Veeresh Patil
Reputation: 47
Ignore output - it should not print on screen
I can add LogOnAsAService privilege to a specific user or groups. While running the function, it is showing output.
My requirement is it should not print the output.
I have below working function for logon as a service right.
#region LogOnAsService-Right
Function LogOnAsService-Right
{
param(
[string] $Servername = ("{0}.{1}" -f $env:COMPUTERNAME.ToLower(), $env:USERDNSDOMAIN.ToLower()),
[string] $username = ("{0}\{1}" -f $env:USERDOMAIN, $env:USERNAME)
)
try{
Invoke-Command -ComputerName $Servername -Script {
param([string] $username)
$tempPath = [System.IO.Path]::GetTempPath()
$import = Join-Path -Path $tempPath -ChildPath "import.inf"
if(Test-Path $import) { Remove-Item -Path $import -Force }
$export = Join-Path -Path $tempPath -ChildPath "export.inf"
if(Test-Path $export) { Remove-Item -Path $export -Force }
$secedt = Join-Path -Path $tempPath -ChildPath "secedt.sdb"
if(Test-Path $secedt) { Remove-Item -Path $secedt -Force }
try {
Write-Host ("Granting SeServiceLogonRight to user account: {0} on host: {1}." -f $username, $Servername)
$sid = ((New-Object System.Security.Principal.NTAccount($username)).Translate([System.Security.Principal.SecurityIdentifier])).Value
secedit /export /cfg $export
$sids = (Select-String $export -Pattern "SeServiceLogonRight").Line
foreach ($line in @("[Unicode]", "Unicode=yes", "[System Access]", "[Event Audit]", "[Registry Values]", "[Version]", "signature=`"`$CHICAGO$`"", "Revision=1", "[Profile Description]", "Description=GrantLogOnAsAService security template", "[Privilege Rights]", "$sids,*$sid")){
Add-Content $import $line
}
secedit /import /db $secedt /cfg $import
secedit /configure /db $secedt
gpupdate /force
Remove-Item -Path $import -Force
Remove-Item -Path $export -Force
Remove-Item -Path $secedt -Force
} catch {
Write-Host ("Failed to grant SeServiceLogonRight to user account: {0} on host: {1}." -f $username, $Servername)
$error[0]
}
} -ArgumentList $username
}
catch
{
$_.exception.message
}
}
#endregion
Expected result: It should not print every step on the screen.
Actual result - It is printing every step:
The task has completed successfully. See log %windir%\security\logs\scesrv.log for detail info. Completed 1 percent (0/63) Process Privilege Rights area Completed 3 percent (1/63) Process Privilege Rights area Completed 4 percent (2/63) Process Privilege Rights area Completed 6 percent (3/63) Process Privilege Rights area Completed 7 percent (4/63) Process Privilege Rights area Completed 9 percent (5/63) Process Privilege Rights area Completed 11 percent (6/63) Process Privilege Rights area Completed 12 percent (7/63) Process Privilege Rights area Completed 14 percent (8/63) Process Privilege Rights area Completed 15 percent (9/63) Process Privilege Rights area Completed 17 percent (10/63) Process Privilege Rights area Completed 19 percent (11/63) Process Privilege Rights area Completed 20 percent (12/63) Process Privilege Rights area Completed 22 percent (13/63) Process Privilege Rights area Completed 23 percent (14/63) Process Privilege Rights area Completed 25 percent (15/63) Process Privilege Rights area Completed 25 percent (15/63) Process Group Membership area Completed 49 percent (30/63) Process Group Membership area Completed 49 percent (30/63) Process Registry Keys area Completed 49 percent (30/63) Process File Security area Completed 49 percent (30/63) Process Services area Completed 65 percent (40/63) Process Services area Completed 73 percent (45/63) Process Services area Completed 73 percent (45/63) Process Security Policy area Completed 77 percent (48/63) Process Security Policy area Completed 84 percent (52/63) Process Security Policy area Completed 88 percent (55/63) Process Security Policy area Completed 93 percent (58/63) Process Security Policy area Completed 100 percent (63/63) Process Security Policy area The task has completed successfully. See log %windir%\security\logs\scesrv.log for detail info. Updating policy... Computer Policy update has completed successfully. User Policy update has completed successfully.
Upvotes: 1
Views: 488
Answers (2)
Nirav Mistry
Reputation: 989
You can use
| Out-Null
to set no output even it is printing all lines
Upvotes: 2
Ranadip Dutta
Reputation: 9183
The output is coming from the second secedit.
Secedit has an optional paramater called /quiet which suppresses screen and log output. You can still view analysis results by using the Security Configuration and Analysis snap-in to the Microsoft Management Console (MMC).
like:
Secedit /configure /db <database file name> [/cfg <configuration file name>] [/overwrite] [/areas SECURITYPOLICY | GROUP_MGMT | USER_RIGHTS | REGKEYS | FILESTORE | SERVICES] [/log <log file name>] [/quiet]
In your case:
secedit /configure /db $secedt /quiet
Or forcefully, you can make PS to do that using Out-Null or redirect it to $Null
secedit /configure /db $secedt | Out-Null
secedit /configure /db $secedt > $null
All should work.
Hope it helps.
Upvotes: 1
Related Questions
- Suppress console output in PowerShell
- Suppress cmdlet output in Powershell
- How to have powershell command output not suppressed from console when the output is piped?
- Suppressing output from Powershell command
- Hide powershell output
- Suppress output from non-PowerShell commands?
- PowerShell Suppress Output
- Powershell: Supress the output to console if it is pipelined
- Silence all Powershell output
- Hide output of cmd command inside powershell