Powershell invoke-command只返回一个对象属性

s2j5cfk0  于 2023-08-05  发布在  Shell
关注(0)|答案(1)|浏览(158)

我尝试使用Invoke-Commandcmdlet在多个Windows服务器上获取Windows审核策略。它适用于所有服务器,除了我只获得第一个对象属性(添加的SecEvtLogMaxSizeKb)的服务器。下面是我的代码:

# Get audit policy for computer
$oCompAuditPolicy = Invoke-Command -ComputerName $sCompName -ScriptBlock {
    # Create reporting object for the computer
    $oLocCompAuditPolicy = New-Object PSObject -Property @{}
               
    # Add a property for security event log max size
    $oLocCompAuditPolicy | Add-Member -MemberType NoteProperty -Name "SecEvtLogMaxSizeKb" -Value $(Get-EventLog -List | Where-Object {$_.log -like "Security"}).maximumkilobytes
        
    # Get audit policy on computer and fille the reporting object
    $sCompAuditPolicy = auditPol /get /category:*
    $sCompAuditPolicy | Where-Object { $_ -is [string] -and $_ } <# Remove blank lines #> | Select-Object -Skip 2 <# Headers #> | ForEach-Object {
        # Headers don't have two columns and so don't have two spaces
        if ($_ -like "*  *") {
            # The left and right columns are separated by two spaces, extract into two groups and ignore spaces between them
            $_ -match '  ([a-z, /-]+)  ([a-z, ]+)' | Out-Null

            # Add a property for each audit policy
            $oLocCompAuditPolicy | Add-Member -MemberType NoteProperty -Name "$($Matches[1].Trim())" -Value $Matches[2]
        }
    }

    # Return reporting object
    $oLocCompAuditPolicy
}

字符串
当我直接在服务器上执行命令块时,我得到一个具有所有预期属性的完整对象。
当我比较两台服务器时,两者都使用Windows 2019操作系统,返回的本地对象似乎是相同的,并且它们安装了相同的PowerShell版本:

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.17763.3770
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.3770
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1


有没有办法从Invoke-Command中获取完整的PS对象?
不正确(即不完整)输出|格式列表 *:

SecEvtLogMaxSizeKb : 4194240
PSComputerName : xxxxxxxxx
RunspaceId : 4b8dccea-d87f-49c6-a719-21d747a65b5d
PSShowComputerName : True


更正了$oCompAuditPolicy的输出(但删除了一些行)|格式列表 *:

SecEvtLogMaxSizeKb : 4194240
Security System Extension : Success and Failure
Credential Validation : Success and Failure
PSComputerName : yyyyyyyyyyy
RunspaceId : 765967e6-8735-45e1-bc38-922f343a7f12
PSShowComputerName : True

powershell

1条答案

按热度按时间
osh3o9ms

osh3o9ms1#

我稍微修改了一下代码。下面是使用foreach循环从多台计算机获取审计策略:

foreach ($sCompName in $aCompNames){
    # Create PS session
    $oSession = New-PSSession -ComputerName $sCompName -ErrorAction SilentlyContinue

    # Get audit policy for computer if session is valid
    if ($oSession) {
        $oCompAuditPolicy = Invoke-Command -Session $oSession -ScriptBlock {
            # Create reporting object for the computer
            $oLocCompAuditPolicy = [pscustomobject]@{
                SecEvtLogMaxSizeKb = $(Get-EventLog -List | Where-Object {$_.log -like "Security"}).maximumkilobytes
            }
                    
            # Get audit policy on computer and fille the reporting object
            $sCompAuditPolicy = auditPol /get /category:*
            $sCompAuditPolicy | Where-Object { $_ -is [string] -and $_ } <# Remove blank lines #> | Select-Object -Skip 2 <# Headers #> | ForEach-Object {
                # Headers don't have two columns and so don't have two spaces
                if ($_ -like "*  *") {
                    # The left and right columns are separated by two spaces, extract into two groups and ignore spaces between them
                    $_ -match '  ([a-z, /-]+)  ([a-z, ]+)' | Out-Null
    
                    # Add a property for each audit policy
                    $oLocCompAuditPolicy | Add-Member -MemberType NoteProperty -Name "$($Matches[1].Trim())" -Value $Matches[2]
                }
            }

            # Return reporting object
            $oLocCompAuditPolicy

        } -ErrorAction SilentlyContinue

        # Add a 'Group Membership' property as necessary (relevant for Win 2016 computers only)
        if (-Not $oCompAuditPolicy.PSObject.Properties["Group Membership"]) {
            $oCompAuditPolicy | Add-Member -MemberType NoteProperty -Name "Group Membership" -Value "-"
        }
        
        # Add a property related to type of computer (DC or not)
        if ($aDCs -contains $sCompName) {
            $sCompType = "DC"
        } else {
            $sCompType = "Standard"
        }
        $oCompAuditPolicy | Add-Member -MemberType NoteProperty -Name "Type" -Value $sCompType
        Write-Host $sCompName
        $oCompAuditPolicy | Export-Csv -Path AudPol.csv -Append
        $aAuditPolicies += $oCompAuditPolicy
        $oSession | Remove-PSSession
    }
}

字符串
现在我注意到一件很奇怪的事如果我用一个现有的会话在'if($oSession)'之后运行块,它会工作。但是如果我从会话创建开始运行代码,它就会失败。
好吧,看来PSSession还没有完全准备好使用。如果我等待4-5秒,它的工作。
我明白了!似乎'auditpol'命令在创建会话后需要一些时间来返回一些东西。我创造了一个短暂的等待。

赞(0)分享  回复(0)举报  2023-08-05
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com