Como usar os scripts do PowerShell com o provedor de ponte WMI
Este artigo aborda o uso de scripts de Cmdlet do PowerShell para configurar configurações de política por usuário e por dispositivo e como invocar métodos por meio do Provedor de Ponte WMI.
Configurando configurações de política por dispositivo
Esta seção fornece um script de exemplo do Cmdlet do PowerShell para configurar as configurações por dispositivo por meio do Provedor de Ponte WMI. Se uma classe dá suporte às configurações do dispositivo, deve haver um qualificador de nível de classe definido para InPartition("local-system").
Para todas as configurações do dispositivo, o cliente da Ponte WMI deve ser executado no usuário do sistema local. Para fazer isso, baixe a ferramenta psexec de https://technet.microsoft.com/sysinternals/bb897553.aspx e execute psexec.exe -i -s cmd.exe de um prompt de comando de administrador elevado.
O exemplo de script nesta seção usa a classe MDM_Policy_Config01_WiFi02:
[dynamic, provider("DMWmiBridgeProv"), InPartition("local-system")]
class MDM_Policy_Config01_WiFi02
{
string InstanceID;
string ParentID;
sint32 AllowInternetSharing;
sint32 AllowAutoConnectToWiFiSenseHotspots;
sint32 WLANScanMode;
};
O script a seguir descreve como criar, enumerar, consultar, modificar e excluir instâncias.
$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_Policy_Config01_WiFi02"
# Create a new instance for MDM_Policy_Config01_WiFi02
New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID="./Vendor/MSFT/Policy/Config";InstanceID="WiFi";AllowInternetSharing=1;AllowAutoConnectToWiFiSenseHotspots=0;WLANScanMode=100}
# Enumerate all instances available for MDM_Policy_Config01_WiFi02
Get-CimInstance -Namespace $namespaceName -ClassName $className
# Query instances with matching properties
Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT/Policy/Config' and InstanceID='WiFi'"
# Modify existing instance
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT/Policy/Config' and InstanceID='WiFi'"
$obj.WLANScanMode=500
Set-CimInstance -CimInstance $obj
# Delete existing instance
try
{
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT/Policy/Config' and InstanceID='WiFi'"
Remove-CimInstance -CimInstance $obj
}
catch [Exception]
{
write-host $_ | out-string
}
Configurando configurações por usuário
Esta seção fornece um script de exemplo do Cmdlet do PowerShell para configurar as configurações por usuário por meio da Ponte WMI. Se uma classe dá suporte a configurações de usuário, deve haver um qualificador de nível de classe definido para InPartition("local-user").
O exemplo de script nesta seção usa a classe MDM_Policy_User_Config01_Authentication02:
[dynamic, provider("DMWmiBridgeProv"), InPartition("local-user")]
class MDM_Policy_User_Config01_Authentication02
{
string InstanceID;
string ParentID;
sint32 AllowEAPCertSSO;
};
Observação
Se o usuário conectado atualmente estiver tentando acessar ou modificar as configurações do usuário para si mesmo, é muito mais fácil usar o script de configurações por dispositivo da seção anterior. Todos os cmdlets do PowerShell devem ser executados em um prompt de comando de administrador elevado.
Se acessar ou modificar configurações para um usuário diferente, o script do PowerShell será mais complicado porque a Ponte WMI espera que o SID do usuário seja definido no Contexto Personalizado do MI, que não tem suporte em cmdlets nativos do PowerShell.
Observação
Todos os comandos devem ser executados no sistema local.
O comando wmic useraccount get name, sid Windows pode ser usado para obter o SID do usuário. O exemplo de script a seguir pressupõe que o SID do usuário seja S-1-5-21-4017247134-4237859428-3008104844-1001.
$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_Policy_User_Config01_Authentication02"
# Configure CIM operation options with target user info
$options = New-Object Microsoft.Management.Infrastructure.Options.CimOperationOptions
$options.SetCustomOption("PolicyPlatformContext_PrincipalContext_Type", "PolicyPlatform_UserContext", $false)
$options.SetCustomOption("PolicyPlatformContext_PrincipalContext_Id", "S-1-5-21-4017247134-4237859428-3008104844-1001", $false)
# Construct session used for all operations
$session = New-CimSession
##########################################################################
# Create a new instance for MDM_Policy_User_Config01_Authentication02
##########################################################################
$newInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", './Vendor/MSFT/Policy/Config', "string", "Key")
$newInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", 'Authentication', "String", "Key")
$newInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("AllowEAPCertSSO", 1, "Sint32", "Property")
$newInstance.CimInstanceProperties.Add($property)
try
{
$session.CreateInstance($namespaceName, $newInstance, $options)
}
catch [Exception]
{
write-host $_ | out-string
}
##########################################################################
# Enumerate all instances for MDM_Policy_User_Config01_Authentication02
##########################################################################
$session.EnumerateInstances($namespaceName, $className, $options)
##########################################################################
# Query instance for MDM_Policy_User_Config01_Authentication02
# with matching properties
##########################################################################
$getInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", './Vendor/MSFT/Policy/Config', "string", "Key")
$getInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", 'Authentication', "String", "Key")
$getInstance.CimInstanceProperties.Add($property)
try
{
$session.GetInstance($namespaceName, $getInstance, $options)
}
catch [Exception]
{
write-host $_ | out-string
}
##########################################################################
# Modify existing instance for MDM_Policy_User_Config01_Authentication02
##########################################################################
$getInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", './Vendor/MSFT/Policy/Config', "string", "Key")
$getInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", 'Authentication', "String", "Key")
$getInstance.CimInstanceProperties.Add($property)
try
{
$updateInstance = $session.GetInstance($namespaceName, $getInstance, $options)[0]
$updateInstance.AllowEAPCertSSO = 0
$session.ModifyInstance($namespaceName, $updateInstance, $options)
}
catch [Exception]
{
write-host $_ | out-string
}
##########################################################################
# Delete existing instance for MDM_Policy_User_Config01_Authentication02
##########################################################################
$getInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", './Vendor/MSFT/Policy/Config', "string", "Key")
$getInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", 'Authentication', "String", "Key")
$getInstance.CimInstanceProperties.Add($property)
try
{
$deleteInstance = $session.GetInstance($namespaceName, $getInstance, $options)[0]
$session.DeleteInstance($namespaceName, $deleteInstance, $options)
}
catch [Exception]
{
write-host $_ | out-string
}
Invocando métodos
Esta seção fornece um script de exemplo do Cmdlet do PowerShell para invocar um método de objeto WMI Bridge. O script a seguir deve ser executado no usuário do sistema local. Para fazer isso, baixe a ferramenta psexec de https://technet.microsoft.com/sysinternals/bb897553.aspx e execute psexec.exe -i -s cmd.exe de um prompt de comando de administrador elevado.
O exemplo de script nesta seção usa o método UpgradeEditionWithProductKeyMethod da classe MDM_WindowsLicensing .
$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_WindowsLicensing"
$methodName = "UpgradeEditionWithProductKeyMethod"
$fakeProductKey = "7f1a3659-3fa7-4c70-93ce-0d354e8e158e"
$session = New-CimSession
$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", $fakeProductKey, "String", "In")
$params.Add($param)
try
{
$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='WindowsLicensing'"
$session.InvokeMethod($namespaceName, $instance, $methodName, $params)
}
catch [Exception]
{
write-host $_ | out-string
}
Artigos relacionados
Comentários
Em breve: Ao longo de 2024, eliminaremos os problemas do GitHub como o mecanismo de comentários para conteúdo e o substituiremos por um novo sistema de comentários. Para obter mais informações, consulte https://aka.ms/ContentUserFeedback.
Enviar e exibir comentários de