vmsky
powershell:限制计算机可登录的用户名 
$ScriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent 
$CarbdllPath = "$ScriptDir\Carbon.dll"
[void][System.Reflection.Assembly]::LoadFile( $CarbdllPath )
$LimtlocalUserGroup = "LogonUser"
$DenylocalUserGroup = "Users"
$Privilege = "SeInteractiveLogonRight"
$LocalGroups = Get-WMIObject win32_group -filter "LocalAccount='True'"
$GetAdministrsUsers = Net localgroup Administrators | ?{$_} | select -Skip 4
$GetUsers = Net localgroup Users | ?{$_} | select -Skip 4
$AllLimtUser = $GetAdministrsUsers + $GetUsers |Sort-Object -Unique | ?{$_ -like "AAC\*" -and $_ -notlike "*Users*" -and $_ -notlike "*admin*" }
if ($LocalGroups.name -notcontains $LimtlocalUserGroup )
        { net localgroup $LimtlocalUserGroup /add | Out-Null 
          foreach ( $User in $AllLimtUser )
            {
             net localgroup $LimtlocalUserGroup $user /add | out-null 
            }
        }
        else 
        {
          $GetLogonUser = Net localgroup $LimtlocalUserGroup | ?{$_ -like "AAC\*"}
          foreach ($user in $AllLimtUser) 
            {
             if ($GetLogonUser -notcontains $user)
                {
                 net localgroup $LimtlocalUserGroup $User /add | Out-Null
                }
            }
          if ($GetLogonUser -contains "AAC\Domain Users")
            {
             net localgroup $LimtlocalUserGroup "AAC\Domain Users" /Delete | Out-Null
            }
        }
[Carbon.Security.Privilege]::GrantPrivileges( $LimtlocalUserGroup , $Privilege )
[Carbon.Security.Privilege]::RevokePrivileges( $DenylocalUserGroup , $Privilege ) 
Return 10009

  

posted on 2020-09-20 08:47  vmsky  阅读(205)  评论(0编辑  收藏  举报

Copyright © 2024 vmsky
Powered by .NET 8.0 on Kubernetes Powered By博客园