Access to remote machines via Terminal. Power Shell - powershell

I have some machines with Windows and with installed VNC.
I can connect to them from my local computer via UltraVNC.
But now I need to connect to those machines via some terminal. Command line, or Windows Power Shell.
All I know are IPs and password to connect via UltrVNC.
Do you have aby idea if it is even possible and if yes, how to do that?
I have o lot of that machines and need to write some script to chec some files on them.

If you only have VNC access, then you may be able to use the vncdotool python module to basically emulate mouse+kb control over VNC.
Here are the other (built-in) console methods for windows remote access, using powershell for example:
WinRM: For opening a full remote session: Enter-PSSession -ComputerName myServer
WMI (DCOM/RPC): For querying any system information, and limited remote ability to run commands/start processes: Get-WmiObject -Class Win32_OperatingSystem -ComputerName myServer
RPC: More limited, lightweight way to remotely call specific functions/procedures: Get-Service spooler -ComputerName myServer | Restart-Service
Or other services that can be installed like SSH/SFTP/FTP.

Related

Programs running on Hyper-V with Invoke-Command hang

I'm trying to run my software on Hyper-V VM using powershell Invoke-Command, without success. Host OS -Windows 10. Guest OS - also Windows 10. VM Generation 1.
I did some simple experiments and found out this:
If I run
Invoke-Command -VMName MY_VM -Credential $Cred -ScriptBlock { calc }
then I can see launched calc.exe on the guest system right with UI.
But if I run mspaint or any non-Microsoft program, nothing happens. The program just hangs in the VM TaskManager without any effect.
I also tried to run several different programs using CLI calling Invoke-Command several ways, but got the same result.
What could be the problem?
The basic answer is that powershell remote connections (or any remote connection like rdp, ssh, etc) take place in a separate logon session, and can't really interact with each other.
There are two reasonable ways to do this:
Use PsExec - part of the microsoft sysinternals tools group.
# List sessions - note the session ID of the session you want the process to start in
quser /server:$computername
# Run a process remotely, specifying the logon ID
PsExec.exe -s -i $ID notepad.exe
Use a scheduled task that runs when you are logged in and is visible. You can do this with powershell's various New-ScheduledTask commands to create one, or follow this guide by Scripting Guy! using WMI Win32_ScheduledJob methods.
See use powershell to start a gui program on a remote machine for more details on both options, and a well-written description of why it's hard to do in windows.

Try to remotely kill a process using PowerShell

I have followed the advice here and here to write a PowerShell script that remotely kills a process:
Get-WmiObject Win32_Process -Filter "Name='myapp.exe'" -ComputerName remotecomputername | Invoke-WmiMethod -Name Terminate
The above works when I execute it on my machine, but when it's run remotely, targeting my machine by a user setup as per the instructions on the second link, the command fails silently. Any advice on what's wrong / how I can debug this?
As described here:
Generally speaking, any operation that WMI can perform on the local
computer can also be performed on a remote computer where you have
local administrator privileges
Once I setup a user with admin privileges to use WMI on my computer they can execute the script remotely without passing credentials.

PSexec vs Built-in Windows

So, I'm writing tools in PowerShell to execute files on remote computers. I was initially using PSexec but switched them to .net framework using win32_process. When I ran an install file on the remote machine using win32_process, it failed. And after trying gwmi win32_process on the remote machine, that failed. So accessing the wmi objects is probably the problem. Anyway! I ended up using PSexec and it succeeded, and i verified that it did. But, that got me thinking about how PSexec connects to the remote machine, and I was wondering if anyone on here knew either how I could look at PSexec source code or if someone flat out knew how it connects and executes.
I couldn't find anything on it online, just a bunch of articles about what it can do. Maybe I just suck at researching though.
I have done this using the Invoke-WmiMethod cmdlet against remote machines. You need to include any switches in your executable path but the below code sample should get you there assuming you have appropriate permissions on the local / remote hosts.
See https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/invoke-wmimethod?view=powershell-5.1 for more details on the cmdlet.
#local path on the remote machine that will be run including any switches needed
$exePath = "c:\mypath\myfile.exe -s -norestart"
# Use FQDN or IP if netbios name is not reachable
$server = "myserver"
try {
Invoke-WmiMethod -ComputerName $server -Class win32_process -Name create -ArgumentList $exePath -ErrorAction Stop | Out-Null
}
catch {
Write-Host "Failed to execute program on $server. Error Details: $_.Exception.Message" -ForegroundColor Red
}
I can't speak to how PSExec works for you to compare but this method has worked for me in the past executing applications on remote hosts using only native PowerShell.

Running a script off local machine to remote using Invoke-Command

Here is the command I am trying to run
Invoke-Command -ComputerName DOG-02 C:\Users\user\Documents\PowerShell\PowerShellmenuz.ps1
I want to be able to run the script PowerShellmenuz.ps1 on a remote machine. I am very close but am stuck at this point.
It is hard to tell where is the problem without error output, but probably you've missed first configuration step on remote machine. There things that should be done before executing scripts on remote machine.
Enabling PowerShell Remoting on the computer that you want access remotely. Open a PowerShell window as Administrator – right click the PowerShell shortcut and select "Run as Administrator". And execute the following command:
Enable-PSRemoting -Force - it will start service WinRM to allow incoming connections.

Reading event log remotely with Get-EventLog in Powershell

I've a powershell script which runs on server(test-server) and reads the log file of his client(DC1).
Both sides can ping to each other.
On both sides, firewalls are disabled.
Remote Desktop and Remote Assistance are enabled on DC1.
Get-EventLog System -ComputerName test-server -Source Microsoft-Windows-Winlogon # WORKS
Get-EventLog System -ComputerName DC1 -Source Microsoft-Windows-Winlogon # DOESN'T WORK
I run this script on test-server. As you see when I read the local log file on test-server it works fine but if I try to read the log file of DC1 remotely I get the error "Get-EventLog : The network path was not found.".
Screenshot of the error:
How can I avoid this error and read the log file of DC1 from test-server with using Get-EventLog?
#Lars Truijens's suggestion solved my issue. But other suggestions are also important to check.
So, here is the checklist if you get this kind of error when you try to get log files remotely:
Disable or set firewall settings on both sides.
Enable Remote Desktop and Remote Assistance on client machine.
Can you ping to the client machine?
Run dir \\dc1\c$ to see that you are allowed to reach to the
harddisk. (#Shay Levy's suggestion)
Run Get-Service -ComputerName YOURCOMPUTERNAME to see that you are
allowed to reach to the services. (#Shay Levy's suggestion)
Start the Remote Registry service. (#Lars Truijens's suggestion and
this made it work for me)
Here is the screenshot of this solution:
Starting the RemoteRegistry service did not help in my case.
Apparently, there is a difference between the remoting that is accessed via the ComputerName parameter in some cmdlets such as Get-Service and the newer form of remoting accessed with cmdlets such as Invoke-Command.
Since traditional remote access is implemented by individual cmdlets,
it is inconsistent (uses different techniques and demands different
requirements) and available only in selected cmdlets. The technology
used for remote access can vary from cmdlet to cmdlet and is not
readily known to you. Each cmdlet uses whatever remoting technology
its author chose. Most cmdlets use Remote Procedure Call (RPC), but
might also require additional services and settings on the target
system.
Beginning in Windows PowerShell 2.0, there is an alternate and more
universal way of accessing remote systems: Windows PowerShell
Remoting. With this type of remoting, Windows PowerShell handles
remote access for all commands. It transfers your commands to the
remote system using the relatively new and highly configurable WinRM
service, executes the code in a separate session that runs on the
remote system, and returns the results to the calling system.
http://powershell.com/cs/media/p/7257.aspx
When I swapped from this command
get-eventlog -LogName System -computername <ServerName>
to this
invoke-command {get-eventlog -LogName System} -ComputerName <ServerName>
I no longer got the following error
get-eventlog : The network path was not found.