I'm trying to run a basic powershell script over ssh, the script is this:
param($passedUrl)
Function Launch-Site($url) {
start chrome $url
}
Launch-Site $passedUrl
When I run this in powershell, in the correct directory, with the command
.\launchSite.ps1 google.co.uk
It runs as expected, it launches google chrome and goes to google.co.uk. However, when I use the same command from my ssh terminal (in the correct directory), it does nothing and gives me no errors as far as I can tell.
The default shell is set to powershell. I can run normal scripts that don't have any parameters passed to them, so I'm thinking this is just some security with windows that isn't letting me pass the parameter. Is there any way to get around/fix this?
For this you will need to use a PowerShell remote session. Something along the lines of:
New-PSSession -HostName HOSTNAME -UserName UserName
Hostname being an IP or FQDN. It will prompt you for a username for authentication. This can be stored also as a variable to pass into the module as well.
Related
So I have a script sitting on a server that I can remote into using Enter-PSSession and run the script from my local environment just fine. What I do is...
Enter-PSSession hostname
cd c:\temp\myscript.ps1
or
$s = New-PSSession -ComputerName hostname
Invoke-Command -Session $s -ScriptBlock {C:\temp\myscript.ps1}
these run the script just fine. The problem I am having is the data is supposed to get sent to a database. If I run the .ps1 on the hostname by RDPing directly into it, it works. If I RDP into the server and go back to my local environment where I Enter-PSSession using the code above, it submits to the database just fine. But when I close out of the RDP session and just try running the script again locally, it doesn't go to the database.
Maybe it is something stupid I am missing but any help would be greatly appreciated.
The important bits are in the myscripts.ps1, so it's impossible to say from what you have provided.
I suggest you check that script file for where the credentials are stored. When you run it locally, I assume you run it from that working directory.
Try using $psexecscript as the root of the config file's path. That's whatever path the script is in, assuming the credentials are in the same or sub- directory.
Is it possible that the user lacks permission to write in your DB or the credentials to write in that DB are not provided in the script?
If after verifying the credential issue, it still doesn't work, you might want to register your script as a task. You can set it as a manual task. Then, whenever you need it, you (remotely) run that task. In that way your credentials are stored as well and you can safely use the 'run as' feature.
I am trying to run a specific command line function in my PowerShell script. The catch is the command needs elevated permissions to be able to execute.
Here is a condensed example:
# PowerShell code...
query session /server:"SERVERNAME" #NEEDS ELEVATED PERMISSIONS
# More PowerShell code
The query command needs to be run under elevated permissions.
I have tried the following:
Invoke-Command -ScriptBlock {
query session /server:"SERVERNAME"
} -Credential get-credential
But this doesn't work because the -ComputerName parameter needs to be present when using a -Credential parameter. I want to be able to run this without using a remote server.
I know I can get around it by having the users start up PowerShell under their elevated account credentials, but I'd rather just prompt for credentials while the script runs and just run that single command under their administrator account credentials. Everything else the script does is fine under normal credentials.
There are some add-ins for PowerShell, but I actually found the simplest way was to:
Sysinternals in regular command line
With the PSexec process, you can pass IP address, usermame, and password
Fiddle with it to a point you're happy
Create a batch file to then run from PowerShell if that is the desired deploy to environment
When creating the method, have it consume parameters if you want the call out to be dynamic and consume different usernames/passwords/IP addresses to log into
If the exec will always run on "computerA" using "loginA" and "pwA" then there is obviously no need to parameterize
*Sysinternals cannot be used to outright hack a terminal. The user of a remote exec must first have the same Sysinternals tools installed to the system that is to accept remote executables, that tool must be opened once and given GUI-based approval to allow run on said system must be physically addressed.
Note: Any remote PSexec's using credentials will execute with the same level of permissions that the provided username/password is granted on that system.
Here is the link: (PsExec v2.2). Although I recommend going a level or two up and downloading the entire toolbox.
I am trying to execute powershell script remotely using invoke-command. The script relies on a configuration file which is available over the local network. The script is called in a following way:
Invoke-Command -ComputerName 192.168.137.181 -FilePath c:\scripts\script.ps1 -ArgumentList \\192.168.137.1\share\config.xml
The configuration as you can see is an xml file and it's loaded using:
$xml = New-Object XML
$xml.Load(args[0])
When the script is called locally on the machine then it runs witout any problems and reads the configuration file. However when I run it from different machine using invoke command I get
"Access to the path '\\192.168.137.1\share\config.xml' is denied"
exception, which is thrown when executing Load method.
The file is accessible to everyone with read and write permissions.
Both, machine on which the scrip should be run (.181) and the machine on which it is run physically have the same credentials, thus I do not pass them in invoke-command cmdlet.
The share machine (.1) has different credential, but this was never an issue when calling the script locally from .181.
Can you please point me in the right direction? I stuck on this step and can't find solution by myself. I tried downloading the xml string using WebClient#DownloadString method and passing credentials for the share machine but it did not help.
Thanks in advance
It is probably a double hop issue. You have to use CredSSP to delegate your credentials to the remote computer.
Try the solution mentioned here: http://blogs.msdn.com/b/clustering/archive/2009/06/25/9803001.aspx
Just listened to Hansellminutes podcast. He had a talk with two Microsoft PS developers. They mentioned PS V2 remoting features.
I have some scripts based on PS v1. In terms of remoting commands or executions, I installed PS on local and a remote machines. Then I use PsExec.exe to push bat on remote to execute PS scripts. Now I am thinking to take advantage of PS V2.
To simple questions I have, to get a list of files on local, I can use the following codes:
$fs = Get-Item -Path $Path | Where { !$_.PSIsContainer ... } # more constrains in ...
if ( $fs -ne $null )
{
# continue to work on each file in the collection
...
}
What is the equivalent command to get a collection of files from a remote? I prefer to get a similar collection of file objects back so that I can access to their properties.
The second question is how to exec a command on remote with external application? I tried to use WIM Process before, but I could not get WMI class working on a case of Windows 2008 server. Then I used PsExec.exe to push a bat to a remote to execute PS script. It works in the cases. However, the problem I have to install PS on the remote as well. I am going to working another remote. I'll try to avoid to install PS on the remote. Can I take PS V2 advantage to execute a command on a remote Windows? What's the new commands?
By the way, normally, I have to pass user name and pwd to a remote. I guess in PS I have to pass user/pwd as well.
You can either put your code above in a script file and invoke it on a remote computer using V2 remoting like so:
PS> Invoke-Command remotePCName -file c:\myscript.ps1
You will need to be running with admin privs (elevated if UAC enabled) in order to use remoting. The command above will copy the script to the remote machine, execute it and return deserialized objects. These objects are essentially property bags. They are not "live" objects and setting properties on them like IsReadOnly will not affect the remote file. If you want to set properties then do it in your script that executes on the remote PC.
The option if you have a little bit of script is to use a scriptblock like so:
PS> Invoke-Command remotePCName { Get-Item C:\*.txt | Where {$_.IsReadOnly }
You can execute native commands (EXE) on the remote computer in either script or a scriptblock. You only need to make sure the EXE is available on the remote PC.
Regarding credentials, if you're on a domain and you have admin privs on the remote computer you won't need to pass credentials as your default credentials should work. If you need to run as a specific user then use the -Credential parameter on Invoke-Command like so:
PS> $cred = Get-Credential
PS> icm remotePCName { gci c:\windows\system32 -r *.sys } -credential $cred
Regarding your last comment, no PowerShell will use Windows integrated security so you should not have to pass any username or password unless you wanted to run it as a different user.
If you haven't yet enabled PS remoting, every time I've tried I've had to actually turn off UAC while I was enabling remoting (then I could re-enable UAC once remoting was enabled). Running Enable-PSRemoting from an elevated command prompt was not enough and the error message was not at all useful.
EDIT: I've just confirmed in a fresh Windows 7 VM that this is not an issue. It could have been a beta issue that I am no longer experiencing as I've been using beta/rc/ctp of PowerShell and Windows 7 for a long time.
I have the following line of code to create object to access to a remote server before I associate it with user name, password and process:
$process = [WMIClass]"\\remoteServer\ROOT\cimv2:Win32_Process"
I tried this on two PCs, one is OK without any errors, but another one I am going to run has an exception:
Cannot convert value "\\remoteServer\ROOT\cimv2:Win32_Process" to type "System.Manage
ment.ManagementClass". Error: "Access is denied. (Exception from HRESULT: 0x800
70005 (E_ACCESSDENIED))"
The remoteServer is the same one. Not sure what I have to set on local PC or remote PC to make this work? On both client PCs, the user names are all member of Administrators.
Have you considered looking into PowerShell remoting? If your running PowerShell 2.0 I'd recommend that you take a look at it. Once you have set up remoting you'll be able to execute commands on the remote server using the Invoke-Command:
Invoke-Command -ComputerName {serverName} –ScriptBlock { commands }
The ScriptBlock can contain any powershell commands so you will be able to start processes on the remote machine with this mechanism. To enable remoting you'll need to use the Enable-PSRemoting cmdlet and you can get details of this at http://blogs.msdn.com/powershell/archive/2009/04/30/enable-psremoting.aspx and http://technet.microsoft.com/en-us/library/dd819498.aspx
Is there some reason you don't want to use psexec?
http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
I know this is an old post, but what I think you need to do is run the following command on the remote machine:
"Get-ExecutionPolicy"
it sounds like its set to "Restricted" which means it will not run any "Invoke-Commands" commands, or remote scripts.
You can change it to 1 of 7 options:
Unrestricted____(least secure but if you need to troubleshoot set this option)
RemoteSigned__(will only all scripts with a signature, this a so so option)
AllSigned______(Best option if youu need to run remote scripts, but all will beed signed)
Restricted_____(I believe this option is set by default in windows 7 nad WS2k8)
Default
Bypass
Undefined