我想要a script在这种情况下使用:
- 无需管理员权限即可获得远程访问
- 远程启动快速协助
.\Administrator
and not进行 UAC 对话。
第 1 步通常通过 Quick Assist 完成,有时通过 Teams 屏幕共享完成。
I'm aware that I can locate quickassist.exe
in File Explorer then use Shift and the context menu to Run as a different user, however I'd like a scripted approach.
实验A
这可行,但是有一个Yes/NoUAC对话:
$isElevated = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if ( -not $isElevated ) {
Start-Process powershell.exe -Credential Administrator -NoNewWindow -ArgumentList {
Start-Process quickassist.exe -Verb RunAs ;
} ;
}
实验B
我犯了很多错误,不知道如何纠正。 (我正在尝试逐渐学习 PowerShell,但在学习时我很容易感到困惑;有点阅读障碍。)
$isElevated = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if ( -not $isElevated ) {
Start-Process powershell.exe -Credential Administrator {
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop" -Value 0 -Force;
};
Write-Host "UAC (user account control) is weakened for a Quick Assist session …" -ForegroundColor Red;
Start-Process powershell.exe -Credential Administrator -NoNewWindow -ArgumentList {Start-Process quickassist.exe -Verb RunAs -Wait};
Write-Host "… Quick Assist session complete …" -ForegroundColor Red;
Start-Process powershell.exe -Credential Administrator {
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop" -Value 1 -Force;
};
Write-Host "… UAC is strengthened." -ForegroundColor Red;
}
- 对注册表的两次预期更改没有发生
- 第三个证书对话出现得太早 – 我希望它出现not直到快速协助会话结束后才会出现。
另外,从概念上讲,当 UAC 暂时被削弱时,可能不需要以管理员身份运行 Quick Assist。
参考
https://stackoverflow.com/a/2258134/38108 https://stackoverflow.com/a/2258134/38108(2010-02-13) 我看到使用-Credential
with Invoke-Command
但是当我尝试做类似的事情来更改注册表时,我会弄得一团糟。
https://stackoverflow.com/a/47516161/38108 https://stackoverflow.com/a/47516161/38108(2017-11-27) 自提升 PowerShell 脚本。
https://superuser.com/a/1524960/84988 https://superuser.com/a/1524960/84988(2020-02-12) 和https://serverfault.com/a/1003238/91969 https://serverfault.com/a/1003238/91969(2020-02-15)很有趣——两个答案中的脚本相同——但是我需要类似的东西-Credential Administrator
替代-ComputerName
.
https://stackoverflow.com/a/60292423/38108 https://stackoverflow.com/a/60292423/38108(2020-03-07) 通过https://stackoverflow.com/a/60263039/38108 https://stackoverflow.com/a/60263039/38108
PowerShell 命令 - PowerShell - SS64.com https://ss64.com/ps/
https://github.com/okieselbach/Intune/blob/master/DisablePromptOnSecureDesktop.ps1 https://github.com/okieselbach/Intune/blob/master/DisablePromptOnSecureDesktop.ps1(2020-11-13) 通过快速协助 Windows 10 中的内置远程控制 – 现代 IT – 云 – 工作场所 https://oliverkieselbach.com/2020/03/03/quick-assist-the-built-in-remote-control-in-windows-10/