分享一些自己工作上写过的脚本,希望可以帮助到有同样需求的小伙伴
# WIFI 黑白名单
由于 Ivanti EPM
只支持禁用无线网卡的功能,无法对无线 SSID名称
做为管控对象,所以之前针对有这方面需求的用户写了个 WIFI 黑白名单的脚本
# WIFI 白名单
要想使用 WIFI 白名单,首先需要先禁止所有的 SSID,然后添加允许的 SSID,这样客户端就只能访问允许列表中的 SSID
l @echo off netsh wlan add filter permission=denyall networktype=infrastructure netsh wlan add filter permission=allow ssid="SSID名称" networktype=infrastructure
# WIFI 黑名单
仅拒绝访问阻止列表的 SSID
l @echo off netsh wlan add filter permission=block ssid="SSID名称" networktype=infrastructure
# 辅助命令
l
l netsh wlan delete filter permission=allow ssid="SSID名称" networktype=infrastructure
l netsh wlan delete filter permission=block ssid="SSID名称" networktype=infrastructure
# 禁用电脑摄像头
有一些企业内部管控比较严厉,希望可以通过 Ivanti EPM
禁止用户打开电脑的摄像头,该企业使用了 AD 域限制了用户的管理员权限,所以我这边就简单粗暴,直接在设备管理器中禁用掉摄像头
# 禁用摄像头
l Disable-PnpDevice - InstanceId ( Get-PnpDevice - FriendlyName * cam* - Class Camera - Status OK) . InstanceID - Confirm:$false
# 启用摄像头
l Enable-PnpDevice - InstanceId ( Get-PnpDevice - FriendlyName * cam* - Class Camera - Status Error) . InstanceID - Confirm:$false
# 文件查找
有的用户希望能够通过 EPM 查询客户端是否存在某个软件和文件,由于 EPM 只能收集客户端安装过的软件和运行过的软件信息,对非可执行程序或者未在电脑上运行过的程序是无法搜集的,于是写了个查找文件的脚本,通过遍历所有的磁盘,然后将结果保存到用户指定的共享文件中
l $DiskList = Get-Volume | where { ( $_ . DriveType -like 'Fixed' ) -and ( $_ . FileSystemLabel -notlike 'System Reserved' ) } | select - expand DriveLetter$FileName = ${ env:username} + "_" + ${ env:COMPUTERNAME} + "_" $UNCPath = '\\127.0.0.1\auditreport$' net use $UNCPath password / user:administrator if ( ${ env:COMPUTERNAME} -ne "FORTRESS" ) { Foreach ( $disk in $DiskList ) { $ExstsFile = Get-ChildItem - Path $Disk ':\' - Recurse - Name photoshop. exe if ( $ExstsFile ) { echo $ExstsFile >> $UNCPath \$FileName $disk . txt } } } exit
# 删除本地组中无效的 AD 用户
AD 环境中的本地组存在大量无效的 AD 用户,这些用户通常以 S-1
开头,有些强迫症用户就希望可以删除掉这些无效用户,于是就写了个删除无效 AD 用户的脚本
l $GroupName = "administrators" $GroupMembers = @( ( [ADSI] "WinNT://./${GroupName}" ) . psbase. Invoke( 'Members' ) | ForEach-Object { $_ . GetType( ) . InvokeMember( 'AdsPath' , 'GetProperty' , $null , $_ , $null ) } ) -match '^WinNT' $GroupMembers = $GroupMembers -replace "WinNT://" , "" Write-Host "Members of group ${GroupName}: $( $GroupMembers -join ', ' ) " foreach ( $member in $GroupMembers ) { if ( $member -like "keeponline/*" -or $member -like "BUILTIN/*" ) { continue } elseif ( $member -match "S-1" ) { $sid = $member -replace ".*?S-1" , "S-1" Write-Host "Removing invalid account: $sid from group $GroupName " Remove-LocalGroupMember - Group $GroupName - Member $sid } }
# 设置客户端壁纸
有的用户希望在没有 AD 域的情况统一客户端的壁纸,刚开始以为很简单,就写了个脚本通过注册表指定壁纸路径使其生效,后面发现切换到其它用户登录该壁纸不生效,于是就简单粗暴的添加了开机启动项实现其它用户登录也生效
l @echo off net use \\ivt-svr\soft password / user:ShareName mkdir c:\wallpaper attrib + s + h + r c:\wallpaper xcopy / y \\ivt-svr\soft\zard. jpg c:\wallpaper\ echo Y| net use \\ivt-svr\soft / del reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" / v Wallpaper / t reg_sz / d c:\WallPaper\wp. bat / f echo ^@echo off >> c:\WallPaper\wp. batecho reg add ^"hkcu^\control panel^\desktop^" ^/ v wallpaper ^/ d ^"c:^\wallpaper^\zard.jpg^" ^/ f >> c:\WallPaper\wp. batecho RunDll32. exe USER32. DLL, UpdatePerUserSystemParameters >> c:\WallPaper\wp. batxcopy / y c:\WallPaper\wp. bat "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp" attrib + s + h + r c:\WallPaper\wp. bat attrib + s + h + r "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\wp.bat" cmd / c c:\WallPaper\wp. bat
# 创建程序快捷方式,并替换图标
之前有用户想要用 ivanti
的软件门户,但是当初在配置代理的时候并没有配置将软件门户显示在用户桌面,现在想通过 EPM
后台推送一个任务创建快捷方式,并且将软件门户的图标替换成自己的公司 logo
, 然后我就根据用户的需求写了个 powershell
的脚本
l $URL = "http://epm2022/software/Store.ico" $OouFile = "c:\windows\Store.ico" Invoke-WebRequest - Uri $URL - OutFile $OouFile $shortcutPath = "C:\Users\Public\Desktop\软件商城.lnk" $iconPath = "C:\windows\Store.ico" $iconIndex = 0$shell = New-Object - ComObject WScript. Shell$shortcut = $shell . CreateShortcut( $shortcutPath ) $shortcut . IconLocation = "$iconPath ,$iconIndex " $shortcut . TargetPath = "C:\Program Files (x86)\LANDesk\LDClient\LANDeskPortalManager.exe" $shortcut . Save( ) [System.Runtime.Interopservices.Marshal] ::ReleaseComObject( $shortcut ) | Out-Null [System.Runtime.Interopservices.Marshal] ::ReleaseComObject( $shell ) | Out-Null Remove-Variable shortcutRemove-Variable shell
# 生成随机序列号
某客户要求在操作系统部署阶段,由用户自行进行格式化,格式化后弹出一串随机序列号,并写入远程服务器,用于验证用户是否已经执行过格式化操作
l $randomSerial = -join ( ( 48. . 57) + ( 65. . 90) + ( 97. . 122) | Get-Random - Count 24 | ForEach-Object { [char] $_ } ) $filePath = "\\10.17.1.23\Serial.txt" $randomSerial . $BoardSerial | Out-File - FilePath $filePath - AppendAdd-Type - AssemblyName PresentationCore, PresentationFramework[System.Windows.MessageBox] ::Show( "Congratulations, you have successfully completed the computer formatting process. Please record the following serial number and bring it to the security department for verification. $randomSerial " , "TIPS" ) Stop-Computer - Force
# 加域脚本
l $adapter = Get-NetAdapter | Where-Object { $_ . Status -eq 'Up' } Set-DnsClientServerAddress - InterfaceIndex $adapter . InterfaceIndex - ServerAddresses @( "192.168.80.250" ) $DomainName = "keeponline.cn" $Username = "keeponline\administrator" $Password = ConvertTo-SecureString "Password123" - AsPlainText - Force $Credential = New-Object - TypeName System. Management. Automation. PSCredential - ArgumentList $Username , $Password Add-Computer - DomainName $DomainName - Credential $Credential - Restart - ForceRemove-Item - Path $MyInvocation . MyCommand. Path - Force
# 批量下载文件
我有时会想要批量下载一个网站的所有文件,例如音乐、视频和图片,所以写了个批量下载文件的 shell
脚本,该脚本会默认将文件下载到当前脚本所在目录,如果需要指定目录,可以用 wget -P /PATH
h #!/bin/sh url = $1 curl "$url " | grep -oP '(?<=href=")[^"]+\.(mp3|mp4|jpg)(?=")' | sed "s@^@$url /@" | xargs -n 1 curl -O
# 验证域账号
在某个用户的操作系统部署要求中,需要验证用户是否属于公司员工,通过域账号来验证并且将通过验证的域账号作为计算机名,如果用户有多台电脑,需要在计算机名后面加个数字区分这是第几台电脑,避免计算机名重复
如何验证域账号的正确性,我这里是通过域中某台主机的共享来验证域账号的正确性,验证通过后再询问用户这是第几台电脑,确认后将域账号和电脑字数进行拼接,然后保存到 x 盘
l $domain = "keeponline.cn" $validCredential = $false do { $credential = Get-Credential - Message "Enter your domain credentials" - UserName "$domain \" $sharePath = "\\win10.keeponline.cn\Share" try { Remove-PSDrive - Name "Z" - ErrorAction SilentlyContinue $null = New-PSDrive - Name "Z" - PSProvider "FileSystem" - Root $sharePath - Credential $credential - ErrorAction Stop Write-Host "Verify successfully!" $validCredential = $true } catch { $validCredential = $false } } until ( $validCredential ) $username = $credential . UserName. Split( "\" ) [ 1] do { $computerNumber = Read-Host "Is this your first, second, or third computer? (Enter the number)" if ( $computerNumber -match '^\d+$' ) { $confirmation = Read-Host "You entered that this is your computer number $computerNumber . Is this correct? (Enter 'y' to confirm, or 'n' to re-enter)" if ( $confirmation -eq 'Y' -or $confirmation -eq 'y' ) { $validInput = $true } elseif ( $confirmation -eq 'N' -or $confirmation -eq 'n' ) { $validInput = $false } else { Write-Host "Invalid response. Please enter 'y' to confirm or 'n' to re-enter!" $validInput = $false } } else { Write-Host "Invalid input. Please enter a number indicating which computer this is (e.g., 1 for first, 2 for second, etc.)" $validInput = $false } } until ( $validInput ) $newcomputername = "${username}${computerNumber}" $newcomputername | Out-File - FilePath "x:\user.txt"
确定好计算机名后,会自动进入下一步安装操作系统,安装完操作系统后,再通过脚本将计算名写入 Unattend.xml
应答文件,这样电脑重启后就会自动命名
l $filePath = "x:\user.txt" $oldComputerNameRegex = "<ComputerName>.*?</ComputerName>" $newComputerName = Get-Content $filePath $xmlPath = "C:\Windows\Panther\Unattend.xml" $xmlContent = Get-Content - Path $xmlPath - Raw$newXmlContent = $xmlContent -replace $oldComputerNameRegex , "<ComputerName>$newComputerName </ComputerName>" $newXmlContent | Set-Content - Path $xmlPath