Is it possible to remotely install a Windows system serive using PsExec? The files are already on the remote system; I am trying to use
psexec \\remote-host-name -u myusername -p mypassword PathToExecutable
where PathToExecutable is the path to some executable which is intended to install the service; somehow the service is not installed due to unclear reasons. Is remote installation via PsExec possible at all?
In my case, the issue was fixed by using the command line parameter:
-h If the target system is Vista or higher, has the process
run with the account's elevated token, if available.
to run the command with administrator permissions.
Related
Is it possible in VSCode to edit files within WSL2 of a remote PC. (This is like a combination of Remote-WSL and Remote-SSH.) I can connect to that remote PC via ssh and RDP.
The path \\wsl$\ does not seem to be available in my remote-ssh connection.
PCA - me, local, VSCode
^
|
ssh and/or RDP
|
V
PCB - remote, WSL2
(I currently have Windows OpenSSH set up on the remote PC, with the default CMD shell. I tried setting the shell to Bash but then the remote extension wouldn't install.)
Update Setting PC-B's ssh server shell to bash.exe does solve all my problems. I'm not sure why it didn't work before. See my answer below for more details.
Answering my own question I was certain I'd tried this before and it had not worked, but now that I try it again it works. Perhaps I just needed a reboot of Windows and WSL2.
Enable Windows SSH server on PC-B and set the shell to be bash.exe
# Powershell as Administrator
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Set-Service -Name sshd -StartupType 'Automatic'
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\WINDOWS\System32\bash.exe" -PropertyType String -Force
If you want authorized_keys-based login to this PC and your account is an Administrator account, you will need to follow the special instructions here: https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement (I have heard of having to manually fix the administrator_authorized_keys file permission at some point too. https://stackoverflow.com/a/64868357/600360 )
Using Remote-SSH connect VSCode from PC-A to PC-B (using Windows credentials) and tell VSCode that it is a linux server (because you're connecting to bash.exe within WSL2).
If you're behind a proxy server, add the proxy to your ~/.wgetrc.
Voila.
These steps taken from THE EASY WAY how to SSH into Bash and WSL2 on Windows 10 from an external machine where you can find more details.
If you want to connect to remote WSL, you probably should set it up to run own sshd instead of relying on hosting Windows to do the tunneling.
If I have got your problem statement right, the flow seems to be outlined in one of VS Code blog posts. Here I'll mention steps I think you will need to get to your target state.
Firstly, disable sshd on remote Windows so it does not occupy port 22. then, install and start sshd inside PCB:
# from PCB command prompt
# something like that, depending on your choice of distro
sudo apt remove openssh-server && sudo apt install openssh-server
# this would again depend on your chosen distro
sudo /etc/init.d/ssh start # after i do this - windows pops up a firewall prompt to allow me create a rule. you might need to add it manually
then you'd need to either enable password logins via ssh or (preferably) generate a key pair and put your public key into /home/your_name/.ssh/authorized_keys on PCB.
Assuming you have OpenSSH for Windows installed (this seems to be the client Remote SSH relies on), on your PCA follow something like so:
# something along these lines on your PCA
PS C:\WINDOWS\system32>ssh-keygen
# note location of .pub file and copy its contents into remote ./ssh/authorized_keys
# add generated private key to ssh-agent service
PS C:\WINDOWS\system32> Start-Service ssh-agent # if this fails - ensure service is installed and enabled
PS C:\WINDOWS\system32> ssh-add path\to\your\private_key # ensure you have dropped all permission except your own user
Watch out for permissions:
ssh keys are considered secret, so neither client nor server would start unless you drop all permissions from your key material. On linux do chmod 600 .ssh/authorized_keys, and for windows ssh-agent follow instructions from this SE answer.
The above may seem a bit daunting but is in fact very standard SSH setup procedure
easy steps
just update your vscode to the latest version
install Remote Development extension pack
allow WSL2 connection in the settings
if my answer helped you upvoted :D
I know it's been a while since the post, but here is a useful answer that uses Remote -- Tunnels extension.
https://stackoverflow.com/a/75389647
It appears that, for now, you need to manually install the CLI in WSL in order for it to work. The downloads can be found here. Since you are on Windows, I would recommend the x64 CLI download. When you extract the tar.gz file, you will get a file named code. I would recommend moving it to your home directory for ease. To open the tunnel, run ./code tunnel (from wherever you put the code file) to force the new CLI. If you use code tunnel it will still use the Windows version.
Source: https://github.com/microsoft/vscode/issues/171196
Is it possible to run docker without elevated priv ex. (docker version).
Im trying to run a command on another machine (windows server with docker as service) with powershell invoke command but it seems as long as the docker insists on elevated priv i cannot.
So if i can get "docker verison" to work im all set.
The error i get is
docker.exe: error during connect: Post http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.39/containers/create: open //./pipe/docker_engine: Access is denied. In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.
See 'C:\Program Files\Docker\docker.exe run --help
it works with an elevated powershell.
Any ideas?
This is normal - by default, a local named pipe is used for the Docker CLI to communicate with the service (aka daemon).
For development use you can configure the host machine's Docker service ("daemon") for TCP access but this is the least secure option. Just put this text in file daemon.json:
{
"hosts": ["tcp://0.0.0.0:2375"]
}
Once this is done you can connect with e.g.
docker --host tcp://1.2.3.4:2375 version
If this is for production use, you probably need to look at a container orchestration system.
A middle ground would be to useAttach-PSSession to attach to an admin PowerShell session on the remote machine. This still requires a privileged user but does work remotely.
I am using psexec to execute commands on remote server. Here is my command,
PsExec.exe" -u user \\server -h run.bat
I am entering the password manually. here I am using standard user account due to security issues. When I run the command I am getting the error,
"Make sure that the default admin$ share is enabled"
I read here that it cannot be done without admin privileges.
But when I test the same command in LAN it works in standard user.
How it works in LAN not in Remote server ?
Is there any alternative tools which will work in standard user ?
Please help me.
As an alternate tool, you can use Powershell and WinRM. Powershell allows you to execute a command, or an interactive session, on the remote windows server.
An example of executing a command is available here:
How to programmatically/remotely execute a program in EC2 Windows instance
If you need an interactive session, look at the Powershll command 'Enter-PSSession': https://technet.microsoft.com/en-us/library/hh849707.aspx
If we assume that a service must be run as administrator, is it possible to install it using a command line (sc.exe, powershell - all is available)?
Bonus: Is it possible to do without providing password?
sc.exe config 'servicename-notdisplayname' obj='\Administrator' password='secret'
Still no luck avoiding password, as it's required when starting the service.
JasperReports Server 5.6.0
I am able to successfully install JasperReports Server in unattended mode, when login to a specific machine as local Administrator. But I want to do the installation from a remote machine and am passing the same parameters as earlier(invoking the setup using CPAU for run as admin), but it fails while executing initdb.exe with the data folder creation.
I am getting the following error message as stated below.
"Executing initdb.exe -U postgres -E UTF8 -D C:/JASPER~1/JASPER~1.6/POSTGR~1/data
Script exit code: unknown signal
Script output:
Script stderr: child killed: unknown signal"
After googling and looking for a possible solution, I tried the following.
1) Created the data folder via cmd and provided full control permissions using cacls
2) Created the parent folder 'JasperServer' and provided inheritance permissions of OI, CI, Full Control.
But the issue appears to be the same. Though I am able to install JR Server with the same account by rdp in to the specific machine.
Can anyone help me out?
pls try this:
http://community.jaspersoft.com/wiki/bundled-installer-fails-error-running-initdbexe
Reason: You are using domain admin account.
Solution:
change to local admin user and restart install procedure,then it works:-)
By, Kosta