I have modified a script to standardise our organisations signatures in Outlook. The script uses a Word document as a template for the signature and extracts user details from the Active Directory info on our SBS 2003 server.
I am logged in as a Domain Admin and the script works ok for my Outlook signature (there are a couple of errors but it creates the 3x outlook signature files that I need). I can't get it to run on any other computer (but this is the only one with Powershell installed) nor will it run for any other user on this computer.
I would really like to be able to run the script from each workstation. This would be easy if it was a batch file, but it won't work as a powershell script. Do I need to install Powershell on every workstation or is there a simpler way to get it to work?
Also,
I wonder if there is a problem with the script that is not allowing other users to run it from this computer (even with Powershell installed).
Cheers,
Greg
Yes, you need Powershell installed on every machine where you want the script to run. It's included with OS on everything from Server 2008 and Windows 7, but otherwise you'll need to install Powershell manually.
You will also have to enable remote scripting on each machine, since this is disabled by default (for security reasons). Take a look at the following help pages for information and instructions on how to set up:
Get-Help about_remote
Get-Help about_remote_FAQ
Get-Help about_remote_requirements
Get-Help about_remote_troubleshooting
If you want to use PowerShell remotely you will need to install it. If you don't want to do that you could look at psexec - that's one of Sys Internals great tools. It will enable you to run commands\scripts remotely.
I have a different suggestion. Could you generate these signature files for your employees on your machine and then push the signatures out to all the other machines?
Related
I'm a complete rookie to programming. I will say so much off the bat: please go easy on me. I simply want to know what happens on a system-wide level when I run a script through the PowerShell ISE program. If I run something in an IDE, I have always assumed that no system calls are made, meaning the script isn't communicating with the kernel or making actual changes to the OS. To the contrary, the script is simply being run in a sandboxed environment, as a test run for lack of better terms. I use the term sandboxed loosely here.
If I am on the mark here regarding how an IDE works, does PowerShell also work the same way. If I am incorrect overall with all of my observations, please correct me. I'm just a tad bit beyond the phase of a script kiddie. I can write simple Bash scripts and execute PowerShell commands but I am miles behind the talent of a developer or full-time programmer. Looking for an answer from a veteran to a rookie here.
The PowerShell ISE is called an Integrated Scripting Environment. It can be thought of as a stripped down Visual Studio or maybe instead an enlightened Notepad with a paired PowerShell console.
In any case, and maybe someone will chime in with the true history of the ISE here, the PowerShell console is just as effective and powerful as the Linux Bash Shell, or the Windows Command Prompt.
Commands you run in PowerShell use underlying Windows APIs or dotnet namespaces which can absolutely change the system.
For instance, you can start and stop services or even disable them, if you've got the permissions and are running as an administrator. That's definitely changing the underlying system.
Set-Service -Name Spooler -StartupType Disabled
You can also change registry keys you definitely should not be touching.
#Disable Windows Update
Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name AU -Type DWord -Value "NoAutoUpdate"
Having permission to do these things depeneds on what your account can do. If you're running as a standard Windows user without admin rights, these calls will fail.
If you run the ISE or PowerShell without 'Run As Administrator', these calls will fail.
However, if you are an admin, and run PowerShell or the ISE as an Admin, you have effectively taken both safeties off and can now freely ventilate your foot.
Same goes for if you're running with a powerful Active Directory or Azure account. Only use those credentials when you need them, or your inevitable accidents will be truly remarkable, swift and terrible.
So I need to uninstall some program and clean all the leftovers (folders + registry)
and then install the new app with all it dependencies - all this on 150 workstation
I've created a Powershell script and it's doing all the mention above without any issues,
the issue begins when I need to run the installation, it's located on a network share, here is the syntax:
Set-Location "\\imapps\FileSiteClientInstall\Setup Imanage\DRIVE -iManage Drive for Windows 10.2.6.48"
Start-Process iManageDrive.exe /s
The issue is that i have 6 lines like this one (each installation file is in a different folder),
and when I run this from the network I'am getting this UAC
is there a way to disable it, and make my script to run fully automatically?
Thanks alot for your help :)
So, not really UAC for what most people think of UAC. This is warning about running an executable from an untrusted location (not on a local drive). You'd get the same thing with a script that you download from the internet. What you can do is use the Unblock-File cmdlet to get past that warning like this:
Set-Location "\\imapps\FileSiteClientInstall\Setup Imanage\DRIVE -iManage Drive for Windows 10.2.6.48"
Unblock-File .\iManageDrive.exe
Start-Process iManageDrive.exe /s
This should mark the file as safe, and avoid the prompt you've been getting.
I'm working with DNS resource records in Powershell 5 using code that I inherited from the guy who was trying to do this before me. The cmdlet I am trying to use is Add-DnsServerResourceRecordA.
Part of his code has import-module certain folder\PowerShell\Modules\DnsServer. The weird thing is, it seems like as I was trying bits and pieces of the code earlier, I was able to use the add-DNSblah cmdlet. Now, after It ried running the whole script including the import-module, Powershell is saying that the cmdlet does not exist natively, and when I import the module and run it it is giving me Add-DnsServerResourceRecordA: Invalid Class.
It is my understanding that Add-DnsServerResourceRecordA should be included in my normal Powershell 5.0. Could that Import-Module have permanently damaged PS somehow? Why else would the cmdlet not show up, even in a Get-Command "dns"?
I'm pretty sure you will need the Remote Server Administration Tools (RSAT) installed to have these cmdlets available on a non-server Windows OS.
You can download them from this page: https://www.microsoft.com/en-gb/download/details.aspx?id=45520.
Not really sure why the Import-Module does not fail if the DNSServer module is not present on the system.
If RSAT are already installed, you can try to reinstall them.
I have this setup with a GPO to run as a logon script, obviously to map a drive for clients.
net use H: \\server1\share\$env:username
Dead simple. If I put in a specific username in place of the variable then it works. Also, if I run this script directly on a client machine it works.
Do you get an error? Does it helps if you wrap the path in double quotes?
"\\server1\share\$env:username"
That should work with or without the quotation marks. Are the clients all Windows 7? I believe that Powershell logon/startup scripts don't work on earlier versions, even if you have Powershell installed, because it's an add-on rather than a native shell. If you're using downlevel clients, you can invoke the powershell script from a cmd batch file. But if you're going to do that, might as well skip Powershell and just run net use H:\\server1\share\%username% from your batch file.
Run this in a .bat file as a login script (use a FQDN for the server name):
net use H: \\server.example.com\share\%USERNAME%
If that not works, your GPO is just not yet applied. You can force that by running on the machine gpupdate /force.
For testing make sure that the GPO is applied to the right OU to the group "Authenticated Users" (computers are in the group too). And if that is not working, you can also "Enforce" the GPO. Don't forget to do a gpupdate /force after any change to the GPO or it settings.
You can also try a .js logon script like:
var WSH = new ActiveXObject("WScript.Shell");
// Map share
WSH.Run("net use H: \\\\server.example.com\\share");
I need to know if it is possible to run powershell remotely in the following scenario:
I have a Windows XP box WITHOUT Powershell installed. From this box, I would like to run a PS script located somewhere like: \\mypc\C$\Scripts\information.ps1.
The script should be run against the machine where it resides. In this case, the “mypc” machine would be running the script and returning the result to the XP machine.
What makes this difficult is the fact that I cannot install Powershell or any third party apps on the Windows XP machine.
It’s a long shot but would this be doable?
Thanks!
While you can't actually run the script on the local machine without PS installed there, depending on what you want to actually accomplish you may be able to run it locally and simply access the remote resources. Most of a machine's resources are typically available remotely (File System, Registry, WMI, etc.) depending on the security on the machine.
EDIT: Now that my complete misunderstanding of the issue is cleared up, my answer would be: No, you do not need to have Powershell installed on a local machine to run a script on a remote machine that does have Powershell installed. Just use PSExec to kick off the Powershell process on the remote machine. I realize that the OP cannot install 3rd party apps, but there is absolutely no install associated with PSExec, it is a completely stand alone exe.
It has been a while since I had to do this so I did a quick check. This at the command line worked for me:
psexec \\REMOTEMACHINE "C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe" -File C:\temp\test.ps1 -NoProfile -NonInteractive
You need to have Powershell installed. This isn't possible :(. Sorry.
Using Psexec is the only way I can think of too. However, if you are using PSexec.exe using alternate credentials, the credentials are passed over the network in plaintext. Something to be wary about if your network is visible to other people.