Powershell - capture output from Invoke-Command running exe on remote machine - powershell

I need to configure the auditing policy on a collection of remote servers. I'm trying to use the Invoke-Command commandlet to run auditpol.exe on each server. The issue is that I can't seem to capture any output from the auditpol command.
I tried the obvious (assigning the result of Invoke-Command to a string):
> $command = "Start-Process -FilePath `"auditpol.exe`" -ArgumentList `"/set`", `"/subcategory`", `"```"File System```"`", `"/success:enable`""
> $command
"auditpol.exe" -ArgumentList "/set", "/subcategory", "`"File System`"", "/success:enable"
> $out = Invoke-Command -ComputerName MyServer -ScriptBlock {$command}
> $out
>
But $out is empty.
I also tried the method detailed in this MSDN blog using Wait-Job and Receive-Job. The results are somewhat promising, but inconclusive:
> $command = "Start-Process -FilePath `"auditpol.exe`" -ArgumentList `"/set`", `"/subcategory`", `"```"File System```"`", `"/success:enable`""
> $command
"auditpol.exe" -ArgumentList "/set", "/subcategory", "`"File System`"", "/success:enable"
> $job = Invoke-Command -ComputerName MyServer -ScriptBlock {$command} -AsJob
> Wait-Job $job
Id Name State HasMoreData Location Command
-- ---- ----- ----------- -------- -------
3 Job3 Completed True MyServer $command
> $output = Receive-Job $job
> $output
>
I was hoping that I would be able to capture the actual output from auditpol.exe using Receive-Job, but as indicated above, that doesn't seem to be the case.
I do get some information from Wait-Job. According to the Microsoft documentation of Wait-Job State=Completed should indicate that the operation was successful, but I'm not entirely convinced that it really has visibility into whether or not the auditpol operation was successful or not. Any advice would be greatly appreciated!

To run a console program synchronously and with its stdout and stderr output available for capture invoke it directly - do not use Start-Process (whether you run that program locally or remotely, via Invoke-Command):
$out = Invoke-Command -ComputerName MyServer -ScriptBlock {
auditpol.exe /set /subcategory 'File System' /success:enable
}
If you also want to capture stderr output, append 2>&1 to the auditpol.exe call.
If your script block is stored in local variable $command (as a [scriptblock] instance, not as a string), simply pass it directly to -ScriptBlock:
# Create a script block (a piece of code that can be executed on demand later)
# and store it in a (local) variable.
# Note that if you were to use any variable references inside the block,
# they would refer to variables on the remote machine if the block were to be
# executed remotely.
$command = { auditpol.exe /set /subcategory 'File System' /success:enable }
# Pass the script block to Invoke-Command for remote execution.
$out = Invoke-Command -ComputerName MyServer -ScriptBlock $command
As for what you tried:
$out = Invoke-Command -ComputerName MyServer -ScriptBlock {$command}
You're passing a script-block literal ({ ... }) that, when it is executed on the target computer, references a variable named $command.
Generally, simply referencing a variable outputs its value - it doesn't execute anything.
More importantly, however, $command is a local variable, which the remotely executing script block cannot see, so referencing the there-uninitialized $command variable will effectively yield $null.
In short: your Invoke-Command call does nothing and returns $null.

Related

Start-Process inside Invoke-Command closes immediately unless -wait switch, but how can I continue script?

I'm trying to remotely run this Windows Update Assistance Installer .exe and I notice that the .exe closes immediately unless I use the -wait command. However, if I use the -wait command I can't continue my foreach loop for the other computers since it takes hours for an install to finish. If I take the -wait command out, I think it launches then closes immediately.
$computers | % {
{more code...}
Invoke-Command -Session $Session -ScriptBlock {
$msbuild = "C:\windows\temp\Windows10Upgrade9252(21H2).exe"
$Args = '/quietinstall /skipeula /auto upgrade /copylogs'
Start-Process -FilePath $msbuild -ArgumentList $args -Wait
}
}
Run in parallel (within -throttlelimit) with $computers or $sessions as the computername/sessionname. Can also use -asjob. $args might be reserved already. Start-process won't return text output or the exit code without further action, which I've added. You might use scheduled tasks instead.
$sessions = new-pssession $computers
Invoke-Command $sessions {
$msbuild = "C:\windows\temp\Windows10Upgrade9252(21H2).exe"
$myargs = '/quietinstall /skipeula /auto upgrade /copylogs'
$p = start-process -wait $msbuild $myargs -passthru
[pscustomobject]#{exitcode=$p.exitcode]
} # -asjob
exitcode PSComputerName RunspaceId
-------- -------------- ----------
0 localhost 197d26f5-754b-49d3-baf4-2ca8fccacd4c
Other ways to wait for a program to finish: How to tell PowerShell to wait for each command to end before starting the next?

Powershell Invoke Command is not working for Remote Machine and did not returning any error message

I am trying to install my MSI package on the remote machine. Below is the script I am using. In this script, The invoke command execution is not returning any error or success message.but the copy command is working fine. anyone help to find the issue.
param([String]$MSILocation,[String]$RemoteComputerName,[String]$UserName,[String]$Password,[String]$Port,[String]$AccessKey,[String]$Protocol)
$ServeAdminPassword= $Password | ConvertTo-SecureString -AsPlainText -Force
$cred=New-Object System.Management.Automation.PSCredential($UserName,$ServeAdminPassword)
$hostname = hostname
$session = New-PSSession -ComputerName $RemoteComputerName -Credential $cred
$cpy = Copy-Item $MSILocation -Destination "C:\Users\Administrator\Desktop\" -ToSession $session
try
{
$result = Invoke-Command -Session $session -ScriptBlock {
param($hostname,$Port,$Protocol)
$value = msiexec /i "C:\Users\Administrator\Desktop\software.msi" SERVERNAME=$hostname PORTNO=$Port PROTOCOL=$Protocol /qb /forcerestart
calc.exe
} -ArgumentList $hostname,$Port,$Protocol | Select-Object value
}
catch
{
$result = $error[0]
echo $result
}
msiexec is unusual in that it runs asynchronously by default, so you need to explicitly wait for its termination in order to learn its exit code.
The exit code is never returned via output (stdout); instead, depending on invocation technique, you must query a Process object's .ExitCode property (when you use Start-Process -Wait -PassThru) or use the automatic $LASTEXITCODE variable (when you use the technique shown below).
A simple way to force synchronous execution and have the exit code be reflected in $LASTEXITCODE is to call via cmd /c:
# Call msiexec and wait for its termination.
cmd /c "msiexec /i C:\Users\Administrator\Desktop\software.msi SERVERNAME=$hostname PORTNO=$Port PROTOCOL=$Protocol /qb /forcerestart"
$LASTEXITCODE # Output msiexec's exit code.
See this answer for details.

Trying to run commands remote with powershell but not luck

I'm looking for help to run commands on remote computers regarding a line with mcafee agent to get it command run remotely.
$Machines = Get-Content -Path "C:\server_list.txt"
foreach ($computer in $Machines){
Write-host "Executing Events on $computer" -b "yellow" -foregroundcolor "red"
$command = Start-Process -NoNewWindow -FilePath "C:\Program Files\McAfee\Agent\cmdagent.exe" -ArgumentList "/e /l C:\temp"
Invoke-Command -ComputerName $computer -ScriptBlock {$command}
}
When I executed this command run locally but not remotely.
I'm looking for help here I have not full experience but I'm started automating some task on my job.
Please suggest some tips
I really appreciate it
Thanks
$command = Start-Process -NoNewWindow -FilePath "C:\Program Files\McAfee\Agent\cmdagent.exe" -ArgumentList "/e /l C:\temp"
This doesn't define a command for later execution with Invoke-Command, it instantly executes the Start-Process command, which is not your intent, and it is the reason it runs locally.
To fix that, you'd have to define it as a script block ({ ... }):
$command = { Start-Proces ... }, and then pass it as-is to Invoke-Command's -ScriptBlock parameter (Invoke-Command -ComputerName $computer -ScriptBlock $command) (don't enclose it in { ... } again).
Additionally, I suggest taking advantage of Invoke-Command's ability to target multiple computers at once, in parallel, and to avoid using Start-Process for synchronous invocation of an external program in the same window.
To put it all together:
$machines = Get-Content -Path "C:\server_list.txt"
Write-host "Executing Events on the following computers: $machines" -b "yellow" -foregroundcolor "red"
# Define the command as a script block, which is a piece of PowerShell code
# you can execute on demand later.
# In it, execute cmdagent.exe *directly*, not via Start-Process.
$command = { & "C:\Program Files\McAfee\Agent\cmdagent.exe" /e /l C:\temp }
# Invoke the script block on *all* computers in parallel, with a single
# Invoke-Command call.
Invoke-Command -ComputerName $machines -ScriptBlock $command
Note the need to use &, the call operator, to invoke the cmdagent.exe executable, because its path is quoted (of necessity, due to containing spaces).
Alternatively, you can define the script block directly in the Invoke-Command call:
Invoke-Command -ComputerName $machines -ScriptBlock {
& "C:\Program Files\McAfee\Agent\cmdagent.exe" /e /l C:\temp
}
A notable pitfall when targeting remote computers is that you cannot directly reference local variables in the (remotely executing) script block, and must instead explicitly refer to them via the $using: scope; e.g., $using:someLocalVar instead of $someLocalVar - see this answer for more information.
The problem is that $command is only valid for your local session - if you try to use it in a remote session, $command is $null and does nothing. Additionally, you are actually assigning $command whatever Start-Process returns, not what you want the command to be.
Just put the command in the script block (and while you're at it you can run this on every machine with a single command without having to loop over each one synchronously):
Invoke-Command -ComputerName $Machines -ScriptBlock { Start-Process -NoNewWindow -FilePath "C:\Program Files\McAfee\Agent\cmdagent.exe" -ArgumentList "/e /l C:\temp" }

How do I display the output of a remote exe locally when using Invoke-Command in Powershell?

I have the following script block:
$scriptBlock = {Start-Process ping.exe -ArgumentList localhost -Wait -NoNewWindow -PassThru}
Note: I am using a process as I want to be able to set the working directory the exe is executed in.
If I invoke it locally like this:
Invoke-Command -ScriptBlock $scriptBlock
I get the full ping output displayed. But when I invoke it remotely like this:
Invoke-Command -ComputerName RemoteComputerName -ScriptBlock $scriptBlock
I don't see any of the ping output. How can I get the remote output to display locally?
Drop the Start-Process and invoke the command directly:
$scriptBlock = {ping.exe localhost}
or via the call operator:
$scriptBlock = {& ping.exe localhost}
If you need to run the command from a particular directory, simply change to that directory before running the command:
$scriptBlock = {
Set-Location 'C:\some\folder'
& ping.exe localhost
}

Returning exit code from a batch file in a PowerShell script block

I am trying to call a batch file remotely in a one liner PowerShell command as such:
PowerShell -ExecutionPolicy UnRestricted invoke-command -ComputerName Server1 -ScriptBlock {cmd.exe /c "\\server1\d$\testPath\test.bat"}
What I want to do is return any exit codes from the test.bat file back to my command. Can anyone give me an idea on how to do this?
(PS, for multiple reasons, I am not able to use PSExec).
Cheers
You should be able to get the exit code from cmd.exe with the automatic variable $LASTEXITCODE.
If you're interested in only that, and not any output from the batch file, you could change the scriptblock to:
{cmd.exe /c "\\server1\d$\testPath\test.bat" *> $null; return $LASTEXITCODE}
If you're already running powershell, there's no need to invoke powershell again, just establish a session on the remote computer and attach Invoke-Command to it:
$session = New-PSSession remoteComputer.domain.tld
$ExitCode = Invoke-Command -Session $session -ScriptBlock { cmd /c "\\server1\d$\testPath\test.bat" *> $null; return $LASTEXITCODE }
$ExitCode # this variable now holds the exit code from test.bat