Powershell copy item

Alex Ch 70 Баллы репутации
2024-07-02T15:03:48.8033333+00:00

Hello.

Tell me, there is a script that I run on a remote server. The script connects to the connection broker, pulls out the event and name from the connection log. After this, I must write the data to a file; if I specify the path to the network file in the format "\Scripts\RDP\log.csv" an access error occurs. I run the script and check the script from an account with administrative rights.

New-PSSession -ComputerName rd-cb-1

$csvFilePath = "\Scripts\RDP\log.csv"

if (-not (Test-Path $csvFilePath)) {

"Name" | Out-File  $csvFilePath 

}

$rdGatewayLogName = "Microsoft-Windows-TerminalServices-Gateway/Operational"

$rdGatewayConnectEventID = 302

$startTime = (Get-Date).AddHours(-12)

$events = Get-WinEvent -LogName $rdGatewayLogName

$filteredEvents = $events | Where-Object {

($_.TimeCreated -ge $startTime) -and

($_.Id -eq $rdGatewayConnectEventID -or $_.Id -eq $rdGatewayDisconnectEventID)

}

foreach ($event in $filteredEvents) {

$timestamp = $event.TimeCreated

$formattedDate = $timestamp.ToString("dd.MM.yyyy")

$formattedTime = $timestamp.ToString("HH:mm:ss")

$eventType = if ($event.Id -eq $rdGatewayConnectEventID) { "Connect" } else { "Out" }

$username = $event.Properties[0].Value

$remoteIP = $event.Properties[1].Value

$sessionID = $event.Properties[2].Value

$csvLine = "$formattedDate,$formattedTime,$eventType,$username,$remoteIP,$sessionID"

$csvLine | Out-File $csvFilePath -Append

}

Windows Server
Windows Server
Семейство серверных операционных систем Майкрософт, поддерживающих управление, хранение данных, приложения и обмен данными на уровне предприятия.
Вопросы: 18
Комментариев: 0 Без комментариев
Голосов: {count}

1 ответ

Сортировать по: Наиболее полезные
  1. Ian Xue 37,706 Баллы репутации Поставщик Майкрософт
    2024-07-03T02:21:03.5633333+00:00

    Hi Alex Ch,

    This is the "second hop problem" because PowerShell does not delegate credentials by default for security reasons.

    Please run Enable-WSManCredSSP on the client to allow delegating credentials. The delegate computer is the FQDN of the RDCB in your case.

    Enable-WSManCredSSP –Role Client –DelegateComputer rdcb.domain.com -Force
    

    Then run Enable-WSManCredSSP on the RDCB to allow receiving credentials from clients.

    Enable-WSManCredSSP -Role Server -Force
    

    Then you can create a remote session with the "-Authentication Credssp" parameter to run the script from the client.

    $cred = Get-Credential 
    $mysession = New-PSSession -ComputerName rdcd.domain.com -Credential $cred -Authentication Credssp
    Invoke-Command -Session $mysession -ScriptBlock { ... }
    
    

    You can refer to this link for more details.

    https://devblogs.microsoft.com/scripting/enable-powershell-second-hop-functionality-with-credssp/

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.


Ваш ответ

Автор вопроса может помечать ответы как принятые. Это позволяет пользователям узнать, что ответ помог решить проблему автора.