当特定用户登录时,如何在Powershell中运行特定条件?

在我的台式机上,我有自己的管理员帐户,并且正在为想要玩游戏的SO创建一个游戏帐户,用户名为Games。我的游戏硬盘驱动器上装有bitlocker,但是如果他们登录,我希望脚本可以自动安全地解锁驱动器,而无需我在那里。

我有一个脚本,已经提示了bitlocker密码,但是我该怎么说呢?“如果是Games,请输入此密码(最好是不使用硬编码的密码)并解锁驱动器。

$key = Read-Host 'Enter Bitlocker Password!' -AsSecureString

Unlock-Bitlocker -MountPoint "F:" -Password $key
评论
  • 咪咪兔
    咪咪兔 回复

    您可以使用以下命令获取当前登录的用户名

    PS> $env:USERNAME
    Stephen
    

    因此,要解锁该驱动器,您可以使用执行以下操作的脚本

    $allowedUsers = 'Stephen','Lindsey'
    
    If ($allowedUsers.Contains($env:USERNAME)){
       #User is in allowed users group
       Unlock-Bitlocker...
    }
    

    As for storing your password, I would normally suggest to store it as a SecureString but because this script will run against multiple users, we would have issues retrieving a value encrypted against your profile, so I think you should take a look at the PSSecret's Module, which should have work for your needs.

    您也可以始终使用base64或其他“加密方式”来烘烤密码。

    $sketchyPw = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("'myQuoteGamesDrivePasswordUnquote'"))
    
    #back to plain
    
    [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($sketchyPW))
    

    因此,在您的情况下,您将获得base64密码,然后将其烘烤到脚本中,这对于您的用例来说可能已经足够安全了。

    $key = convertto-securestring ([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String('JwBIAGEAbABvAEkAcwBUAGgAZQBCAGUAcwB0ACcA'))) -AsPlainText -Force
    $allowedUsers = 'Stephen','Lindsey'
    
    If ($allowedUsers.Contains($env:USERNAME)){
       #User is in allowed users group
       Unlock-Bitlocker -MountPoint "F:" -Password $key
    }