Start-Process with alternative credential in a remote session - powershell

all,
I believe this scenario sounds indeed odd, but I do need your help on this.
First I use
Enter-PSSession -ComputerName myComputerName -Credential domain\user1
to remote to a third machine from my dev machine. I got a prompt like [myComputername]: PS C:\Users\user\. Then I try to Start-Process with another user, say domain\user2. However it failed, although the executable path fed to the Start-Process is full under control of domain\user2. I suppose there is no permission problem on this. For example
Start-Process -FilePath powershell -ArgumentList "-command" & {whoami} "" -Credential domain\user2 -WorkingDirectory workingdirectory
It wouldn't print the domain\user2. And it would if you run this command after remote desktop to the test machine. Anyone knows the root cause and the fix of this?
Thanks & Regards,
Jingfei

I believe you have the dreaded Powershell Remoting Second Hop blues.
http://technet.microsoft.com/en-us/magazine/jj853299.aspx
CredSSP:
http://msdn.microsoft.com/en-us/library/ee309365(v=vs.85).aspx
Delegating credentials to a runspace:
http://www.vinithmenon.com/2012/11/delegated-administration-in-windows.html

Related

Start explorer.exe remotely with a path specified in Powershell

The problem I have is that I am able to Invoke-command explorer.exe on a remote machine without giving it any path parameters, yet when I enter:
Invoke-Command -ComputerName PC01 -Credential $cred -ScriptBlock {explorer.exe "C:\Foldername"}
Nothing happens, except for the fact that I get an error entry in the logs saying:
The server {75DFF2B7-6936-4C06-A8BB-676A7B00B24B} did not register with DCOM within the required timeout.
First thing, If you are trying this directly on the local system, the GUI will pop up properly.
Invoke-Command -ScriptBlock {C:\Windows\explorer.exe "C:\folder"}
But the problem, is how powershell will open a GUI console invoked from the remote system. Basically, it does not have the session to hold. You need a desktop session to do that.
In that case, you should use PSEXEC with -i
psexec -i -d -s c:\windows\explorer.exe C:\folder
Download it from Here: PSExec-v2.11. This link has all the explanations with examples on how to use each utility.
Hope it helps.

How to call a batch file that is on a server?

I am trying to script the installation of new computers at my office. I am stuck on one section here:
I need to run this command and I need to run the batch file as an administrator.
start \SERVERNAME\M-Modal\Fluency.Direct.9.1.65.7.6.4.v7\fd.client\install_silent.bat\
how would I change my credentials to tell it to run as an administrator ?
Also, What is the command to call the batch file that is located on this server ?
Thanks,
Andrew
$cred = get-credential
start-process -credential -cred
Enter your admin account in get-credential.
Alternatively
Start-Process -FilePath "x.bat" -Verb runAs
From Example 5 from here: https://technet.microsoft.com/en-us/library/hh849848.aspx
Thanks, Tim.

powershell execute .exe remotely

$computername = Read-Host "Enter Machine Name - "
Invoke-command -ComputerName $computername -ScriptBlock { & cmd /c 'c:\download\niniteone\niniteone.exe' /select "malwarebytes"}
Wondering if someone could tell me where I've gone wrong with this, it just dies when I run it. I've put this script together by looking at the others here but I can't seem to get it to work. We use ninite pro to update/install some 3rd party apps and I'm trying to setup some powershell scripts to run it on remote computers. Any help would be appreciated :)
Update - I added the cmd /c to the script block and now it works great!? I read cmd /c isnt needed with powershell v2? I'm confused... It's working but I'd like to get it right.
How about:
Invoke-command -ComputerName $computername -ScriptBlock { Start-Process -FilePath "c:\download\niniteone\niniteone.exe" -ArgumentList "/select `"malwarebytes`""}

Difference between runas.exe and Start-Process -Credential

I am playing around with setting up some scripts on a vpn on a client's network. This client generally assigns an ActiveDirectory account on their network and use it to manage permissions (eg. to databases). Ok, that makes sense.
But here is something that confuses me:
start-process runas.exe "/user:CLIENTDOMAIN\George.Mauer /netonly W:\tools\LINQPad4\LINQPad.exe
queries for a password and runs just fine (and I can access the database)
But
Start-Process W:\tools\LINQPad4\LINQPad.exe -Credential (Get-Credential)
and entering CLIENTDOMAIN\George.Mauer and my password at the popup prompt always results in an error
Start-Process : This command cannot be run due to the error: The user name or password is incorrect.
Are these not the same thing? What's the difference between runas and -Credential? And a secondary question - how do I Start-Job with my CLIENTDOMAIN\George.Mauer credential?
/netonly runs the process as the current user and only network connections are made with the other credentials.
Start-Process will run the process (and all its network connections) with the other credentials. There's no way to achieve the /NETONLY functionality with Start-Process.
You'd have to p/invoke the Win32 API to achieve /NETONLY functionality. If you're up for the exercise this is the API you'll need to use LOGON_NETCREDENTIALS_ONLY with:
http://www.pinvoke.net/default.aspx/advapi32/createprocesswithlogonw.html
More resources:
example code with LOGON_NETCREDENTIALS_ONLY
CreateProcessWithTokenW function
To run a job as a different user:
Start-Job -ScriptBlock {whoami} -Credential (get-credential) | Wait-Job | Receive-Job

Invoke-Command and Start-Process Issues

I'm trying to execute the following script:
$Cred = Get-Credential
Invoke-Command -Computername Localhost -Cred $Cred -Scriptblock {Start "Notepad.exe" -Wait}
Well, the notepad comes up no problem as Administrator but it is not visible in the current user's account.
I think it's not possible to see gui in an interactive session with different credential, it live in another user session.
Workaround:
start-process notepad.exe -Credential $Cred
I've run into this problem with PS Remoting and could not find a way to get an app running under one set of credentials to show up on the interactive desktop of a different user. I eventually gave up and used SysInternals utility psexec along with its -i parameter.