I am trying to execute task on PcRemote from PcLocal and I am getting the ERROR: Access is denied.
This is the command that I am using:
SCHTASKS /Run /S PcRemote /U PcRemote\AdminRemote /P password /TN "TaskToRun"
I execute the command from PcLocal loged in as AdminLocal that is part of Administrators group.
On PcRemote AdminRemote is also part of Administrators group. Computer are not part of a domain but they are in the same LAN. I can use Remote Desktop to access PcRemote login in as AdminRemote.
I have enabled Remote Scheduled Tasks Management in Windows Firewall settings. Tried with firewall off too.
Task executes C:\CMD\test.cmd that just has the command mkdir C:\CMD\Dir. It is configured to run wheter user is loggedon or not, and to run with highest privileges. It runs as user PcRemote\AdminRemote.
Trying to connect to PcRemote through Task Scheduler as suggested here https://www.action1.com/how-to-different-ways-to-create-scheduled-task-remotely/ gives the same error. You do not have permission to access this computer.
Is command that I am using not correct or I need do something else?
Is this even possible if computers are not part of a Domain and running just Windows 10?
Related
I am trying to run a .bat script that uninstall 32/64 bit agents and re-install 64-bit agents on almost 100 window servers.
Can you please guide me how this can be done?
I already tried running for one server to test
psexec \\<windows server> -u <username> -p <password> <command>
But fails with error
COULD NOT START PSEXESVC service on <windows server>
Do we need such service on all machines? Please suggest any other way?
PSEXEC is not a standard windows feature /service.
If you wish to use PS Exec you will need to install it on all of the relevant systems first.
Otherwise, your options are:
CMD:
A) Does the "Agent" Installer you are using allow you to install / uninstall to a given server in it's command line syntax?
If so utilize that.
B) Put the Installer in central location (the Active Directory Netlogon Folder is great for this) along with a CMD script to run the uninstall and install processes.
Then Use SCHTasks to connect to each server and create a Scheduled task that runs using an administrative Username and password for that server, and set it to run with the highest privileges, set the action to be the path to the CMD script in netlogon that you have previously tested and nwo is working, set the task to run 1 minute in the future, or on demand (If on demand you then run schtasks again to execute the task).
Powershell:
Work on getting a working CMD Script to run and use Invoke Command to run that command script on the remote systems. As in Option B from CMD options you can keep the CMD script and Agent installer in the netlogon folder.
I need to stop and start IIS server for TFS build. When do this using .bat file iisreset /stop, similarly for start.
When I do this I get
Access denied, you must be an administrator of the remote computer to use this command. Either have your account added to the administrator local group of the remote computer or to the domain administrator global group.
Please note: This is Windows server 2019
I am already admin of this machine.
I have given read/write access to everyone in this folder.
I have unset EnableLUA to '0' in the registry as told in link for site
Above all these, I restarted machine.
I still get error in TFS build.
When you start a build in TFS the execution of that build is effectively done by a build agent. A build agent is just a service running on any particular machine. So, your batch file that shall start/stop the IIS service will be executed by whatever build agent is running your particular build.
This in terms means that your batch file is executed by the user that is used to run the build service. If that user does not have the necessary admin rights you face this particular error message.
What you need to do is make sure that all accounts that you use to run your build agents have administrative permissions on whatever machine you want to start/stop IIS.
You are trying to do IISRESET in your batch script. You need to be an Administrator as basic right to execute IISRESET command. So the account which the build is running needs to be part of the Admin group on the box.
Other approach is to stop and start w3svc using sc config commands or NET STOP WAS /Y and NET START W3SVC
Both of your answers are correct, I added the 'Network Service' of TFS to admin group of machine. Then build was success. Administrative tools>Computer Management> Local Users and Groups>Groups>
Inside Administrators and Users add 'Network Services'. If you don't find 'Network Service' then change location to your computer node and add them.
I have a batch file with various commands. I am transferring the batch file to a remote PC and running the file. Now I need to run a few of the commands in the batch file as an administrator but I cannot go to the remote PC to enter any password or click on any prompt.
My batch file includes the following commands:
1. winrm quickconfig -force
2. winrm set winrm/config/service/auth #{Basic="true"}
3. winrm set winrm/config/service #{AllowUnencrypted="true"}
Now the commands 2 and 3 needs to be run as an administrator. I have the admin password. Is there any command arguments like
"command" /runas /user:admin /pass:password /noprompt
Using only /runas still gives you a prompt and there is no option in runas /? that can disable it. I need a solution where I don't have to press Yes on the UAC prompt since the file will run on a remote system.
Edit: Would like to give more context. So the task is to automate the process of running configuration script on remote machine once windows is installed on it. There would be approximately 100 machines and going on each system and enabling the winrm service is not feasible. And in order to run the script remotely on the target machine, I need to enable and then make changes to the winrm service (needs admin privileges). I cannot make changes to the network. I am able to enable winrm service but making changes to winrm service requires running those commands as admin. And I cannot click on any prompt since I cannot go to the remote machine. So any advice in this regards would be helpful. I'm not trying to bypass any process. I have the admin credentials. Just trying to find the correct commands and arguments to help me achieve this.
I'm trying to get a scheduled Format running on Win10.
I have a Batch File that consists of the following line:
Format F: /V:test /Q /FS:NTFS /A:4096
Starting the Batch manually Formats the drive as desired, but starting the Batch as a Scheduled Task gives me an error:
cannot open volume for direct access.
I did a lot of Google Research but nobody seems to have found a solution or hasn't shared one.
I already did try/ensured the following things:
The Task runs with highest privileges
The user has admin rights and full Control over the Folder
I tried running it from SYSTEM - didn't work
The Task is configured for Win10 and running only as user is logged on
I am stuck in a problem trying to install appx with Powershell -ExecutionPolicy Unrestricted add-appxpackage <path to appx> using the Powershell plugin in Jenkins and the below errors are logged:
add-appxpackage : Deployment failed with HRESULT: 0x80073CF9, Install failed.
Please contact your software vendor. (Exception from HRESULT: 0x80073CF9)
Deployment Add operation rejected on package
<path to appx> install request because the Local
System account is not allowed to perform this operation.
NOTE: For additional information, look for [ActivityId].
As I understand, this problem is mainly because Jenkins service on Windows gets installed as NT Authority\System. (If I use psexec.exe to open a command prompt that runs as Authority\System, I run into the same issue.) I then tried adding net localgroup "Administrators" NT Authority\System /add hoping the group might get added as Administrator and would let me install the appx, so I can run the tests, but with no success. Now I am stuck and I am not sure if there is really a way to install an appx via Jenkins or not OR if there is a way to invoke the Powershell script as an administrator via Jenkins. I have been through couple of SO links already, but none of them seems to fix the issue I am facing. Any pointers would be appreciated.
DO NOT try to add System to the Administrators group, it's a limited account for a reason and does not require administrative privileges.
Instead change the Jenkins service to run as a user that has the right permissions for what you're trying to do. That might mean you need to create an account specifically for the Jenkins service.
There are a few ways to change the service account, this answer gives the following as a solution:
sc.exe config "Service Name" obj= "DOMAIN\User" password= "password"