问题描述
我有一个简单的Powershell脚本,该脚本通过GPO启动脚本运行。 如您所见,它需要一个指纹遍历证书存储区,并在找到后将其删除。
#thumbprint of certificate to remove
$thumb = "abcdef444444857694df5e45b68851868"
#loop through all the certs stores looking for $thumb and remove if found
get-childitem Cert:/ -recurse | where-object {$_.thumbprint -contains "$thumb"} | remove-item
当我从提升的Powershell提示符运行以上两行时,它有效!
如果我重新启动计算机并让GPO做这件事,或者如果我从提升的Powershell运行,则提示以下内容:
powershell.exe -Noninteractive -ExecutionPolicy Bypass -Noprofile -file "\\mydomain.corp\SysVol\mydomain.corp\Policies\{7086C68E-D509-9169-A02B-56579826C234}\Machine\Scripts\Startup\removecerts.ps1"
然后我得到以下信息:
remove-item:该操作在用户根存储上,并且不允许UI。
任何帮助将不胜感激。
解决方法
我怀疑它正在提示您进行确认,而无头跑步则无法实现。
添加-Force
参数应覆盖确认提示:
... | Remove-Item -Force
或者,在尝试删除证书以避免提示之前,将$ConfirmPreference
variable设置为None
:
$ConfirmPreference = 'None'
<# rest of script goes here #>
,
脚本现在看起来像这样:
$ConfirmPreference = 'None'
#thumbprint of certificate to remove
$thumb = "abcdef444444857694df5e45b68851868"
#loop through all the certs stores looking for $thumb and remove if found
get-childitem Cert:/ -recurse | where-object {$_.thumbprint -contains "$thumb"} | remove-item -Force
我的错误:
remove-item : The operation is on user root store and UI is not allowed.
At \\mydomain.corp\SysVol\mydomain.corp\Policies\{7086C68E-D509-9169-A02B-56579826C234}\Machine\Scripts\Startup\removecerts.ps1:16 char:88
+ ... {$_.thumbprint -match "$thumb"} | remove-item -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Remove-Item],InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.RemoveItemCommand
```