d3547ec-f35e-4dc3-ba50-ed2f93ef0c35
State : Connected
Id : 2
Name : ExchangeOnline_2
UserPrincipalName : *******
ConnectionUri : https://outlook.office365.com
AzureAdAuthorizationEndpointUri : https://login.microsoftonline.com/organizations
TokenExpiryTimeUTC : 20/04/2024 11:50:29 +00:00
CertificateAuthentication : False
ModuleName : C:\Users\*******\AppData\Local\Temp\tmpEXO_a2axh3gk.iwh
ModulePrefix :
Organization :
DelegatedOrganization :
AppId :
PageSize : 1000
TenantID : 081cc50b-e5a5-4e76-b6b7-d7c274899193
TokenStatus : Active
ConnectionUsedForInbuiltCmdlets : True
IsEopSession : False
如果我运行 Get-Module,我可以看到我理解的模块是必需的 -
Name : ExchangeOnlineManagement
Path : C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.4.0\netFramework\ExchangeOnli
neManagement.psm1
Description : This is a General Availability (GA) release of the Exchange Online Powershell V3 module. Exchange
Online cmdlets in this module are REST-backed and do not require Basic Authentication to be
enabled in WinRM. REST-based connections in Windows require the PowerShellGet module, and by
dependency, the PackageManagement module.
Please check the documentation here - https://aka.ms/exov3-module.
For issues related to the module, contact Microsoft support.
Guid : b5eced50-afa4-455b-847a-d8fb64140a22
Version : 3.4.0
ModuleBase : C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.4.0
ModuleType : Script
PrivateData : {PSData}
AccessMode : ReadWrite
ExportedAliases : {}
ExportedCmdlets : {[Add-VivaModuleFeaturePolicy, Add-VivaModuleFeaturePolicy], [Get-ConnectionInformation,
Get-ConnectionInformation], [Get-DefaultTenantBriefingConfig, Get-DefaultTenantBriefingConfig],
[Get-DefaultTenantMyAnalyticsFeatureConfig, Get-DefaultTenantMyAnalyticsFeatureConfig]...}
ExportedFunctions : {[Connect-ExchangeOnline, Connect-ExchangeOnline], [Connect-IPPSSession, Connect-IPPSSession],
[Disconnect-ExchangeOnline, Disconnect-ExchangeOnline]}
ExportedVariables : {}
NestedModules : {Microsoft.Exchange.Management.RestApiClient,
Microsoft.Exchange.Management.ExoPowershellGalleryModule}
Name : Microsoft.PowerShell.Management
Path : C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerS
hell.Management.psd1
Description :
Guid : eefcb906-b326-4e99-9f54-8b4bb6ef3c6d
Version : 3.1.0.0
ModuleBase : C:\Windows\System32\WindowsPowerShell\v1.0
ModuleType : Manifest
PrivateData :
AccessMode : ReadWrite
ExportedAliases : {[gcb, gcb], [gin, gin], [gtz, gtz], [scb, scb]...}
ExportedCmdlets : {[Add-Computer, Add-Computer], [Add-Content, Add-Content], [Checkpoint-Computer,
Checkpoint-Computer], [Clear-Content, Clear-Content]...}
ExportedFunctions : {}
ExportedVariables : {}
NestedModules : {Microsoft.PowerShell.Commands.Management.dll}
Name : Microsoft.PowerShell.Utility
Path : C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShel
l.Utility.psd1
Description :
Guid : 1da87e53-152b-403e-98dc-74d7b4d63d59
Version : 3.1.0.0
ModuleBase : C:\Windows\System32\WindowsPowerShell\v1.0
ModuleType : Manifest
PrivateData :
AccessMode : ReadWrite
ExportedAliases : {[CFS, CFS], [fhx, fhx]}
ExportedCmdlets : {[Add-Member, Add-Member], [Add-Type, Add-Type], [Clear-Variable, Clear-Variable],
[Compare-Object, Compare-Object]...}
ExportedFunctions : {[ConvertFrom-SddlString, ConvertFrom-SddlString], [Format-Hex, Format-Hex], [Get-FileHash,
Get-FileHash], [Import-PowerShellDataFile, Import-PowerShellDataFile]...}
ExportedVariables : {}
NestedModules : {Microsoft.PowerShell.Commands.Utility.dll, Microsoft.PowerShell.Utility}
Name : PSReadLine
Path : C:\Program Files\WindowsPowerShell\Modules\PSReadLine\2.0.0\PSReadLine.psm1
Description : Great command line editing in the PowerShell console host
Guid : 5714753b-2afd-4492-a5fd-01d9e2cff8b5
Version : 2.0.0
ModuleBase : C:\Program Files\WindowsPowerShell\Modules\PSReadLine\2.0.0
ModuleType : Script
PrivateData :
AccessMode : ReadWrite
ExportedAliases : {}
ExportedCmdlets : {[Get-PSReadLineKeyHandler, Get-PSReadLineKeyHandler], [Get-PSReadLineOption,
Get-PSReadLineOption], [Remove-PSReadLineKeyHandler, Remove-PSReadLineKeyHandler],
[Set-PSReadLineKeyHandler, Set-PSReadLineKeyHandler]...}
ExportedFunctions : {[PSConsoleHostReadLine, PSConsoleHostReadLine]}
ExportedVariables : {}
NestedModules : {Microsoft.PowerShell.PSReadLine}
Name : tmpEXO_5lnrtren.etr
Path : C:\Users\******\AppData\Local\Temp\tmpEXO_5lnrtren.etr\tmpEXO_5lnrtren.etr.psm1
Description : This is a Powershell module generated by using the AutoGEN infra.
Guid : 2c604488-886e-4090-ac70-2b9a3130c449
Version : 1.0
ModuleBase : C:\Users\********\AppData\Local\Temp\tmpEXO_5lnrtren.etr
ModuleType : Script
PrivateData : {PSData}
AccessMode : ReadWrite
ExportedAliases : {}
ExportedCmdlets : {}
ExportedFunctions : {[Add-ComplianceCaseMember, Add-ComplianceCaseMember], [Add-eDiscoveryCaseAdmin,
Add-eDiscoveryCaseAdmin], [Add-RoleGroupMember, Add-RoleGroupMember], [Cancel-DlpEdmSession,
Cancel-DlpEdmSession]...}
ExportedVariables : {[HelpFileNames, System.Management.Automation.PSVariable]}
NestedModules : {}
Name : tmpEXO_a2axh3gk.iwh
Path : C:\Users\*******\AppData\Local\Temp\tmpEXO_a2axh3gk.iwh\tmpEXO_a2axh3gk.iwh.psm1
Description : This is a Powershell module generated by using the AutoGEN infra.
Guid : e84305bc-e9b9-45bd-bb9f-d38a411419b2
Version : 1.0
ModuleBase : C:\Users\********\AppData\Local\Temp\tmpEXO_a2axh3gk.iwh
ModuleType : Script
PrivateData : {PSData}
AccessMode : ReadWrite
ExportedAliases : {}
ExportedCmdlets : {}
ExportedFunctions : {[Add-AvailabilityAddressSpace, Add-AvailabilityAddressSpace], [Add-DistributionGroupMember,
Add-DistributionGroupMember], [Add-MailboxFolderPermission, Add-MailboxFolderPermission],
[Add-MailboxLocation, Add-MailboxLocation]...}
ExportedVariables : {[HelpFileNames, System.Management.Automation.PSVariable]}
NestedModules : {}
一旦脚本退出,我就可以执行“Get-Command Get-Mailbox”并得到良好的响应。因此,连接显然是有效的,脚本似乎在运行时无法访问函数/cmdlet。这是 Twilight Zone 的东西吧!?
我不知道这是否相关,但我们使用 AppLocker。因此,在未提升的 PS 会话中,我处于 ConstrainedLanguage 模式,但脚本被排除在 AppLocker 之外,因此在 FullLanguage 模式下执行。
我觉得我缺少了一些关于 PS 会话或范围如何在以管理员身份运行的脚本中运行而不是以普通用户身份运行的基本信息,或者 Connect-ExchangeOnline 中是否存在错误,但无论我怎么搜索,谷歌搜索都没能拯救我!
谢谢