Update AdHoc-Backup.ps1
This commit is contained in:
parent
8865f4387c
commit
500aa81ce2
@ -1,5 +1,5 @@
|
||||
<#
|
||||
Backup_AdHoc.ps1
|
||||
Backup_AdHoc_rclone_mail_fixed_v3_fix28_grantANY.ps1
|
||||
Fix:
|
||||
- PowerShell è case-insensitive: le variabili locali "$files" sovrascrivevano "$Files" (hashtable globale).
|
||||
Rinominati i locali in "$outFiles" e, in Write-Log, uso esplicito di $script:Files.Log per evitare collisioni.
|
||||
@ -450,47 +450,7 @@ function Get-OnlineUserDatabases {
|
||||
Log-SqlcmdArgsSafe -Args $sqlArgs
|
||||
$res = @(& $SqlcmdExe @sqlArgs 2>$null)
|
||||
if ($LASTEXITCODE -ne 0) { throw "sqlcmd fallito nell'enumerazione DB." }
|
||||
|
||||
|
||||
function Ensure-BackupGrants-ForSystem {
|
||||
param([string]$SqlcmdExe, [string[]]$DbList)
|
||||
|
||||
# Concede BACKUP DATABASE / BACKUP LOG a 'NT AUTHORITY\SYSTEM' su TUTTI i DB utente.
|
||||
# Nota: è idempotente e viene eseguito prima del backup.
|
||||
try {
|
||||
if (-not $SqlcmdExe) { $SqlcmdExe = Resolve-Sqlcmd }
|
||||
if (-not $DbList -or @($DbList).Count -eq 0) { return }
|
||||
|
||||
foreach ($db in @($DbList)) {
|
||||
$sql = @"
|
||||
USE [$db];
|
||||
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = N'NT AUTHORITY\SYSTEM')
|
||||
CREATE USER [NT AUTHORITY\SYSTEM] FOR LOGIN [NT AUTHORITY\SYSTEM];
|
||||
GRANT BACKUP DATABASE TO [NT AUTHORITY\SYSTEM];
|
||||
GRANT BACKUP LOG TO [NT AUTHORITY\SYSTEM];
|
||||
"@
|
||||
|
||||
$tmpSql = Join-Path $Paths.SqlStage ("grant_system_{0}.sql" -f $db)
|
||||
$sql | Out-File -LiteralPath $tmpSql -Encoding ASCII -Force
|
||||
|
||||
$sqlArgs = Build-SqlcmdArgs -WindowsAuth:$SqlUseWindowsAuth -User $SqlUser -Password $SqlPassword -Instance $SqlInstance -InputFile $tmpSql
|
||||
Log-SqlcmdArgsSafe -Args $sqlArgs
|
||||
& $SqlcmdExe @sqlArgs
|
||||
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
Write-Log WARN "Grant BACKUP fallito su DB [$db] (sqlcmd ExitCode=$LASTEXITCODE)."
|
||||
} else {
|
||||
Write-Log INFO "Concessi BACKUP DATABASE/LOG a NT AUTHORITY\\SYSTEM su [$db]."
|
||||
}
|
||||
|
||||
Remove-Item -LiteralPath $tmpSql -Force -ErrorAction SilentlyContinue
|
||||
}
|
||||
} catch {
|
||||
Write-Log WARN "Errore durante concessione GRANT BACKUP a NT AUTHORITY\\SYSTEM: $_"
|
||||
}
|
||||
}
|
||||
|
||||
$names = @()
|
||||
$names = @()
|
||||
foreach ($line in @($res)) {
|
||||
$n = ($line | ForEach-Object { $_.Trim() })
|
||||
if ($n) { $names += $n }
|
||||
@ -509,7 +469,34 @@ function Backup-SqlDatabases {
|
||||
|
||||
$sqlcmd = Resolve-Sqlcmd
|
||||
if (-not $sqlcmd) { throw "sqlcmd.exe non trovato (PATH o Client Tools mancanti)." }
|
||||
Write-Log INFO "sqlcmd: $sqlcmd"
|
||||
Write-Log INFO "sqlcmd: $sqlcmd
|
||||
|
||||
# --- PRE-FLIGHT: Concedi a NT AUTHORITY\SYSTEM il permesso server-level 'BACKUP ANY DATABASE' ---
|
||||
try {
|
||||
$sqlGrant = @"
|
||||
USE master;
|
||||
IF NOT EXISTS (SELECT 1 FROM sys.server_principals WHERE name = N'NT AUTHORITY\SYSTEM')
|
||||
CREATE LOGIN [NT AUTHORITY\SYSTEM] FROM WINDOWS;
|
||||
GRANT BACKUP ANY DATABASE TO [NT AUTHORITY\SYSTEM];
|
||||
"@
|
||||
$tmpGrant = Join-Path $Paths.SqlStage "grant_SYSTEM_server.sql"
|
||||
$sqlGrant | Out-File -LiteralPath $tmpGrant -Encoding ASCII -Force
|
||||
|
||||
$grantArgs = Build-SqlcmdArgs -WindowsAuth:$SqlUseWindowsAuth -User $SqlUser -Password $SqlPassword -Instance $SqlInstance -InputFile $tmpGrant
|
||||
Log-SqlcmdArgsSafe -Args $grantArgs
|
||||
& $sqlcmd @grantArgs
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
Write-Log WARN "Grant server-level BACKUP ANY DATABASE a NT AUTHORITY\\SYSTEM fallito (ExitCode=$LASTEXITCODE)."
|
||||
} else {
|
||||
Write-Log INFO "Concesso BACKUP ANY DATABASE a NT AUTHORITY\\SYSTEM (server-level)."
|
||||
}
|
||||
Remove-Item -LiteralPath $tmpGrant -Force -ErrorAction SilentlyContinue
|
||||
} catch {
|
||||
Write-Log WARN "Errore durante il pre-flight GRANT BACKUP ANY DATABASE a SYSTEM: $_"
|
||||
}
|
||||
# --- FINE PRE-FLIGHT ---
|
||||
|
||||
"
|
||||
|
||||
$dbList = @()
|
||||
if (@($DbInclude).Count -gt 0) {
|
||||
@ -526,7 +513,6 @@ function Backup-SqlDatabases {
|
||||
return $null
|
||||
}
|
||||
Write-Log INFO ("DB trovati: " + (@($dbList) -join ', '))
|
||||
Ensure-BackupGrants-ForSystem -SqlcmdExe $sqlcmd -DbList $dbList
|
||||
|
||||
$bakPaths = @()
|
||||
foreach ($db in @($dbList)) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user