当特定用户登录时,如何在Powershell中运行特定条件?

在我的台式机上,我有自己的管理员帐户,并且正在为想要玩游戏的SO创建一个游戏帐户,用户名为Games。我的游戏硬盘驱动器上装有bitlocker,但是如果他们登录,我希望脚本可以自动安全地解锁驱动器,而无需我在那里。

我有一个脚本,已经提示了bitlocker密码,但是我该怎么说呢?“如果是Games,请输入此密码(最好是不使用硬编码的密码)并解锁驱动器。

$key = Read-Host 'Enter Bitlocker Password!' -AsSecureString

Unlock-Bitlocker -MountPoint "F:" -Password $key
评论
咪咪兔
咪咪兔

您可以使用以下命令获取当前登录的用户名

PS> $env:USERNAME
Stephen

因此,要解锁该驱动器,您可以使用执行以下操作的脚本

$allowedUsers = 'Stephen','Lindsey'

If ($allowedUsers.Contains($env:USERNAME)){
   #User is in allowed users group
   Unlock-Bitlocker...
}

As for storing your password, I would normally suggest to store it as a SecureString but because this script will run against multiple users, we would have issues retrieving a value encrypted against your profile, so I think you should take a look at the PSSecret's Module, which should have work for your needs.

您也可以始终使用base64或其他“加密方式”来烘烤密码。

$sketchyPw = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("'myQuoteGamesDrivePasswordUnquote'"))

#back to plain

[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($sketchyPW))

因此,在您的情况下,您将获得base64密码,然后将其烘烤到脚本中,这对于您的用例来说可能已经足够安全了。

$key = convertto-securestring ([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String('JwBIAGEAbABvAEkAcwBUAGgAZQBCAGUAcwB0ACcA'))) -AsPlainText -Force
$allowedUsers = 'Stephen','Lindsey'

If ($allowedUsers.Contains($env:USERNAME)){
   #User is in allowed users group
   Unlock-Bitlocker -MountPoint "F:" -Password $key
}


点赞
评论