Running runas/psexec in powershell remote session is not working - powershell

I have a remote machine where PS-Remoting enabled and I am able to run commands and scripts from my client/workstation. I want to run certain tasks as different user, in other words not the same user as I connect the remote-session.
Why I am doing this ?
I am using puppet-bolt for remote execution, where I can re-use some already existing puppet modules. And this bolt tools uses WinRM.
Issue I am facing is, while executing the below command directly on the remote machine works fine. I am using jetbrains runas utility.
# Executing this command directly on the remote machine's powershell prompt works.
C:\agent\tools\custom_runas.exe '-u:ad_domain\username' '-p:password' C:\Windows\System32\HOSTNAME.EXE
If I execute the same command over PS-RemoteSession (or) Invoke-Command gives me same error again. User which I use to connect WinRM service is an administrator user.
PS C:\WINDOWS\system32> Invoke-Command -ComputerName $CName -Credential $Crdn -ScriptBlock { C:\agent\tools\custom_runas.exe '-u:ad_domain\username' '-p:password' C:\Windows\System32\HOSTNAME.EXE }
JetBrains RunAs x86 1.0.0.061
Copyright (C) 2017 JetBrains. All rights reserved.
Runs a process under the specified windows user account.
Argument(s): -u:ad_domain\username -p:***** C:\Windows\System32\HOSTNAME.EXE
Settings:
user_name: username
domain: ad_domain
working_directory: C:\Users\UserName\Documents
exit_code_base: -100000
integrity_level: auto
inheritance_mode: auto
show_mode: hide
self_testing: 0
executable: C:\Windows\System32\HOSTNAME.EXE
NotSpecified: (:String) [], RemoteException
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : remotemachine
NotSpecified: (:) [], RemoteException
Error: Access is denied.
CreateProcessWithLogonW returns the Win32 error 0x00000005.
command_line_args:
Some observations, running "runas" command on the PSRemoteSession session doesn't wait for entering password and I also tried using PsExec.exe apart of JetBrains runas which also has the same behavior.

Related

Remote session terminated when running Powershell script at 'Start-Process'

I'm attempting to run a Powershell script that calls the Start-Process function in order to begin installing some monitoring software. I'm attempting to run it via a remote shell session I entered using Enter-PSSession. I've verified that the argument list and file path are correct in the line below.
Start-Process -FilePath $Installer -ArgumentList $ArgList -Wait -PassThru
When the script reaches this line however, it closes my remote session with the server I'm in and throws one of the following errors:
Processing data for a remote command failed with the following error message: The WSMan provider host process did not return a proper response. A provider in the host
process may have behaved improperly. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : ResourceUnavailable: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException
or
Starting a command on the remote server failed with the following error message : An operation is being attempted on a session that is being closed.This can happen if the
session that is being used is also being closed by another thread. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : ResourceUnavailable: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException
I've tried doubling the max memory allocation per shell to 2Gb but that hasn't helped. Has anybody experienced an issue like this before?

error when trying to install chocolatey via powershell : cannot connect to remote server

I am trying to install chocolatey by following official documentation (https://chocolatey.org/install), this is what I am doing :
1-I am opening a cmd.exe running as administrator
2-I am running the following command : powershell and then switch into powershell mode
3-I am running the following command : $PSVersionTable.PSVersion and then get the following result : major:5 minor:1 build:16299 revision:785
4-I am running the following command : Get-ExecutionPolicy and then get the following result : RemoteSigned
5-I am running the following command : Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('http
s://chocolatey.org/install.ps1')) and get the following error :
Exception calling "DownloadString" with "1" argument(s): "Unable to connect to the remote server"
At line:1 char:51
+ ... ess -Force; iex ((New-Object System.Net.WebClient).DownloadString('ht ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
I am working in a company (our os is windows 10 enterprise), and when trying or any colleague machine it's working perfectly and there is no (from what we have seen) any configuration difference between them and me.
Thanks in advance
There is nothing wrong with the code you tried. Basically, it is telling you that you are unable to connect, which might be a restriction or policy. Try the following:
$req = [System.Net.HttpWebRequest]::Create("https://www.google.com")
$req.Proxy = [System.Net.WebRequest]::DefaultWebProxy
$req.Proxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials
Then run the comment again. It has something to do with the credentials used in windows 10 for the request.

Running cmd command to remote host on PowerShell

I need to run in PowerShell script cmd command, which command will be running on remote cmd line. So I put in my script
Invoke-Command -ComputerName $line -scriptblock {cmd.exe /c "whoami"} -credential $Cred
and it works, but only if on remote host was run Enable-PSRemoting -Force
Otherwise I get error:
[192.168.1.1] Connecting to remote server 192.168.1.1 failed with the following error message : Access denied. For more information, see the about_Remote_Trou
bleshooting Help topic.
+ CategoryInfo : OpenError: (192.168.1.1:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken
I need run that command to many (about 200) remote hosts, so the question is how can I do this without manually running on each remote host Enable-PSRemoting -Force? Server is in domain but romote hostd don't.
If your servers are on a domain, you could enable PS Remoting on them all via Group Policy: https://www.briantist.com/how-to/powershell-remoting-group-policy/

Invoke-Command error when I try to run a script on a remote computer

I am trying to run a script which is located on my local computer on a remote computer and I have to problems:
first: it is trying to run the script on my local computer and I don't want it to do that
second: the script doesn't run on the remote computer
This is the command I run and the error message in question:
PS C:\Users\administrator> Invoke-Command -ComputerName UKBTH05TSV08 -FilePath "C:\TaskSchedulerEventViewerSetup.ps1"
The "ICSweep Script" source is already registered on the "localhost" computer.
+ CategoryInfo : InvalidOperation: (:) [New-EventLog], InvalidOperationException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.NewEventLogCommand
ERROR: The system cannot find the file specified.
+ CategoryInfo : NotSpecified: (ERROR: The syst...file specified.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
And this is the content of the C:\TaskSchedulerEventViewerSetup.ps1 script:
New-EventLog –LogName Application –Source “ICSweep Script” schtasks
/Create /XML "ICSweepscripttaskscheduler.xml" /TN ICSweepscript /RU
SYSTEM
this file ICSweepscripttaskscheduler.xml should exist on the remote computer.
also Please specify a path such as :
c:\temp\xmlfile
so that schtasks dosent look in the windows folder for that file.
The evntlog source is probably also registered on the remote computer

PowerShell - Remote Start-Process - "This command cannot be run due to the error: This operation requires an interactive window station."

I am trying to start SmartBear's TestExecute program remotely through PowerShell and I'm getting an error when trying to call Start-Process.
This command cannot be run due to the error: The requested operation requires elevation.
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
+ PSComputerName : myClient.ourDomain.local
I can't figure out how to get around this. How do I make this work?
Here's my script:
# $TestExecuteLocalSource is the directory of TestExecute.exe on the remote machine
# $TestProjectSuite is the directory of project suite on the remote machine
# These paths are local (relative to the remote machine)
Function StartTestExecute
{
$rs = Get-PSSession
$script = {param($TestExecuteLocalSource, $TestProjectSuite);
cd $TestExecuteLocalSource
Start-Process .\TestExecute.exe -NoNewWindow -ArgumentList $TestProjectSuite, '/r', '/p:eSignRegression', '/e'
}
Invoke-Command -Session $rs -ScriptBlock $script -ArgumentList ($TestExecuteLocalSource, $TestProjectSuite)
When running tests, TestComplete/TestExecute must have access to the system GUI. When you are running test on a remote machine using this approach, GUI is not accessible and TestExecute cannot work. The best way to run a test remotely is using the Network Suite feature of TestComplete. It will automatically create a GUI session on a remote machine and run the test within it.