Delete specific files on all remote computers joined to the domain - powershell

I need to add something to first run as admin and second to run on all computers on the domain.
forfiles -p "C:\ProgramData\ESET\ESET Endpoint Antivirus\Logs\eScan" -s -m *.dat /D -0 /C "cmd /c del #path"

Add it in a startup script or as a scheduled task by using Group Policy or use a system management solution like System Center Configuration Manager (SCCM) if you have it available.
Avoid script-solutions like PowerShell, VbScript, psexec etc. to run this on the computers because you would need to run them x times to reach every computer that might have been offline/unavailable the first time. The solutions above are far better at making sure every computer runs it as soon as possible.

Related

how do i make a service run a script outside of session 0

The UPS software I am using has functionality to run a script on the management PC (PC1) when it goes into battery mode. I have come up with a powershell script (ShutdownVM.ps1) that works fine on its own to Invoke-Commands on the VM server; shutting down VM's gracefully and turning off the host machine (SERVER). The first problem arose when the UPS software could not directly run a .ps1 file.
Simple enough, I thought I would make a simple .bat (shutdown.bat) file to run the .ps1 file on PC1 to shut everything off on SERVER. Running my .bat file from the desktop pc worked perfectly, but as the UPS software would run it as a service, my poor .bat file would run from Session 0.
Here is the code i used in Shutdown.bat:
#echo on
Powershell.exe -executionpolicy unrestricted -command C:\Windows\ShutdownVM.ps1
The interactive services manager would pop up and my computer would hang and finally the UPS software would turn it off and I'd be back to square one, with SERVER and its VM's still running. So I thought I would download and use PSExec to execute my shutdown.bat file.
I made another .bat file and called it PSExec.bat and below is the code in it:
#echo on
psexec.exe -accepteula \\PC1 -h -u user -p pass -i 2 C:\Windows\shutdown.bat
Finally! It tries to run! Upon checking the interactive services manager, it showed the PSExec was throwing the error "the system cannot find the file specified"
"The System Cannot Find The File Specified"
I have no idea what file it is even looking for, I have double, triple checked the path names in my scripts and still have no idea as to what it is doing. If anyone could shed any light (or let me know of an easier way to achieve what I am trying to do) that would be great. Thanks!
-F

Starting XAMPP with batch only if it isn't already running

I am writing a batch for a new deployment of my company's software.. Here is what I have so far...
wscript.exe "invisible.vbs" "apache_start.bat" /wait
wscript.exe "invisible.vbs" "mysql_start.bat" /wait
"C:\Program Files\Internet Explorer\iexplore.exe" http://localhost
So as you can see, this script should start apache, then start mysql and then open the default page with IE.
The problem is if the user runs this script twice, it runs apache and mysql twice and loads two seperate instances. The solution I need is a way to check to see if the processes are already running and, if not, run the two wscript commands. I am absolutely horrible with shell, so please try to give specific responses! I am a software engineer, not a sysadmin. Thanks for the help!
As a software engineer I think you have a leg up on scripting over some sysadmins...
Using PowerShell would make this easy. Use the following template to execute the services - you'll need to use it twice, and follow up with launching IE as above.
If ((Get-Process mysqlprocessname.exe)) {Write-Host Skipping MySQL}
Else { Start-Process ...}
This is going to take a few minutes for you to research the best way of starting a process with PowerShell. Also, you might want to pipe Start-Process to Out-Null so the script waits to start IE and Apache.
Others may want to chime in with a simpler way from a batch file.
For XAMPP, there is a pv.exe file in the apache/bin folder that XAMPP uses to see if a service is running. Look at WorldDrknss' answer in this thread for some great info: http://www.apachefriends.org/f/viewtopic.php?p=80047
The code to solve your problem is to modify your mysql_start.bat file to this:
#echo off
apache\bin\pv mysqld.exe %1 >nul
if ERRORLEVEL 1 goto Process_NotFound
echo MySQL is running
goto END
:Process_NotFound
echo Process %1 is not running
mysql\bin\mysqld.exe --defaults-file=mysql\bin\my.ini --standalone --console
goto finish
:finish
That will check if mysqld.exe is running. If it is, it just echos that out. If not, it starts the service.

How to invoke an opened Exceed window to run a Perl script using a Schedule Task

TASK TO BE ACCOMPLISHED:
To schedule a perl script which is executed on a specific time / day in a week
THINGS I HAVE DONE:
In a schedule Tasks, I have created a new Task by which the Task will call a batch file with below contents
cd "DRIVE\FOLDER\Hummingbird\Connectivity\14.00\Exceed\"
ABCD.xs
cd mDrive/bin
perl baseline.pl -publish -location XXX -email
THINGS NOT WORKING FOR ME / CAUSING THE ISSUE:
Wen I run the scheduler, the prompt opens up the ABCD.xs exceed file window seperately file but the below commands are executed in the command pronpt itself
EXPECTED OUTPUT:
I want the commands
cd mDrive/bin
perl baseline.pl -publish -location XXX -email
to be executed in the exceed window
Any kind of solution wud be great
Thanks in advance.
Haresh
Sounds like you need to start getting into either SendKey stuff (Win32 packages) or else look into writing Exceed/Hummingbird scripts and just executing those.
Some other things to look into... does the remote server have a telnet or ssh server running? Or are there other methods of executing code on the remote server?
For example, my work's mainframe is accessed via a Hummingbird terminal emulator, but I can also telnet to the mainframe and execute commands as well as FTP batch job directly into the JES spool. So when I execute things on the mainframe by way of my PC (Perl scripts, etc.), I don't even fool with Hummingbird.
Good luck...

Sleep command in batch file?

When I'm writing a batch file to run automatically, how do I write it so that when the batch file is run, it can pause for a couple seconds in between commands?
Context:
psexec \\server -u user -p pass cmd
[there needs to be a pause here for psexec to establish a connection]
dir /s >output.txt \\server\shared
*Note: the reason I run the dir command server-side using psexec and not locally is because it's much faster to run dir on a local machine than remotely, and time is of the essence.
When I'm doing this by hand it's obviously easy, I just wait. But running a batch file makes it run all commands at near instant speeds next to each other, regardless of the completion status of the last command. How do I put in a pause?
On Windows Vista / Windows 7 you can use the timeout command:
timeout /T [delay in seconds] /NOBREAK > NUL
On previous versions of Windows, you can use the ping command (the ping command has 1000 ms of delay between each iteration):
ping -n [delay in seconds + 1] 127.0.0.1 > NUL
Some versions of Windows (like Windows Server 2003) has the sleep.exe executable:
sleep [delay in seconds]
Note: Windows Resource kit for 2003 contains sleep.exe command.
If you don't know the Windows version, simply use the ping hack since it'll be available.
There is timeout command in more recent version of Windows:
timeout /T 10
Windows Resource kit for 2003 will install on Windows XP. It contains SLEEP.EXE which can be used from a command batch file.
download is here http://www.microsoft.com/download/en/details.aspx?id=17657
I think the information here: http://malektips.com/xp_dos_0002.html would explain it better than I.
There's still the case of error handling though (what if the remote machine isn't up?). cmd.exe is quite useless for doing any remote activities for the most part, using powershell would enable so much more.
EDIT::
In fact, you can execute a program stored locally with psexec (it gets copied across and executed locally server-side) - would using that be a more viable alternative?
Without knowing what commands you're intending to run it's hard to take it much further.
EDIT(2)::
If it's just the one command you're running, simply store it in a dedicated file, like 'remote_dir_listing.cmd', and then use psexec with:
psexec \\server -u <user> -p <pass> -c -f remote_dir_listing.cmd
This will force a copy of the local file to the remote side each time you execute it (in case you want to expand it). In this way, you bypass the need for a pause at all - only when psexec has got the pipes open will it run, and once it completes, it closes itself silently.

PSEXEC, access denied errors

While I'm using PSEXEC.exe getting 'Access denied' error for remote systems.
Any idea about how to solve this?
Hi i am placing here a summary from many sources online for various solutions to "access is denied" :
most information can be found here (including requirements needed) - sysinternal help
as someone mentioned add this reg key, and then restart the computer :
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system
/v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
Read this knowledge base article to learn what this does and why it is
needed
Disable firewall (note - this will leave you with out any firewall
protection)
netsh advfirewall set allprofiles state off
if target user has a blank PW and you dont want to add one, run on target:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LimitBlankPasswordUse"=dword:00000000
This didnt work for me, but i have read it did for others in a few places,
on target execute:
Start -> Run -> secpol.msc -> Local Policies -> Security Options -> Network Access: Sharing > and security model for local accounts > Classic – local users authenticate as themselves
if already in 'Classic':
move to "Guest only - .." run from elevated command prompt gpupdate \force
move back to 'Classic - .." again run from elevated command prompt gpupdate \force
This one solved my issue:
run on target from elevated command prompt "net use" look at ouput chart and for shares listed in remote column there (i only deleted the disconnected ones - you can try them all) run "net use [remote path from before list] /delete" then run 'net use \target\Admin$ /user:[user name]' enter prompt password request (if empty PW just press enter), viola should work.
I just solved an identical symptom, by creating the registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy and setting it to 1. More details are available here.
This helped in my case:
cmdkey.exe /add:<targetname> /user:<username> /pass:<password>
psexec.exe \\<targetname> <remote_command>
PsExec has whatever access rights its launcher has. It runs under regular Windows access control. This means whoever launched PsExec (be it either you, the scheduler, a service etc.) does not have sufficient rights on the target machine, or the target machine is not configured correctly. The first things to do are:
Make sure the launcher of PsExec is familiar to the target machine, either via the domain or by having the same user and password defined locally on both machines.
Use command line arguments to specify a user that is known to the target machine (-u user -p password)
If this did not solve your problem, make sure the target machine meets the minimum requirements, specified here.
You can try the command
net use \\computername\ipc$ /user:adminname password
to get admin permissions on remote PC before use psexec.
I had the same problem. And after a hard work, I found a easy and full solution:
I use runas to run the script in a admin account
I use the -s parameter in psExec to run in a system account
Inside the PsExec, I login again with a admin account
You can use & to run multiples commands
Remember to replace [USERNAME], [PASSWORD], [COMPUTERNAME], [COMMAND1] and [COMMAND2] with the real values
The code looks like this:
runas /user:[USERNAME] "psexec -e -h -s -u [USERNAME] -p [PASSWORD] \\[COMPUTERNAME] cmd /C [COMMAND1] & [COMMAND2]"
If you whant to debug your script in the another machine, run the following template:
runas /user:[USERNAME] "psexec -i -e -h -s -u [USERNAME] -p [PASSWORD] \\[COMPUTERNAME] cmd /C [COMMAND1] & [COMMAND2] & pause"
Try setting this key on the target (remote) machine, and restart the machine:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"LocalAccountTokenFilterPolicy"=dword:00000001
See: http://forum.sysinternals.com/topic10924.html and http://www.brandonmartinez.com/2013/04/24/resolve-access-is-denied-using-psexec-with-a-local-admin-account/
I just added "-с" parameter. It makes Psexec copy executable to remote machine. So it works without access errors.
I found Sophos kept placing psexec.exe into the Quarantine section. Once I authorized it, it ran fine.
I still use psexec, even on win 10. Replace the psexec.exe in the Windows 10's win32 folder with the older version to work -> I use version 2.11.0.0. The Windows 10 version I was using would only run .bat files as background/hidden process on the remote computer. Took a whole day to figure this out.
Adding the registry key from above to the remote computer helps as well:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
I found another reason PSEXEC (and other PS tools) fail - If something (...say, a virus or trojan) hides the Windows folder and/or its files, then PSEXEC will fail with an "Access is Denied" error, PSLIST will give the error "Processor performance object not found on " and you'll be left in the dark as to the reason.
You can RDP in; You can access the admin$ share; You can view the drive contents remotely, etc. etc., but there's no indication that file(s) or folder(s) being hidden is the reason.
I'll be posting this information on several pages that i was perusing yesterday while trying to determine the cause of this odd problem, so you might see this elsewhere verbatim - just thought I'd put the word out before anyone else pulled their hair out by the roots trying to understand why the performance counter has anything to do with PSEXEC running.
I had a case where AV was quarantining Psexec - had to disable On-access scanning
For anybody who may stumble upon this. There is a recent (Dec 2013) Security Update from Microsoft Windows on Windows 7 that is preventing remote execution.
See http://support.microsoft.com/kb/2893294/en-us
I uninstalled the Security Update by going to Control Panel\Programs\Programs and Features\Installed Updates
It worked right after that.
The following worked, but only after I upgraded PSEXEC to 2.1 from Microsoft.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"LocalAccountTokenFilterPolicy"=dword:00000001 See:
http://forum.sysinternals.com/topic10924.html
I had a slightly older version that didn't work. I used it to do some USMT work via Dell kace, worked a treat :)
On Windows Server 2012 R2 I had trouble to run from user account
psexec -u administrator -p password \\machinename -h -s -d -accepteula cmd.exe
But it works fine if you run without parameters -h -s. That's why I use this to solve my trouble:
psexec -accepteula -u administrator -p password \\machinename %PathToLocalUtils%\psexec.exe -h -s -d cmd.exe
I couldn't get access to remote machines unless I had UAC disabled.
That has to be done locally, either from control panel or running the following through cmd:
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
While UAC is enabled, make sure you run cmd as administrator.
For a different command I decided to change the network from public to work.
After trying to use the psexec command again it worked again.
So to get psexec to work try to change your network type from public to work or home.
I tried a lot of way but I could not use psexec. It gives "Access denied". After I change the target user account type from Standard to Admin, I connected the machine via psexec.
I researched the reason why admin type account is required then I found this answer.
You can change target machine user account this way: Control Panel -> User Accounts -> Change Account Type. You must enter an admin account and password to change that account if you logged in standard account.
After that I logged in with this command: psexec \\remotepcname -u remoteusername -p remotepassword cmd
Tried all suggestions above, but still was unable to resolve the error. Finally once I made the below change, I could successfully run the PSexec command.
Turns out that when you have UAC enabled psexec does not work as supposed. We need to set HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA to 0 then psexec starts working as expected.