Powershell script executes commandline on local machine
$j = "remote_machine"
$comp = "\\"+$j
$command = 'D:\PSTools\PsExec.exe $comp -u Administrator -p plaintextpassword -accepteula powershell.exe c:\share\script.ps1'
Invoke-Expression "& $command"
This works, but it outputs following
PsExec.exe : At line:1 char:1
+ & D:\PSTools\PsExec.exe $comp -u Administrator -p plaintextpassword -accepteula powersh ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError PsExec v2.0 - Execute processes remotely Copyright (C) 2001-2013 Mark Russinovich
Sysinternals - www.sysinternals.com Connecting to
remote_machine...Starting PSEXESVC service on
remote_machine...Connecting with PsExec service on
remote_machine...Starting powershell.exe on remote_machine...
powershell.exe exited on remote_machine with error code 0.
How to fix?
After re-reading your question I see that this is the standard PSExec vs PowerShell issue that has been seen and discussed before. This is due to the fact that PSExec outputs its header lines to the stderr (Standard Error) stream for some of its text. The execution works fine, and it does show an exit code of 0 indicating that there is not actually an error.
This issue is only evident in PowerShell ISE, not the standard PowerShell console (unless you redirect StdErr to StdOut with PSExec <command & args> 2>&1 or something similar). To work around this, if you are going to run the script in the ISE, you can use Start-Process's -RedirectStandardError argument, or redirect StdErr through other means.
Related
In PowerShell I'm doing a cmd call to execute a program.
$create = "CreateFile /username Test /password password123"
cmd.exe /c $cred
When this program is executed via command line it prints to the screen "Command ended successfully." and this text seems to be returned from the cmd to my PowerShell script and tries to execute the line. So I get the error:
cmd.exe : Command ended successfully
At E:\Install\Files Script.ps1:12 char:17
+ $returnString = cmd.exe /c $cred
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Command ended successfully:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
My understanding is that the line
cmd.exe : Command ended successfully
Is trying to be executed by my PowerShell script and therefore it's throwing an error. Is there a way for me to prevent my command line call to the program to prevent from printing to the window? I've tried calling
echo off
prior to executing and I get the same result. Any help would be appreciated.
After some research, I was able to find a solution that seems to work in my case. I've added:
/f >nul 2>&1
To my script, and it seems to have solved my problem. My new script:
$create = "CreateFile /username Test /password password123"
cmd.exe /c $cred
I'm trying to run a powershell script to search for a network drive for a certain file. In my testing, I've found that my script works perfectly fine, however the network drive I need to search require my Domain Admin logon.
I have
Start-Process powershell.exe -Credential "domain\adminusername" -NoNewWindow -ArgumentList "Start-Process powershell.exe -Verb runAs"
as the very first line of my script, but whenever I run the script I get this error:
Start-Process : This command cannot be run due to the error: The directory
name is invalid.
At Path\to\script.ps1:1 char:1
+ Start-Process powershell.exe -Credential "domain\adminusername" -NoN ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Start-Process],
InvalidOperationException
+ FullyQualifiedErrorId :
InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
What directory name is it talking about? If I move the script to the actual network drive, I still get the same error. How do you run a script as a different user?
You could use the net use command to gain access or the new-psdrive command instead. Another option would be to start-process a cmd prompt and use runas within it. Also, you may need to include the full path of powershell.exe or add it to the path variable. %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe
I'm automating the testing of the installation, detection, and uninstallation of some Windows applications. In order to run most of those installers silently, they must be run as nt authority\system. That is easy enough to accomplish on a local machine by invoking psexec something like this:
psexec -s setup.exe /S
I need to be able to automatically roll back the test target computer to known-good states, so I'm using another computer to orchestrate all this. Ideally I could use PowerShell remoting to start the installer on the target computer. I haven't yet found a way to achieve that.
Attempt 1: psexec from a Remote Session
The most obvious thing to do is to connect to the target computer using remoting and invoke psexec -s. Here's what that looks like:
[target.ad.example.com]: PS C:\Users\un1\Documents> C:\PsTools\PsExec.exe -s whoami
C:\PsTools\PsExec.exe :
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
The problem is, the process just hangs at that point.
Attempt 2: Start-Process with -Verb RunAs
Using the RunAs verb with Start-Process may well run a process elevated, but it doesn't seem to run it as nt authority\system:
whoami-to-file.bat
whoami > out.txt
PowerShell Session
[target.ad.example.com]: PS C:\> Start-Process .\whoami-to-file.bat -Verb RunAs -WorkingDirectory
[target.ad.example.com]: PS C:\> Get-Contents out.txt
example\un1
The process is not started as nt authority\system.
The Question
Is it possible to start a process as nt authority\system over PowerShell remoting? If so, how?
Note: I'm no expert at Windows security and credentials, so I don't understand the exact security implications of this technique. In my case the only credentials in question are those a temporary test computer, so there isn't much risk. I doubt this technique is a good idea for production.
It's a Double-Hop (I think)
clymb3r's article about CredSSP I think explains why psexec -s fails over PowerShell remoting. I think that PowerShell remoting counts as one hop and invoking psexec -s counts as a second hop. If that's the case we have a manifestation of the double-hop authentication problem.
Use CredSSP
I suppose there are a variety of ways to overcome the double-hop problem. This being a testing scenario, CredSSP seems appropriate (beware the security risk). Here's the proof of concept.
First you have to enable CredSSP on both computers:
PS C:\> Enable-WSManCredSSP Client -DelegateComputer target.ad.example.com
PS C:\> Invoke-Command { Enable-WSManCredSSP Server} -ComputerName target.ad.example.com
Then you can remote to the target using CredSSP:
PS C:\> $credential = Get-Credential example\target-admin
PS C:\> Enter-PSSession target.ad.example.com -Credential $credential -Authentication CredSSP
[target.ad.example.com]: PS C:\>
And psexec -s works:
[target.ad.example.com]: PS C:\> psexec -s whoami
C:\PsTools\PsExec.exe :
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
Connecting to local system...Starting PSEXESVC service on local system...Connecting with PsExec service on
target...Starting whoami on target...
whoami exited on target with error code 0.
nt authority\system
https://github.com/mkellerman/Invoke-CommandAs
Made a function to Invoke-Command as SYSTEM, or provided credential, against local/remote computer. Returns PSObjects, handles network interruptions and resolves any Double-Hop issues.
Try it out let me know if this resolves your issues.
I am experimenting with the following script in Powershell ISE, but this returns an error when executed.
$computerName = Read-Host "Enter name of remote computer"
psexec \\"$computerName" cmd
The Read-Host part works fine, but when it moves to the psexec line it returns
Enter name of remote computer: Computer
psexec :
At line:2 char:1
+ psexec \\"$computerName" cmd
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
So it seems that the script is not passing the value of $computer. I have tried various " ' combinations to no avail.
Any help would be much appreciated, I'm rather novice at powershell scripting.
To expand on some of the other answers, a method a coworker showed me for more complex psexec strings is as follows:
#Use Psexec to Allow all remote connections and Enable PSRemoting
$psexec = "psexec -accepteula \\"+$targetIP+" -u "+$localadmin+" -p "+'"'+$str+'"'+' -h powershell.exe "&{"Set-Item wsman:localhost\client\trustedhosts -Value * -Force" ; "Enable-PSRemoting -SkipNetworkProfileCheck -Force"}"'
invoke-command -ScriptBlock {cmd /c $args[0]} -Argumentlist $psexec
While the above code actually calls psexec on the remote machine then delivers two powershell commands, the problem of authentication causes all sorts of crazy errors in PS.
Hope this helps someone or the OP.
updated:
right, I tried this, seems to work:
$computerName = Read-Host "Enter Name of computer"
$cred = Get-Credential
psexec \\$computerName -u $cred.UserName -p $cred.GetNetworkCredential().Password ipconfig 2> $null #hide errors
You don't need to quote anything. PowerShell will quote automatically if needed.
psexec \\$computerName cmd
I try to use PsLogList to import some eventlogs.
What is strage is that ever second time I run it, there is no error-message...
Here is the part where I have problems with:
$psloglist = "C:\Users\e-cedric.esch\Downloads\PSTools\PsLogList.exe"
$log = &$psloglist $($serverr) -u $($this.elogusr) -p $($this.elogpwd) -s -x -t \t $($logname)
Error-Message I get:
At C:\Users\systemCESCH\Desktop\test1.ps1:line:38 char:10
+ $log = &$ <<<< psloglist $($serverr) -u $($this.elogusr) -p $($this.elogpwd) -s -x -t \t $($logname)
PsLoglist v2.71 - local and remote event log viewer
Copyright (C) 2000-2009 Mark Russinovich
Sysinternals - www.sysinternals.com
At C:\Users\systemCESCH\Desktop\test1.ps1:line:38 char:10
+ $log = &$ <<<< psloglist $($serverr) -u $($this.elogusr) -p $($this.elogpwd) -s -x -t \t $($logname)
Error-Message I get when I debug:
Exception calling "getELog" with "2" argument(s): "Program 'PsLogList.exe' failed to execute: The WriteObject and WriteError methods cannot be called after the pipeline has been closed. Please cont
act Microsoft Support Services.
At C:\Users\systemCESCH\Desktop\test1.ps1:38 char:10
+ $log = & <<<< $psloglist $($serverr) -u $($this.elogusr) -p $($this.elogpwd) -s -x -t \t $($logname)."
At C:\Users\systemCESCH\Desktop\test1.ps1:78 char:34
+ write-output $ELogHandler.getELog <<<< ("PWLU0W987","Application")
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ScriptMethodRuntimeException
Btw., I'm using PowerGUI Script Editor v. 3.8.0.129
Are you running your command in the ISE? Have you tested it in a console? I've run into issues with the PsTools before when using the ISE and have gotten them to work properly from the powershell console directly.
I just tested this simplified version:
&"C:\Temp\PSTools\PsLogList.exe" -accepteula \\somecomputer -u domain\myusername -p mypassword
It didn't work in the ISE but it worked in the console.
I would suggest trying to simplify your command and test it in the console as well (if you're using the ISE).
try this :
$prog="psloglist"
$a="\\$serverr -u $user -p $password -s -x"
Start-Process $prog $a -noNewWindow
it's worth reading that post How to run an EXE file in PowerShell with parameters with spaces and quotes