我有以下所需的状态配置 (DSC)
Configuration Cert
{
param (
[Parameter(Mandatory=$true)]
[ValidateNotNullorEmpty()]
[System.String] $machineName,
[Parameter(Mandatory = $true)]
[ValidateNotNullorEmpty()]
[PSCredential]
$certCredential
)
Import-DscResource -ModuleName xPSDesiredStateConfiguration, xCertificate
Node $machineName
{
xPfxImport cert
{
Ensure = 'Present'
Path = 'C:\certificate.pfx'
Thumbprint = 'abcdefg'
Location = 'LocalMachine'
Store = 'My'
Exportable = $true
Credential = $certCredential
}
}
}
$cd = @{
AllNodes = @(
@{
NodeName = 'localhost'
PSDscAllowPlainTextPassword = $true
}
)
}
$secpasswd = ConvertTo-SecureString 'password' -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ('x', $secpasswd)
Cert -machineName MyPC -certCredential $mycreds -ConfigurationData $cd
Start-DscConfiguration –Path .\Cert –Wait –Verbose -Force
当我尝试执行此操作时,出现以下错误:
ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Credential' OF TYPE 'xPfxImport': Converting and storing encrypted passwords as plain text is not recommended. For more information on securing credentials in MOF file, please refer to MSDN blog: http://go.microsoft.com/fwlink/?LinkId=393729 At C:\Users\x\Desktop\script.ps1:18 char:9 + xPfxImport At line:341 char:16 + $aliasId = ConvertTo-MOFInstance $keywordName $canonicalizedValue + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [Write-Error], InvalidOperationException + FullyQualifiedErrorId : FailToProcessProperty,ConvertTo-MOFInstance Compilation errors occurred while processing configuration 'Cert'. Please review the errors reported in error stream and modify your configuration code appropriately. At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:3917 char:5 + throw $ErrorRecord + ~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Cert:String) [], InvalidOperationException + FullyQualifiedErrorId : FailToProcessConfiguration
我意识到密码必须加密,并且不允许或至少不建议将其保存为普通密码。我已经尝试了互联网上提出的许多建议,但仍然无法使其正常工作。
我正在寻找一种方法来安装证书并在此之后授予某些设置的证书权限。
请您参考如下方法:
发现自己面临同样的问题,我只是想我会重申问题的实际原因(实际上隐藏在评论中):
The last comment led me to the real problem. I did not realize that the nodename is actually what causing the issue. Please change node localhost line (8) to Node $AllNodes.NodeName and NodeName="*" back to NodeName="localhost"
挑选里面的框架代码
PSDesiredStateConfiguration.psm1 ,
PSDscAllowPlainTextPassword除非
$machineName = localhost,否则不会看到标志(在我们的例子中,它实际上是完全限定与非完全限定机器名称的情况)。
我也偶然发现了一个未记录的解决方法(不是我一定推荐使用它) - 实际上可以使用以下注册表项关闭对纯文本凭据的检查:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\DSC]
"PSDscAllowPlainTextPassword"="True"
"PSDscAllowDomainUser"="True"
希望这可以让其他人免于头疼!
