Try to remotely kill a process using PowerShell - powershell

I have followed the advice here and here to write a PowerShell script that remotely kills a process:
Get-WmiObject Win32_Process -Filter "Name='myapp.exe'" -ComputerName remotecomputername | Invoke-WmiMethod -Name Terminate
The above works when I execute it on my machine, but when it's run remotely, targeting my machine by a user setup as per the instructions on the second link, the command fails silently. Any advice on what's wrong / how I can debug this?

As described here:
Generally speaking, any operation that WMI can perform on the local
computer can also be performed on a remote computer where you have
local administrator privileges
Once I setup a user with admin privileges to use WMI on my computer they can execute the script remotely without passing credentials.

Related

Access to remote machines via Terminal. Power Shell

I have some machines with Windows and with installed VNC.
I can connect to them from my local computer via UltraVNC.
But now I need to connect to those machines via some terminal. Command line, or Windows Power Shell.
All I know are IPs and password to connect via UltrVNC.
Do you have aby idea if it is even possible and if yes, how to do that?
I have o lot of that machines and need to write some script to chec some files on them.
If you only have VNC access, then you may be able to use the vncdotool python module to basically emulate mouse+kb control over VNC.
Here are the other (built-in) console methods for windows remote access, using powershell for example:
WinRM: For opening a full remote session: Enter-PSSession -ComputerName myServer
WMI (DCOM/RPC): For querying any system information, and limited remote ability to run commands/start processes: Get-WmiObject -Class Win32_OperatingSystem -ComputerName myServer
RPC: More limited, lightweight way to remotely call specific functions/procedures: Get-Service spooler -ComputerName myServer | Restart-Service
Or other services that can be installed like SSH/SFTP/FTP.

Run script from Host onto PsSession Computer

I am trying to run the following code to run a script from my host computer onto a Vm that I have PSRemoted into (I am successfully remoted into the PSSession). Where am I going wrong?
Invoke-Command -FilePath C:\Script.ps1 -ComputerName PSRemoteComputer
You do not need to use both a PSSession and the Invoke-Command -ComputerName command as you have above. At that point, you'd be invoking C:\Script.ps1 on your VM and from your VM (which I assume doesn't exist, since C:\Script.ps1 exists on your machine).
If you exit your PSSession and run the command as you have typed it above, it should run correctly assuming PSRemoting is correctly enabled, and permissions for the script to run are set.
Keep in mind, objects are handled differently through PSRemoting, so if you are expecting a certain output you may be getting the deserialized version.

PSexec vs Built-in Windows

So, I'm writing tools in PowerShell to execute files on remote computers. I was initially using PSexec but switched them to .net framework using win32_process. When I ran an install file on the remote machine using win32_process, it failed. And after trying gwmi win32_process on the remote machine, that failed. So accessing the wmi objects is probably the problem. Anyway! I ended up using PSexec and it succeeded, and i verified that it did. But, that got me thinking about how PSexec connects to the remote machine, and I was wondering if anyone on here knew either how I could look at PSexec source code or if someone flat out knew how it connects and executes.
I couldn't find anything on it online, just a bunch of articles about what it can do. Maybe I just suck at researching though.
I have done this using the Invoke-WmiMethod cmdlet against remote machines. You need to include any switches in your executable path but the below code sample should get you there assuming you have appropriate permissions on the local / remote hosts.
See https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/invoke-wmimethod?view=powershell-5.1 for more details on the cmdlet.
#local path on the remote machine that will be run including any switches needed
$exePath = "c:\mypath\myfile.exe -s -norestart"
# Use FQDN or IP if netbios name is not reachable
$server = "myserver"
try {
Invoke-WmiMethod -ComputerName $server -Class win32_process -Name create -ArgumentList $exePath -ErrorAction Stop | Out-Null
}
catch {
Write-Host "Failed to execute program on $server. Error Details: $_.Exception.Message" -ForegroundColor Red
}
I can't speak to how PSExec works for you to compare but this method has worked for me in the past executing applications on remote hosts using only native PowerShell.

Execute remote quiet MSI installs from Powershell

I am trying to use the Invoke-Command powershell cmdlet to install a MSI installer. From within powershell on the local machine and from the proper directory, the following works:
./setup /quiet
The following does not seem to work:
$script =
{
param($path)
cd "$path"
& ./setup /quiet
return pwd
}
return Invoke-Command -ComputerName $product.IPs -ScriptBlock $script -Args $sourcePath
For test purposes I am working on the local machine passing in "." for the -ComputerName argument. The paths have been verified correct before passing in to Invoke-Command, and errors generated on different versions of this code indicate the paths are correct. I have also tried with and without the "& " on the remote call to setup. Other Invoke-Command calls are working, so I doubt it is a permissions issue. I have verified that the return from the pwd call is the expected directory.
How do I get the install to work?
What error (if any) are you receiving? Unfortunately, you must run the shell as admin on your local machine to be able to connect to your local machine with invoke-command or any WINRM based command that requires administrative privilege (this is not a requirement when connecting remotely).
When connecting to loopback, I believe it is unable (for some security reason) to enumerate groups and determine if you are in an admin enabled AD or local group, which is how it auto elevates when invoking on a remote machine. The only solution may be to have a conditional which checks for localhost and if so, don't use the -ComputerName parameter.
This GitHub Issue covers it
You might try using Start-Process in your script block:
cd $path
start-process setup.exe -arg "/quiet"
Not sure if you will want or need to wait. Look at help for Start-Process.
I have had weird issues when trying to remotely execute a script on a local machine. In other words, remote powershell to the local machine. It comes back with an error that seems to say that PowerShell remoting is not enabled on the machine, but it was. I can run the script remotely from another machine to the target, but when using remoting to the same box, the issue crops up.
Verify that the WinRM service is running.
Verify powershell remoting has been enabled as in Enable-PSRemoting -force.
Verify your powershell execution policy is loose enough as in Set-ExecutionPolicy Unrestricted, for example. If the policy was set to RemoteSigned, this might be the problem.
You might also want to verify the user you are running the script as (locally, but using remoting) has privileges to "log on as a service" or as a batch job. Just guessing there, if the above list doesn't solve anything.

Access denied exception when trying to execute an exe on remote machine

I am trying to execute an exe on machine B from machine A. I have logged on to machine A as userx and trying to run the exe on machine B as usery.
usery is system admin on machine A as well as B.
i tried using PsExec to execute an exe as well as invoke-command to execute a script in both the case am getting access denied exception in spite on passing credential of usery in both case
invoke-command -computername "machineB" -scriptBlock { c:\psscript.ps1 } -credential $useryCred
psExec \\machineB c:\exec.exe -u usery -p ypass
what am i doing wrong ?
Update:
simple scripts gets executed with out any hassle but this script is trying to create a process on remote machine under the userY's credential !
is it something related to mapping of incoming request to different user say guest ?
regards,
jeez
are there 3 machine's involved? it sounds like you are remoting from A to B and the script on B is remoting to C - is that right?
How are you supplying the credentials (for userY)?
I wonder if it's double hop related... if it is and your on windows 2008 you can try using CredSSP.
Here's some links to help explain it better than I would:
http://www.ravichaganti.com/blog/?p=1230
http://blogs.msdn.com/b/powershell/archive/2008/06/05/credssp-for-second-hop-remoting-part-i-domain-account.aspx
http://blogs.msdn.com/b/clustering/archive/2009/06/25/9803001.aspx
and Get-Help credssp displays the commands that you'll need.
HTH,
Matt