PowerShell Invoke-Command remotely using a share - powershell

I am trying to install software (.exe) with PowerShell remotely on another computer. I have now:
Invoke-Command -Authentication Credssp -Credential $cred -ComputerName "TargetComputer01" -ScriptBlock {Start-Process -FilePath $args[0] -ArgumentList ('/log "{0}" /quiet /norestart' -f $args[1]) -Wait -PassThru -Verb RunAs} -ArgumentList #($Installer, $LogPath)
This does not work, no errors, no log file, no installed software. So I have no idea why it is not working. I use Credssp because the installer is located on a share. When I place the installer somewhere on the TargetComputer01, it is working with a session, see:
Invoke-Command -Session $session -ScriptBlock {Start-Process -FilePath $args[0] -ArgumentList ('/log "{0}" /quiet /norestart' -f $args[1]) -Wait -PassThru -Verb RunAs} -ArgumentList #($Installer, $LogPath)
Any idea why the first command with Credssp is not working??
Yes I also have enabled Credssp with those commands. It seems that my script does run succesfully on TargetComputer01 (Windows Server 2012) but did not run succesfully on TargetComputer02 (Windows Server 2008 R2). The PowerShell versions are the same, and all other configuration is also the same (e.g. firewall settings).
I found however a way to get it working with a PSSession, see the following code:
$cred = Get-Credential -UserName "domain\username" -Message "Enter your credentials"
$session = New-PSSession -ComputerName "TargetComputer02" -Credential $cred -Authentication Credssp
Invoke-Command -Session $session -ScriptBlock {
param
(
$Installer, $LogPath
)
Start-Process -FilePath $Installer -ArgumentList ('/log "{0}" /quiet /norestart' -f $LogPath) -Wait -PassThru -Verb RunAs
} -ArgumentList #($Installer, $LogPath)
I am not sure why the other Invoke-Command without the session but with Credssp does not work on Windows Server 2008 R2, but the above code works on both Operating Systems! :)

Have you actually enabled CredSSP on the two computers? See the Enable-WSManCredSSP command.
On the client computer, or the computer you're running the script on, you need to set it to delegate credentials to the target computer:
Enable-WSManCredSSP -role Client -DelegateComputer "TargetComputer01"
You should verify this was set up properly by going into gpedit.msc -> Computer Configuration -> System -> Credentials Delegation. “Delegating fresh credentials” should now be enabled, and when you open up the details for it, TargetComputer01 should show up like “WSMAN/TargetComputer01”
And now on the receiving computer:
Enable-WSManCredSSP -role Server
Also make sure you run Enable-PSRemoting on TargetComputer01.
Let me know if this works for you!

Related

Install MSI on remote computer using Powershell

I am trying to write a Powershell script which will deploy software on a collection of WS2016 servers. I am a local administrator on all these servers. Here's what I have so far:
$Cred = Get-Credential
$Computer = 'myserver.contoso.com'
$SplunkMSI = '\\mylocalbox\C$\Splunk.msi'
$InstallDir = 'C:\Apps\Splunk\'
$sb = {
param($installer, $dir)
Start-Process -FilePath 'c:\windows\system32\msiexec.exe' -ArgumentList "$installer INSTALLDIR=$dir AGREETOLICENSE=Yes /qn /norestart /L*v C:\temp\splunkInstall.log" -Wait -NoNewWindow
}
Write-Host "Deploying Splunk to host $Computer"
Invoke-Command -Computer $Computer -Credential $Cred -ScriptBlock $sb -ArgumentList $SplunkMSI, $InstallDir -ErrorAction Stop
When I run this script, I get prompted for credentials, and then I see the output of the Write-Host, but then... nothing. I have to manually terminate the script.
I logged onto the remote host, but see no evidence that the MSI was executed or failed to execute.
Anyone see a smoking gun?
ya, it looks like it's looking for $installer and $dir in the script block but they're not specified

Using Invoke-Command to run Start-Process in an elevated session

As a precursor to running an installation file on several remote servers, I need to update the Powershell setting MaxMemoryPerShellMB. This requires running a PS session as Administrator on the remote server. I have been trying to run Invoke-Command which then runs a ScriptBlock consisting of a Start-Process command which includes the -Verb RunAs parameter. Nothing seems to work, however.
I have tried with various quoting schemes, single, double, triple, but nothing seems to work.
I've tried running the Start-Process from an Enter-PSSession, with the same results.
Following is the code I'm testing now:
$creds = Get-Credential -Username 'DOMAIN\userID' -Message "Enter Username and Password to access the remote servers."
$ScriptBlock = {
Start-Process -FilePath Powershell.exe -ArgumentList """Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1024""" -Verb RunAs -Wait
}
Invoke-Command -ComputerName testsvr01 -Credential $creds -ScriptBlock $ScriptBlock
I should be able to RDP to the remote server and run Get-Item WSMan:\localhost\Shell and have it show the updated value, but the value isn't changed.
When running the code it pauses for a second when the Invoke-Command runs, but other than that, there is no feedback in Powershell.
On the remote server I see the following two Kerberos errors in the System Event log.
0x19 KDC_ERR_PREAUTH_REQUIRED,
0xd KDC_ERR_BADOPTION
Any help is greatly appreciated.
> powershell.exe -?
...
EXAMPLES
...
PowerShell -Command "& {Get-EventLog -LogName security}"
-Command
...
To write a string that runs a Windows PowerShell command, use the format:
"& {<command>}"
where the quotation marks indicate a string and the invoke operator (&)
causes the command to be executed.
So you could try to call Set-Item in the following way:
$ScriptBlock = {
Start-Process -FilePath Powershell.exe -ArgumentList "-Command"," &{ Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1024 }" -Verb RunAs -Wait -PassThru
}
$process = Invoke-Command -ComputerName testsvr01 -Credential $creds -ScriptBlock $ScriptBlock
$process.ExitCode
I'm also returning a process object via -PassThru on which you might check the `ExitCode``
Hope that helps

powershell execute start-process on remote machine

IDE: PowerShell ISE
I have a script which installs the chrome to a remote machine
#Script : Test01.ps1
Start-Process D:\Chrome\Chrome.exe -wait -verb runas
write-host "Chrome is installed"
and I am executing the above script using :
Invoke-Command -ComputerName MySystem18 -FilePath D:\Test01.ps1 -ArgumentList Process
The above script is working on local system (MySystem03) and remote machine (MySystem18).
But when I am executing this in MySystem18 it is not showing up the acknowledgement or cursor after the installation of chrome, even after successful installation of chrome on MySystem18.
Can you tell me how to fix it.
D:\Chrome\Chrome.exe is a path on your remote computer ? If not, try to share a dir with Chrome.exe named yourdirshared on your mysystem03 and replace by \\mysystem03\yourdirshared\Chrome.exe into your ps1
if always doesnt work, you can try to remove -wait my be...
if always doesnt work, are you try to specify credentil parameter?
$Username = 'username'
$Password = 'yourpassword
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
Invoke-Command -ComputerName "MySystem18" -Credential $Cred -ScriptBlock {Start-Process D:\Chrome\Chrome.exe -wait -verb runas; write-host "Chrome is installed" }

installing remotely from computer A to server B and the installer UNC path from server C

Hi When I run this powershell code my powershell just hangs
Set-Content "\\$remote_computer\users\bkoo004\downloads\test\installme.bat" -value 'START "installing" "S:\npp.6.3.3.Installer.exe" /S'
Invoke-Command -ComputerName $remote_computer -Credential $cred -ScriptBlock {Start-Process 'c:\users\bkoo004\downloads\test\installme.bat' -Wait}
But if run this code
Set-Content "\\$remote_computer\users\bkoo004\downloads\test\installme.bat" -value 'START "installing" "C:\users\user\downloads\npp.6.3.3.Installer.exe" /S'
Invoke-Command -ComputerName $remote_computer -Credential $cred -ScriptBlock {Start-Process 'c:\users\bkoo004\downloads\test\installme.bat' -Wait}
I can install fine.. I am thinking that its some UAC or other security that is trying to block my install from a UNC path(drive S). Can anyone please help? Is it because double hop?

Executing an Exe file inside Invoke-Command causes Access Denied

Using Powershell, I'm trying to connect to a remote machine and install an exe file on that system. Unfortunately I'm getting an Access is denied error when running the file. What's truly odd about this error, is that other exe's located on the same path run fine, so I'm wondering if something more cryptic could be involved?
I'm currently using this command to connect to the remote machine, upon which I'm a local admin.
$InstallFile = "\\networkshare\folder\folder\setup.exe"
$InstallParameters = "SampleParameter1 = 5"
$Server = SERVERNAME.DOMAINNAME.COM
$cred = Get-Credential
invoke-command -Computername $Server -authentication credssp -credential $cred -ScriptBlock {
$CurrentProcess = Start-Process -FilePath $InstallFile -ArgumentList $InstallParameters -Wait -PassThru
$CurrentProcess | Wait-Process
}
I'm using CredSSP which seems to be working well since it fixed this issue for other files, but this one simply refuses. Any other thoughts? I ran into a similar issue with .NET 4 and was unable to resolve that install either.
I've noticed you are using Start-Process to run your executable. According to this:
http://technet.microsoft.com/en-us/library/dd347667.aspx
there's also -Credential parameter that can be passed to it. It very well might be the case that Start-Process is not executed by the user that called Invoke-Command. Try passing Credential to your Start-Process:
invoke-command -Computername $Server -authentication credssp -credential $cred -ScriptBlock {
$CurrentProcess = Start-Process -FilePath $InstallFile - Credential $cred -ArgumentList $InstallParameters -Wait -PassThru
$CurrentProcess | Wait-Process }