I have multiple servers that need to have the IISADMIN service restarted. I need to do this remotely, so I have code that will ask for credentials. however when I get to the point of stopping it and restarting it, it fails because the dependant services. I am trying to use IISRESET /STOP, but cannot get it to function.
Any suggestions would be greatly appreciated. if you need to see the code let me know.
Thanks!
If you have PowerShell 2.0 available I would use its remoting capabilities. You also have to admin to use iisreset (at least on Vista/WinServer 2008 and above). Fortunately PowerShell remoting takes care of that (requires you to be admin too). :-) With PowerShell 2.0 I would try something like this:
$cred = Get-Credential
Invoke-Command server1,server2,server3 -ScriptBlock { iisreset.exe /restart } `
-cred $cred
If the iisreset.exe still isn't working try PowerShell's Restart-Service in its place:
Restart-Service w3svc -Force
But first you have to have PowerShell 2.0 on each remote machine and enable remoting on each remote machine via the commands:
Set-ExecutionPolicy RemoteSigned
Enable-PSRemoting -Force
If you can't do PowerShell 2.0 on the remote machines, you could always use psexec.exe.
Related
I'm having a bit an issue invoking a command to remotely turn off services via PowerShell. I'm successful when using
(Get-Service -Name tomee -ComputerName servernamefqdn).Stop()
However when using
Invoke-Command -ComputerName servernamefqdn -Credential $creds -ScriptBlock {
(Get-Service -Name tomee).Stop()
}
I get errors
enter-pssession...winrm cannot process
and
The following error occurred while using Kerberos authentication: Cannot find the computer servernamefqdn.
I'm using my own credentials to pass in invoke. I've already ran the quick config for WinRM and added trusted sites for all. I'm not understanding why the first command works but the invoke command doesn't seem to find the server. The goal is the script will remotely stop services using another account. I read 1 other person having this same issue but no real solution for me. Any ideas?
I've a strange problem that I can't understand. Maybe someone will be able to explain it to me.
I'm trying to automate the installation of an app for SharePoint in a multitenant environment. I run the scripts on a remote machine like this:
$session = New-PSSession -Name "Install App Session" -Authentication Credssp -Credential $InstallAccountCredentials -ComputerName $frontend
$installAppScriptPath = Join-Path $currentScriptPath "\SharePoint\InstallApp.ps1"
$job = Invoke-Command -Session $session -FilePath $installAppScriptPath -ArgumentList $customerUrl, $env:COMPUTERNAME -AsJob
Wait-Job $job
Inside the InstallApp.ps1 I invoke the Import-SPAppPackage command but I get an "Access denied.
You do not have permission to perform this action or access this resource." error. However, if I login to the machine with exactly the same credentials that are used as $InstallAccountCredentials and start the script, everything is working perfectly fine. The account that is used for running this script is an tenant admin account.
Is there something I miss in invoking the command?
PowerShell remote doesn't work for a significant portion of the SharePoint cmdlets. Use the client object model instead - you can invoke those methods from PowerShell as needed.
all,
I believe this scenario sounds indeed odd, but I do need your help on this.
First I use
Enter-PSSession -ComputerName myComputerName -Credential domain\user1
to remote to a third machine from my dev machine. I got a prompt like [myComputername]: PS C:\Users\user\. Then I try to Start-Process with another user, say domain\user2. However it failed, although the executable path fed to the Start-Process is full under control of domain\user2. I suppose there is no permission problem on this. For example
Start-Process -FilePath powershell -ArgumentList "-command" & {whoami} "" -Credential domain\user2 -WorkingDirectory workingdirectory
It wouldn't print the domain\user2. And it would if you run this command after remote desktop to the test machine. Anyone knows the root cause and the fix of this?
Thanks & Regards,
Jingfei
I believe you have the dreaded Powershell Remoting Second Hop blues.
http://technet.microsoft.com/en-us/magazine/jj853299.aspx
CredSSP:
http://msdn.microsoft.com/en-us/library/ee309365(v=vs.85).aspx
Delegating credentials to a runspace:
http://www.vinithmenon.com/2012/11/delegated-administration-in-windows.html
So to recap the situation: I am at one computer trying to run powershell using enter-pssession computername, then from the remote session, run the logic below:
$DFSPath = "\\DFSpath.com"
$RDL1 = [char](1+[char](gdr ?)[-1].name)
New-PSDrive -Name $RDL1 -PSProvider FileSystem -Root $DFSPath -Persist -credential domain\UN
The get-variable shows the variables properly. But when I try to create with New-PSDrive, it gives:
New-PSDrive : A specified logon session does not exist. It may already have
been terminated
I did look at this: PowerShell 2.0: Accessing Windows Shares during a Remote Session but wasn't able to get it to work. Also I wouldn't know how to devise it in my script above (which will be run on multiple computers). Is there anything newer? I am using v3 powershell. Thanks so much!
From the looks of things it appears that you are experiencing the dreaded "Double-Hop". If you only what to remote to a few computers it's pretty easy to setup the "fix" for the "Double-Hop". On the computers that you want to remote to you need to run the following commands:
Enable-PSRemoting
Enable-WSManCredSSP Server
Then on the computer you want to remote from you need to run the command:
Enable-WSManCredSSP Client –DelegateComputer [<FQDN of the server>][*]
In place of the fully qualified domain name you can put a * instead. That will allow you to send your credentials to any computer (that could be dangerous).
Now how would you work this into a script? There is a command called Invoke-Command. If you look at the parameters of Get-Help Invoke-Command -Parameter *, you'll see that it take a Credential and a Authentication. Here's how you would run a command on multiple computers.
$MyCred = Get-Credential
Invoke-Command -ComputerName Computer1,Computer2 -Credential $MyCred -Authentication Credssp -ScriptBlock {Get-ChildItem $args[0]} -ArgumentList '\\Server\Share' -ErrorAction SilentlyContinue
Now if you'll be remoting onto many machines and you know how to use Group Policy. I'd recommend setting up PSRemoting and enabling WSManCred with the Group Policy.
I am trying to run a exe on remote machines which would basically uninstall a product agent. below is the code:
$test = Get-Content PC.txt
foreach ($a in $test)
{
$curr = Get-Location
Set-Location \\$a\Admin$\System32\CCMSetup
.\ccmsetup.exe /uninstall
Set-Location $curr
}
It doesn't work. I ended up removing the program from the host computer itself :)
Alternate Option: I created a batch file with the command line:
cd C:\Windows\System32\ccmsetup
ccmsetup /uninstall
exit
It seems the above can also be achieved using Invoke-Command.
Invoke-Command -ComputerName $client -FilePath UninstallCCM.cmd
Apparently, it does not accept batch file. I would like to keep it as simple as possible.
Currently I am using PSExec for installing and uninstalling the program. Do I need to enable PS Remoting (WinRM) on every remote machine on whom I need to execute scripts using PowerShell?
Can someone please help? Thanks in advance.
This command should execute successfully:
Invoke-Command -ComputerName $client -ScriptBlock { cd C:\Windows\System32\ccmsetup; ccmsetup /uninstall} -Credential $(Get-Credential) -Authentication CredSSP
but you will need to enable CredSSP authentication on all machines by running these two commands on each machine:
Enable-WsManCredSSP -Role Server -Force
Enable-WSManCredSSP -Role Client -DelegateComputer * -Force
I highly recommend downloading PSTools. There is a command in there called "psexec"
PSexec is so simple, you call it like this:
psexec \\myserver C:\Windows\System32\ccmsetup /uninstall