I am trying to execute a PowerShell script on a salt-minion windows server from a salt master Linux server.
I am sending the command like this:
salt My-server cmd.run "C:\Users\XYZ\Desktop\my_script.ps1" shell=powershell
This works but I need to execute this script as a specific user.
I have tried all of the following:
salt My-server cmd.run "start powershell -credential "XYZ" C:\Users\XYZ\Desktop\my_script.ps1"
salt My-server cmd.run "runas/user:XYZ "powershell.exe C:\Users\XYZ\Desktop\my_script.ps1"
salt My-server cmd.run "runas/user:XYZ C:\Users\XYZ\Desktop\my_script.ps1" shell=powershell
But all of them either fail to run the script or don't have the desired effect.
I don't know much about PowerShell but I know how to do the same in Linux bash:
su -c "C:\Users\XYZ\Desktop\my_script.ps1" XYZ
I am aware that's not a valid Linux path but you see the point.
Have you tried using the runas option for cmd.run? Such as:
salt My-server cmd.run "C:\Users\XYZ\Desktop\my_script.ps1" runas=XYZ shell=powershell
The documentation seems to imply that password= argument may be required, too:
runas (str) -- Specify an alternate user to run the command. The default
behavior is to run as the user under which Salt is running. If running on
a Windows minion you must also use the password argument, and the target
user account must be in the Administrators group.
Documentation references:
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.powershell (for cmd.run with the runas option via execution module, with shell=powershell, which also includes the added information around needing password= against Windows minions)
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#salt.states.cmd.run (for cmd.run with the runas option in states)
I have a program which requires Administrative privileges that I want to run from a batch file. What command can I run from command line will run my program with administrative privileges? I'm okay with the pop-up window asking for permission. Additionally, the file needs to be able to run from anywhere on a computer so additional files are run from ./src. The problem is that if I right-click and choose "run as administrator" it changes my current directory so ./src no longer works. If I disable UAC on my machine then everything runs fine. Thank you!
Look here: https://superuser.com/a/269750/139371
elevate seems to be working, calling
C:\Utils\bin.x86-64\elevate.exe -k dir
executes dir in the "current directory" where elevate was called.
This is tough, Microsoft provides no utility to do this (mostly because giving a batch file that ability breaks security), except for RunAs, and that requires that the Administrator account be activated.
There IS a JScript program that can do something similar, by using SendKeys to open the Start menu and type cmd[CTL]+[SHIFT]+[ENTER] which will launch a Command-Line shell.
Save the following as as .js file, like StartAdmin.js:
var WshShell = WScript.CreateObject("WScript.Shell");
WshShell.SendKeys("^{esc}cmd^+{ENTER}"); The equivilent of [CTRL]+[ESC] cmd [CTRL]+[SHIFT]+[ENTER]
To run StartAdmin.js from a batch file, you will need the following line:
wscript StartAdmin.js
To launch from a particular directory and launch a batch file, change line 2 in StartAdmin.js to something like:
WshShell.SendKeys("^{esc}cmd /C "cd %userprofile% & batchfile.bat"^+{ENTER}");
/C switch tells it to run the commands, then close the command-line window.
/K would leave the command window open after it exited the batch file.
To help you understand the SendKeys commands:
+=[Shift Key]
^=[Control Key]
{esc}=[Escape Key]
{enter}=[Enter Key]
To learn more about using CMD.EXE, type CMD /? at the command prompt.
This is a very untidy and ugly way to do it, but it's the only way I know how using only the tools that come with Windows.
Is there a command line syntax in which returns the Image Path / Location of the *.exe on the task manager?
I'm using Windows XP Professional Service Pack 3, I'm aware of the tslist(tasklist) command, but I only get all running *.exe files.
There is no way from XP's Task Manager to get this info (Vista on up, however, can show this info). Other apps, like MS/SysInternals' "Process Explorer" GUI can show you the full path of all exe's.
Alternatively, a built-in process called WMIC, which uses WMI, can give you this info as in Ramesh's answer:
WMIC PROCESS get Caption,Commandline,Processid
Or, to output to a file and not the command prompt window:
WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid
Note: the command prompt will need to have admin rights to launch WMIC.
The commands above will show you output like the following, which includes the PID, process name, full path, and switches passed to the command:
Caption CommandLine
ProcessId
System Idle Process
0
helpctr.exe "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" -mode hcp://system/sysinfo/msinfo.xml
4852
helpsvc.exe "C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe" /Embedding
1908
cmd.exe "C:\WINDOWS\system32\cmd.exe"
4308
cmd.exe "C:\WINDOWS\System32\cmd.exe" /k cd c:\ && color 71 & & title Admin Command Prompt - %username%
You can open the system information tool under Accessory/system tools to see the actual image path along with its PID.
This may be useful for you: http://www.raymond.cc/blog/determine-program-path-from-task-manager-for-each-program-in-windows-xp-windows-server-2003/
While I'm using PSEXEC.exe getting 'Access denied' error for remote systems.
Any idea about how to solve this?
Hi i am placing here a summary from many sources online for various solutions to "access is denied" :
most information can be found here (including requirements needed) - sysinternal help
as someone mentioned add this reg key, and then restart the computer :
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system
/v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
Read this knowledge base article to learn what this does and why it is
needed
Disable firewall (note - this will leave you with out any firewall
protection)
netsh advfirewall set allprofiles state off
if target user has a blank PW and you dont want to add one, run on target:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LimitBlankPasswordUse"=dword:00000000
This didnt work for me, but i have read it did for others in a few places,
on target execute:
Start -> Run -> secpol.msc -> Local Policies -> Security Options -> Network Access: Sharing > and security model for local accounts > Classic – local users authenticate as themselves
if already in 'Classic':
move to "Guest only - .." run from elevated command prompt gpupdate \force
move back to 'Classic - .." again run from elevated command prompt gpupdate \force
This one solved my issue:
run on target from elevated command prompt "net use" look at ouput chart and for shares listed in remote column there (i only deleted the disconnected ones - you can try them all) run "net use [remote path from before list] /delete" then run 'net use \target\Admin$ /user:[user name]' enter prompt password request (if empty PW just press enter), viola should work.
I just solved an identical symptom, by creating the registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy and setting it to 1. More details are available here.
This helped in my case:
cmdkey.exe /add:<targetname> /user:<username> /pass:<password>
psexec.exe \\<targetname> <remote_command>
PsExec has whatever access rights its launcher has. It runs under regular Windows access control. This means whoever launched PsExec (be it either you, the scheduler, a service etc.) does not have sufficient rights on the target machine, or the target machine is not configured correctly. The first things to do are:
Make sure the launcher of PsExec is familiar to the target machine, either via the domain or by having the same user and password defined locally on both machines.
Use command line arguments to specify a user that is known to the target machine (-u user -p password)
If this did not solve your problem, make sure the target machine meets the minimum requirements, specified here.
You can try the command
net use \\computername\ipc$ /user:adminname password
to get admin permissions on remote PC before use psexec.
I had the same problem. And after a hard work, I found a easy and full solution:
I use runas to run the script in a admin account
I use the -s parameter in psExec to run in a system account
Inside the PsExec, I login again with a admin account
You can use & to run multiples commands
Remember to replace [USERNAME], [PASSWORD], [COMPUTERNAME], [COMMAND1] and [COMMAND2] with the real values
The code looks like this:
runas /user:[USERNAME] "psexec -e -h -s -u [USERNAME] -p [PASSWORD] \\[COMPUTERNAME] cmd /C [COMMAND1] & [COMMAND2]"
If you whant to debug your script in the another machine, run the following template:
runas /user:[USERNAME] "psexec -i -e -h -s -u [USERNAME] -p [PASSWORD] \\[COMPUTERNAME] cmd /C [COMMAND1] & [COMMAND2] & pause"
Try setting this key on the target (remote) machine, and restart the machine:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"LocalAccountTokenFilterPolicy"=dword:00000001
See: http://forum.sysinternals.com/topic10924.html and http://www.brandonmartinez.com/2013/04/24/resolve-access-is-denied-using-psexec-with-a-local-admin-account/
I just added "-с" parameter. It makes Psexec copy executable to remote machine. So it works without access errors.
I found Sophos kept placing psexec.exe into the Quarantine section. Once I authorized it, it ran fine.
I still use psexec, even on win 10. Replace the psexec.exe in the Windows 10's win32 folder with the older version to work -> I use version 2.11.0.0. The Windows 10 version I was using would only run .bat files as background/hidden process on the remote computer. Took a whole day to figure this out.
Adding the registry key from above to the remote computer helps as well:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
I found another reason PSEXEC (and other PS tools) fail - If something (...say, a virus or trojan) hides the Windows folder and/or its files, then PSEXEC will fail with an "Access is Denied" error, PSLIST will give the error "Processor performance object not found on " and you'll be left in the dark as to the reason.
You can RDP in; You can access the admin$ share; You can view the drive contents remotely, etc. etc., but there's no indication that file(s) or folder(s) being hidden is the reason.
I'll be posting this information on several pages that i was perusing yesterday while trying to determine the cause of this odd problem, so you might see this elsewhere verbatim - just thought I'd put the word out before anyone else pulled their hair out by the roots trying to understand why the performance counter has anything to do with PSEXEC running.
I had a case where AV was quarantining Psexec - had to disable On-access scanning
For anybody who may stumble upon this. There is a recent (Dec 2013) Security Update from Microsoft Windows on Windows 7 that is preventing remote execution.
See http://support.microsoft.com/kb/2893294/en-us
I uninstalled the Security Update by going to Control Panel\Programs\Programs and Features\Installed Updates
It worked right after that.
The following worked, but only after I upgraded PSEXEC to 2.1 from Microsoft.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"LocalAccountTokenFilterPolicy"=dword:00000001 See:
http://forum.sysinternals.com/topic10924.html
I had a slightly older version that didn't work. I used it to do some USMT work via Dell kace, worked a treat :)
On Windows Server 2012 R2 I had trouble to run from user account
psexec -u administrator -p password \\machinename -h -s -d -accepteula cmd.exe
But it works fine if you run without parameters -h -s. That's why I use this to solve my trouble:
psexec -accepteula -u administrator -p password \\machinename %PathToLocalUtils%\psexec.exe -h -s -d cmd.exe
I couldn't get access to remote machines unless I had UAC disabled.
That has to be done locally, either from control panel or running the following through cmd:
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
While UAC is enabled, make sure you run cmd as administrator.
For a different command I decided to change the network from public to work.
After trying to use the psexec command again it worked again.
So to get psexec to work try to change your network type from public to work or home.
I tried a lot of way but I could not use psexec. It gives "Access denied". After I change the target user account type from Standard to Admin, I connected the machine via psexec.
I researched the reason why admin type account is required then I found this answer.
You can change target machine user account this way: Control Panel -> User Accounts -> Change Account Type. You must enter an admin account and password to change that account if you logged in standard account.
After that I logged in with this command: psexec \\remotepcname -u remoteusername -p remotepassword cmd
Tried all suggestions above, but still was unable to resolve the error. Finally once I made the below change, I could successfully run the PSexec command.
Turns out that when you have UAC enabled psexec does not work as supposed. We need to set HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA to 0 then psexec starts working as expected.
I am trying to start a service from the command line using "net start SERVICENAME" and I get an access denied error.
I am an administrator on this server since I am in a domain group that are admins on the server. I can start/stop the service from the Services tool.
I am new to 2008/Vista so maybe I am just missing something..
update:
I did not use "run as administrator". Is this something new in 2008? Where do I find this option?
This might work:
runas /user:administrator net start
SERVICENAME
Type cmd into the search box in the start menu.
Right click on cmd.exe and Run As Administrator.
You could also create a shortcut to cmd and set the shortcut to run as administrator if this is something you're going to do often.
Alternatively, you could:
runas /user:DOMAIN\Administrator cmd
To launch another shell with admin privileges.
net start SERVICENAME
In case you needed to run more than one command as the administrator...