We Keep Coding

How to Installing Sysmon with Config file on Remote Machine

Task I'm trying to accomplish
a program that copies Sysmon to remote machines and installs it with a given configuration file that catches all the events listed in the specifications.
I am able to copy all the files successfully. But when I try to run installer sysmon64.exe at a remote machine, it gives me an error.
PS C:\Users\Administrator> C:\Users\Administrator\Documents\Sysmon.ps1
Error:
System Monitor v12.0 - System activity monitor
Copyright (C) 2014-2020 Mark Russinovich and Thomas Garnier
Sysinternals - www.sysinternals.com
NotSpecified: (:String) [], RemoteException
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : 192.168.0.5
Usage:
Install: c:\windows\cpsysmon\Sysmon64.exe -i [<configfile>]
Update configuration: c:\windows\cpsysmon\Sysmon64.exe -c [<configfile>]
Install event manifest: c:\windows\cpsysmon\Sysmon64.exe -m
Print schema: c:\windows\cpsysmon\Sysmon64.exe -s
Uninstall: c:\windows\cpsysmon\Sysmon64.exe -u [force]
-c Update configuration of an installed Sysmon driver or dump the
current configuration if no other argument is provided. Optionally
take a configuration file.
-i Install service and driver. Optionally take a configuration file.
-m Install the event manifest (done on service install as well).
-s Print configuration schema definition of the specified version.
Specify 'all' to dump all schema versions (default is latest).
-u Uninstall service and driver. Adding force causes uninstall to proceed
even when some components are not installed.
The service logs events immediately and the driver installs as a boot-start driver to capture activity from early in the boot that the service will write to the event
log when it starts.
On Vista and higher, events are stored in "Applications and Services Logs/Microsoft/Windows/Sysmon/Operational". On older systems, events are written to the System
event log.
Use the '-? config' command for configuration file documentation.More examples are available on the Sysinternals website.
Specify -accepteula to automatically accept the EULA on installation, otherwise you will be interactively prompted to accept it.
Neither install nor uninstall requires a reboot.
Script
$Session = New-PSSession -ComputerName 192.168.0.5 -Credential "Study\Administrator"
Copy-Item "C:\Users\Administrator\Desktop\Sysmon\*.*" -ToSession $Session -Destination C:\Windows\cpsysmon\ -Recurse
Invoke-Command -Session $session -ScriptBlock {cmd.exe /C "c:\windows\cpsysmon\Sysmon64.exe" /silent -Wait}

I think you just need replace
cmd.exe /C "c:\windows\cpsysmon\Sysmon64.exe" /silent -Wait
by
cmd.exe /C "c:\windows\cpsysmon\Sysmon64.exe" -i -n -accepteula

How do I remote into a Centos box with Powershell running a sudo command?

I am trying to connect to a remote Linux VM (CentOS) using PowerShell 5.x. My code works fine for commands NOT requiring sudo (root) privileges. For sudo privileged commands (i.e. ls -la /root) the script requests me to provide a password interactively via the keyboard - not what I need.
On my CentOS box I enabled my user to run sudo commands without providing a password - this works fine in the VM (I can do a ls -la /root without providing sudo password), but not when remoting in using PuTTY or Powershell.
This is my PowerShell code (I tried with/without -pw parameter):
&($plinkpath + "plink.exe") $username#$servername $command
&($plinkpath + "plink.exe") -pw $password $username#$servername $command
I expect PuTTY and PowerShell to allow me to login without providing a password. This is the error I get:
plink.exe : -- Keyboard-interactive authentication prompts from server: ------------------
At D:\\SSHToRemoteLinux.ps1:9 char:1
+ &($plinkpath + "plink.exe") -pw $password $username#$servername $comm ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (-- Keyboard-int...---------------:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
-- End of keyboard-interactive prompts from server ---------------------------

Error received using PSExec

I am trying to use PSExec:
.\PsExec.exe \\servername -u $user -p $password /accepteula cmd.exe /c "C:\Program Files\VMware\vCenter Server\bin\service-control.bat --stop --all"
But I receive the following error:
.\PsExec.exe : 'C:\Program' is not recognized as an internal or external command,
At line:1 char:1
+ .\PsExec.exe \\$vCenter -u $user -p $password /accepteula cmd.exe /c ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: ('C:\Program' is...ternal command,:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
operable program or batch file.
cmd.exe exited on <Server FQDN> with error code 1.

Issue is with the String formation. You need to wrap that in the single quotes to take the effect , like:
.\PsExec.exe \\servername -u $user -p $password /accepteula cmd.exe /c '"C:\Program Files\VMware\vCenter Server\bin\service-control.bat --stop --all"'

try with
.\PsExec.exe \\servername -u $user -p $password /accepteula cmd.exe /c '"C:\Program Files\VMware\vCenter Server\bin\service-control.bat --stop --all"'
the single quotes around the cmd command should tell the powershell to take the command as a string.

Powershell & external .exe (PsLogList) ERROR

I try to use PsLogList to import some eventlogs.
What is strage is that ever second time I run it, there is no error-message...
Here is the part where I have problems with:
$psloglist = "C:\Users\e-cedric.esch\Downloads\PSTools\PsLogList.exe"
$log = &$psloglist $($serverr) -u $($this.elogusr) -p $($this.elogpwd) -s -x -t \t $($logname)
Error-Message I get:
At C:\Users\systemCESCH\Desktop\test1.ps1:line:38 char:10
+ $log = &$ <<<< psloglist $($serverr) -u $($this.elogusr) -p $($this.elogpwd) -s -x -t \t $($logname)
PsLoglist v2.71 - local and remote event log viewer
Copyright (C) 2000-2009 Mark Russinovich
Sysinternals - www.sysinternals.com
At C:\Users\systemCESCH\Desktop\test1.ps1:line:38 char:10
+ $log = &$ <<<< psloglist $($serverr) -u $($this.elogusr) -p $($this.elogpwd) -s -x -t \t $($logname)
Error-Message I get when I debug:
Exception calling "getELog" with "2" argument(s): "Program 'PsLogList.exe' failed to execute: The WriteObject and WriteError methods cannot be called after the pipeline has been closed. Please cont
act Microsoft Support Services.
At C:\Users\systemCESCH\Desktop\test1.ps1:38 char:10
+ $log = & <<<< $psloglist $($serverr) -u $($this.elogusr) -p $($this.elogpwd) -s -x -t \t $($logname)."
At C:\Users\systemCESCH\Desktop\test1.ps1:78 char:34
+ write-output $ELogHandler.getELog <<<< ("PWLU0W987","Application")
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ScriptMethodRuntimeException
Btw., I'm using PowerGUI Script Editor v. 3.8.0.129

Are you running your command in the ISE? Have you tested it in a console? I've run into issues with the PsTools before when using the ISE and have gotten them to work properly from the powershell console directly.
I just tested this simplified version:
&"C:\Temp\PSTools\PsLogList.exe" -accepteula \\somecomputer -u domain\myusername -p mypassword
It didn't work in the ISE but it worked in the console.
I would suggest trying to simplify your command and test it in the console as well (if you're using the ISE).

try this :
$prog="psloglist"
$a="\\$serverr -u $user -p $password -s -x"
Start-Process $prog $a -noNewWindow
it's worth reading that post How to run an EXE file in PowerShell with parameters with spaces and quotes

Powershell execute commandline locally

Powershell script executes commandline on local machine
$j = "remote_machine"
$comp = "\\"+$j
$command = 'D:\PSTools\PsExec.exe $comp -u Administrator -p plaintextpassword -accepteula powershell.exe c:\share\script.ps1'
Invoke-Expression "& $command"
This works, but it outputs following
PsExec.exe : At line:1 char:1
+ & D:\PSTools\PsExec.exe $comp -u Administrator -p plaintextpassword -accepteula powersh ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError PsExec v2.0 - Execute processes remotely Copyright (C) 2001-2013 Mark Russinovich
Sysinternals - www.sysinternals.com Connecting to
remote_machine...Starting PSEXESVC service on
remote_machine...Connecting with PsExec service on
remote_machine...Starting powershell.exe on remote_machine...
powershell.exe exited on remote_machine with error code 0.
How to fix?

After re-reading your question I see that this is the standard PSExec vs PowerShell issue that has been seen and discussed before. This is due to the fact that PSExec outputs its header lines to the stderr (Standard Error) stream for some of its text. The execution works fine, and it does show an exit code of 0 indicating that there is not actually an error.
This issue is only evident in PowerShell ISE, not the standard PowerShell console (unless you redirect StdErr to StdOut with PSExec <command & args> 2>&1 or something similar). To work around this, if you are going to run the script in the ISE, you can use Start-Process's -RedirectStandardError argument, or redirect StdErr through other means.