它會建立 tmp11.inf,但不會將使用者權限匯出到 tmp11.inf 0kb。由於 tmp11.inf 為空,因此腳本在 $currentConfig = Get-Content -Path $tempConfigFile 處失敗
- 我添加了以下行以管理員身份運行,但仍然存在相同的問題。
Start-Process -FilePath "powershell" -ArgumentList "$('-File ""')$(Get-Location)$('\')$($MyInvocation.MyCommand.Name)$('""')" -Verb runAs**
2) OneOps execution both failed same issue,
Method 1. ```powershell.exe -file E:\apps-packages\GrantLogonRights.ps1```
Method 2. ```PowerShell -NoProfile -ExecutionPolicy Bypass -Command "Start-Process PowerShell -ArgumentList '-ExecutionPolicy Unrestricted','-File E:\apps-packages\GrantLogonRights.ps1' -Verb RunAs" ```
$username = "domain\account"
$rightBatch = "SeBatchLogonRight"
$tempConfigFile = "C:\Users\admin\AppData\Local\Temp\tmp11.inf"
$tempDbFile = "C:\Users\admin\AppData\Local\Temp\tmp11.sdb"
secedit /export /cfg $tempConfigFile /areas USER_RIGHTS
$currentConfig = Get-Content -Path $tempConfigFile
$sid = ((New-Object System.Security.Principal.NTAccount($username)).Translate([System.Security.Principal.SecurityIdentifier])).Value
$newConfig = $currentConfig -replace "^$right .+", "`$0,*$sid"
Set-Content -Path $tempConfigFile -Encoding ascii -Value $newConfig
secedit /import /cfg $tempConfigFile /db $tempDbFile
secedit /configure /db $tempDbFile /cfg $tempConfigFile /areas USER_RIGHTS
gpupdate /force