尝试在 PowerShell 登录脚本中使用 cmdkey 将凭据存储在凭据管理器中。当脚本从 PowerShell ISE 运行时,一切正常,但是当它通过组策略作为登录脚本运行时,除了 cmdkey 之外的一切都有效。我一生都无法弄清楚为什么 cmdkey 可以在任何地方工作,除非脚本在登录时运行。
# Checks if CRM for Outlook is isntalled by checking the folder path
$installed = Test-Path "C:\Program Files (x86)\Microsoft Dynamics CRM"
# Checks if the CRM has already been configured using the CoreConfigured registry entry
$configured = Get-ItemProperty -Path HKCU:\software\Microsoft\MSCRMClient -Name "CoreConfigured"
# If CRM is installed and not configured, configure it, if CRM is not installed or installed and configured, exit
If ($installed -eq "True" -and $configured.CoreConfigured -ne 1) {
$message1 = New-object -ComObject Wscript.Shell
$message1.Popup("Preparing to configure Microsoft CRM for Outlook, please make sure Outlook is closed.",10,"Systems")
# Prompts user for email address and Password to configure CRM for Outlook
$c = Get-Credential -Message "To confgiure CRM, please enter your email address and password:"
# puts user credentials into Windows Credential Manager using required CRM URLs
cmdkey /generic:Microsoft_CRM_https://disco.crm.dynamics.com/ /user: $c.Username /pass: $c.Password | Out-Null
cmdkey /generic:Microsoft_CRM_https://disco.crm4.dynamics.com/ /user: $c.Username /pass: $c.Password | Out-Null
$message2 = New-Object -ComObject Wscript.Shell
$message2.Popup("Please wait, a notification will appear when the configuration is complete.",10,"Systems")
# Silenty runs the CRM configuration Wizard with custom XML file
$exe = "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\Microsoft.Crm.Application.Outlook.ConfigWizard.exe"
&$exe -p /Q /i 'C:\Program Files (x86)\Microsoft Dynamics CRM\Default_Client_Config.xml' /xa /l 'c:\temp\crminstall.txt' | Out-Null
$message3 = New-Object -ComObject Wscript.Shell
$message3.Popup("Configuration complete! You may now open Outlook!",10,"Systems")
}
else {
exit
}
最佳答案
我想 cmdkey 正在使用 Microsoft 的数据保护 API (DPAPI) 来加密凭据,因此只有当前用户才能检索它们。除非加载了用户的 session ,否则您无法使用此 API。当您的脚本运行时,在登录过程中加载 DPAPI 所需的安全信息可能为时过早。我不确定登录脚本是如何工作的,但请尝试在登录脚本中延迟,直到获得值为止。
这是使用 DPAPI 加密的 PowerShell 代码:
$scope = [Security.Cryptography.DataProtectionScope]::CurrentUser
$encryptedBytes = [Security.Cryptography.ProtectedData]::Protect( $plainBytes, $null, $scope )
$decryptedBytes = [Security.Cryptography.ProtectedData]::Unprotect( $encryptedBytes, $null, 0 )
在 logn 脚本中添加一个循环,尝试加密/解密一些随机字节数组,直到成功为止。
关于powershell - 作为登录脚本运行时,PowerShell 中的 cmdkey 不起作用?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25383773/