怎么使用PowerShell安全连接Office 365 Online
本篇内容主要讲解"怎么使用PowerShell安全连接Office 365 Online",感兴趣的朋友不妨来看看。本文介绍的方法操作简单快捷,实用性强。下面就让小编来带大家学习"怎么使用PowerShell安全连接Office 365 Online"吧!
在PowerShell界面,通过加密用户名和密码的方式连接Office 365 Online。那我们使用PowerShell对Office 365 Online进行远程管理,有如下优点:
Office 365 拥有仅可使用 Office 365 PowerShell 配置的功能
Office 365 PowerShell 善于执行批量操作
Office 365 PowerShell 善于筛选数据
Office 365 PowerShell 方便打印或保存数据
Office 365 PowerShell 支持跨服务器产品管理
Office 365 PowerShell 会显示无法通过 Microsoft 365 管理中心看到的其他信息
在连接过程中,如果用户名和密码以明文形式输入,就会带来安全风险。如果采用以下PowerShell脚本就可以避免这个缺点:预先定义两个函数,分别用于加密和解密字符串;然后检查本地是否存在已经加密的用户名和密码文件,如果没有,提示用户输入用户名和密码,并将其以密文形式存到本地;最后,读取本地加密的用户名和密码,并将其解密,用于远程连接Office 365 Online。
脚本代码分为以下三个部分介绍给大家。
第一部分,定义加密和解密的函数。
# This function is to encrypt a string. function Encrypt-String($String, $Passphrase, $salt="SaltCrypto", $init="IV_Password", [switch]$arrayOutput) { $r = new-Object System.Security.Cryptography.RijndaelManaged $pass = [Text.Encoding]::UTF8.GetBytes($Passphrase) $salt = [Text.Encoding]::UTF8.GetBytes($salt) $r.Key = (new-Object ` Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32) $r.IV = (new-Object ` Security.Cryptography.SHA1Managed).ComputeHash ` [Text.Encoding]::UTF8.GetBytes($init) )[0..15] $c = $r.CreateEncryptor() $ms = new-Object IO.MemoryStream $cs = new-Object Security.Cryptography.CryptoStream $ms,$c,"Write" $sw = new-Object IO.StreamWriter $cs $sw.Write($String) $sw.Close() $cs.Close() $ms.Close() $r.Clear() [byte[]]$result = $ms.ToArray() return [Convert]::ToBase64String($result) } # This function is to de-encrypt a string. function Decrypt-String($Encrypted, $Passphrase, $salt="SaltCrypto", $init="IV_Password") { if($Encrypted -is [string]){ $Encrypted = [Convert]::FromBase64String($Encrypted) } $r = new-Object System.Security.Cryptography.RijndaelManaged $pass = [Text.Encoding]::UTF8.GetBytes($Passphrase) $salt = [Text.Encoding]::UTF8.GetBytes($salt) $r.Key = (new-Object Security.Cryptography.PasswordDeriveBytes ` $pass, $salt, "SHA1", 5).GetBytes(32) $r.IV = (new-Object ` Security.Cryptography.SHA1Managed).ComputeHash ` ( [Text.Encoding]::UTF8.GetBytes($init) )[0..15] $d = $r.CreateDecryptor() $ms = new-Object IO.MemoryStream @(,$Encrypted) $cs = new-Object Security.Cryptography.CryptoStream $ms,$d,"Read" $sr = new-Object IO.StreamReader $cs Write-Output $sr.ReadToEnd() $sr.Close() $cs.Close() $ms.Close() $r.Clear() } Clear-Host
第二部分,从本地的文本文件中读取加密的Office 365用户名和密码。只第一次需要手工输入用户名和密码,然后将加密的用户名和密码以密文形式存储到本地磁盘。此后无需输入。
#Try to read the encrypted user name and password from the specific path, if there are, read and de-encrypt them. If there are not, prompt for input and encrypt them. $uencrypted = Get-Content -ErrorAction SilentlyContinue -Path 'C:\$Home\Desktop\Username.txt' $pencrypted = Get-Content -ErrorAction SilentlyContinue -Path 'C:\$Home\Desktop\password.txt' If ($null -ne $uencrypted -and $null -ne $pencrypted) { $udecrypted = Decrypt-String $uencrypted "U_MyStrongPassword" $pdecrypted = Decrypt-String $pencrypted "P_MyStrongPassword" $pdecrypted = ConvertTo-SecureString $pdecrypted -AsPlainText -Force } Else { $ustring = read-host "Please Enter Office 365 User name" $pstring = read-host "Please Enter Office 365 User Password" $uencrypted = Encrypt-String $ustring "U_MyStrongPassword" $uencrypted | Out-File "$HOME\Desktop\Username.txt" write-host "Store the encrypted Username successfully!" $pencrypted = Encrypt-String $pstring "P_MyStrongPassword" $pencrypted | Out-File "$HOME\Desktop\password.txt" write-host "Store the encrypted password successfully!" $udecrypted = Decrypt-String $uencrypted "U_MyStrongPassword" $pdecrypted = Decrypt-String $pencrypted "P_MyStrongPassword" $pdecrypted = ConvertTo-SecureString $pdecrypted -AsPlainText -Force }
第三部分,连接Office 365 Online。 执行以下命令后,就可以在PowerShell下,远程管理Office 365 Exchange Online了。
#Connect to Office 365 online or Azure $LiveCred = New-Object System.Management.Automation.PSCredential $udecrypted, $pdecrypted $Session = New-PSSession -ConfigurationName Microsoft.Exchange ` -ConnectionUri https://partner.outlook.cn/powershell -Credential $LiveCred ` -Authentication Basic –AllowRedirection -ErrorAction Stop ` -Name "$($Credential.UserName)" Import-PSSession $Session Connect-MsolService –Credential $LiveCred -AzureEnvironment AzureChinaCloud
注意:执行最后一个命令,需要预先安装Microsoft Online Services Sign-In Assistant。
到此,相信大家对"怎么使用PowerShell安全连接Office 365 Online"有了更深的了解,不妨来实际操作一番吧!这里是网站,更多相关内容可以进入相关频道进行查询,关注我们,继续学习!