How to correctly run 'rename-item' remotely? - windows

I have declared the following variables:
$dir = 'C:\Users\user1\folder1'
$fname = 'abc.txt'
$tmp_fname = 'abc1.txt'
Now, I am remotely trying to execute below command:
invoke-command -cn $mycomp -Credential $mycred -ScriptBlock {
param($fname, $tmp_fname)
rename-item $dir\$fname -NewName $dir\$tmp_fname
} -ArgumentList ($fname, $tmp_fname)
Upon executing the above command, I am getting below error:
+ invoke-command -cn $server -Credential $host_cred -ScriptBlock {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Rename-Item], PSInvalidOperationException
+ FullyQualifiedErrorId : InvalidOperation,Microsoft.PowerShell.Commands.RenameItemCommand

You almost got it, here are some comments and suggestion.
You are not passing all the arguments, in your case is $dir
$dir is an alias for $env:windir so try to use another name.
In your example $dir = 'C:\Users\user1\folder1' , you reference a specific user folder on a remote computer, that might work but you better be mindful with that reference.
Although it might work, I would try to avoid symbols between variables like that $dir\$fname , a better way would be to include the backslash in the $dir and then combine both like so $($dir+$fname)
With all that said, here is what I think should work for you
$dPath = 'C:\Users\user1\folder1\'
$fname = 'abc.txt'
$tmp_fname = 'abc1.txt'
invoke-command -ComputerName $server -Credential $host_cred -ScriptBlock {
param($fname, $tmp_fname)
rename-item -LiteralPath $($dPath + $fname) -NewName $($dPath + $tmp_fname)
} -ArgumentList $fname, $tmp_fname , $dPath

Related

Folder audit Powershell script, nested loop

I am trying to get a script working to audit folder permissions on a Windows server, among other data, and export this data to a CSV file for analysis after a ransomware attack.
I ripped the script from a forum, but it did not run correctly as is. Below is a slightly modified version during my troubleshooting.
I am well versed in batch scripting, and have a decent understanding of loops and pipelining, but this Powershell script has me scratching my head.
It seems like the array is not making it to the nested loop.
I am testing in Windows 10 Pro 21H1, using Powershell version 5.1.19041.1320, build 10.0.19041.1320
##The script:
$ErrorActionPreference = "Continue"
$strComputer = $env:ComputerName
$colDrives = Get-PSDrive -PSProvider Filesystem
ForEach ($DriveLetter in $colDrives) {
$StartPath = "$DriveLetter`:\"
Get-ChildItem -LiteralPath $StartPath -Recurse | ?{ $_.PSIsContainer } |
ForEach ($FullPath = Get-Item -LiteralPath{Get-Item -LiteralPath $_.PSPath}{Get-Item -
LiteralPath $FullPath}.Directoryinfo.GetAccessControl())}
Select #{N='Server Name';E={$strComputer}}
#{N='Full Path';E={$FullPath}}
#{N='Type';E={If($FullPath.PSIsContainer -eq $True) {'D'} Else {'F'}}}
#{N='Owner';E={$_.Owner}}
#{N='Trustee';E={$_.IdentityReference}}
#{N='Inherited';E={$_.IsInherited}}
#{N='Inheritance Flags';E={$_.InheritanceFlags}}
#{N='Ace Flags';E={$_.PropagationFlags}}
#{N='Ace Type';E={$_.AccessControlType}}
#{N='Access Masks';E={$_.FileSystemRights}}
Export-CSV -NoTypeInformation -Delimiter "|" -Path "$strComputer`_$DriveLetter.csv"
##The error I am getting:
You cannot call a method on a null-valued expression.
At C:\Users\user\Documents\fileaudit2.ps1:8 char:13
ForEach ($FullPath = Get-Item -LiteralPath{Get-Item -LiteralPath $ ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : InvalidOperation: (:) [], RuntimeException
FullyQualifiedErrorId : InvokeMethodOnNull
##when I modify the nested loop as follows:
ForEach ($FullPath = Get-Item -LiteralPath{Get-Item -LiteralPath $_.PSPath}{Get-Item -LiteralPath $FullPath}).Directoryinfo.GetAccessControl()}
##I get the error:
Get-Item : Cannot evaluate parameter 'LiteralPath' because its argument is specified as a script block and there is no input. A script block cannot be evaluated without
input.
At C:\Users\user\Documents\fileaudit2.ps1:8 char:46
... Path = Get-Item -LiteralPath{Get-Item -LiteralPath $_.PSPath}{Get-Ite ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : MetadataError: (:) [Get-Item], ParameterBindingException
FullyQualifiedErrorId : ScriptBlockArgumentNoInput,Microsoft.PowerShell.Commands.GetItemCommand
##I'm just wholly struggling to understand what is not working in this loop.
You are mixing a lot of unneeded Get-Item calls in there.
I also would not use Get-PSDrive for this because I assume you don't want to get results for CD drives, USB devices etc in the report.
Try:
# this returns drives WITH a trailing backslash like C:\
$colDrives = ([System.IO.DriveInfo]::GetDrives() | Where-Object { $_.DriveType -eq 'Fixed' }).Name
# or use:
# this returns drives WITHOUT trailing backslash like C:
# $colDrives = (Get-CimInstance -ClassName win32_logicaldisk | Where-Object { $_.DriveType -eq 3 }).DeviceID
$result = foreach ($drive in $colDrives) {
Get-ChildItem -LiteralPath $drive -Directory -Recurse -ErrorAction SilentlyContinue |
ForEach-Object {
$path = $_.FullName
$acl = Get-Acl -Path $path
foreach ($access in $acl.Access) {
[PsCustomObject]#{
Server = $env:COMPUTERNAME
Drive = $drive[0] # just the first character of the drive
Directory = $path
Owner = $acl.Owner
Trustee = $access.IdentityReference
Inherited = $access.IsInherited
InheritanceFlags = $access.InheritanceFlags -join ', '
'Ace Flags' = $access.PropagationFlags -join ', '
'Ace Type' = $access.AccessControlType
'Access Masks' = $access.FileSystemRights -join ', '
}
}
}
}
# now you can save your result as CSV file for instance you can double-click to open in Excel:
$result | Export-Csv -Path 'X:\WhereEver\audit.csv' -NoTypeInformation -UseCulture
To do this on several remote machines, wrap it inside Invoke-Command
# set the credentials for admin access on the servers
$cred = Get-Credential 'Please enter your admin credentials'
# create an array of the servers you need to probe
$servers = 'Server01', 'Server02'
$result = Invoke-Command -ComputerName $servers -Credential $cred -ScriptBlock {
$colDrives = ([System.IO.DriveInfo]::GetDrives() | Where-Object { $_.DriveType -eq 'Fixed' }).Name
foreach ($drive in $colDrives) {
# code inside this loop unchanged as above
}
}
# remove the extra properties PowerShell added
$result = $result | Select-Object * -ExcludeProperty PS*, RunspaceId
# output to csv file
$result | Export-Csv -Path 'X:\WhereEver\audit.csv' -NoTypeInformation -UseCulture

PowerShell - Remote Upgrade Script

I am trying to upgrade Powershell on a bunch of Windows 7 boxes so I can do other remote installs and such. I am using Invoke-Expression but I swear this worked once before without it. There doesn't appear to be a Wait option for any of this. It does work when I run the Invoke-Expression locally. I also tried Start-Process. Is there a better way to get feedback on why it didn't run? The debugging is painfully slow because it has been a lot of just guessing, both due to lack of feedback and due to its hard to tell on the remote machine when its actually installing the background. The script is getting copied. I've tried without the Remove-item in case I was deleting it too fast. The $cred is admin. I'm not sure Execution Policy is necessary.
foreach ($comp in $computers) {
$comp.Name
if(test-connection -ComputerName $comp.Name -quiet ){
$Destination = "\\$($comp.Name)\c$\Temp\"
copy-item -path "\\10.1.32.161\New Client Setups\WMF_5.1_PowerShell\*" -Destination $Destination -recurse -force
"`t Copied"
$session = Enter-PSSession $comp.Name -Credential $cred
$results = Invoke-Command -ComputerName $comp.Name -ScriptBlock {
Set-ExecutionPolicy RemoteSigned
$ver = $PSVersionTable.PSVersion.Major
"`t Powershell Version : $ver"
if ($ver -lt "5"){
"`tNeeds upgrade"
$argumentList = #()
$argumentList += , "-AcceptEULA"
$argumentList += , "-AllowRestart"
#Invoke-Expression "& 'C:\Temp\Windows7_Server2008r2\Install-WMF5.1.ps1' + $argumentList"
Invoke-Expression 'C:\Temp\Windows7_Server2008r2\Install-WMF5.1.ps1 -AllowRestart -AcceptEULA'
}
}
$results
Remove-item -Path "$Destination*" -recurse
Exit-PSSession
Remove-PSSession -session $session

trying to get all the GPO's related to the OU with invoke command

I have a this set of code:
#Find the OU with the selected Canonical name and save it to this variable
$OUObject = Invoke-Command -Session $S -ScriptBlock {Get-ADOrganizationalUnit -filter * -Property CanonicalName | Where-Object {$_.CanonicalName -eq $using:listBox2.SelectedItem}}
So after this code i get a an OU stored in a variable $OUObject.
i now want to get all the gpo's linked to this ou.
so my next step is this:
$test = $OUObject.LinkedGroupPolicyObjects
and now $test hold all the gpos linked to its ou. problem now is i want to get them by name. so i can do this:
invoke-command -session $s -scriptblock {get-gpo -guid $test}
but i will get this error:
PS C:\WINDOWS\system32> invoke-command -session $s -scriptblock {get-gpo -guid $test}
Cannot validate argument on parameter 'Guid'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
+ CategoryInfo : InvalidData: (:) [Get-GPO], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.GroupPolicy.Commands.GetGpoCommand
+ PSComputerName : DC01
so i look at $test and this is what it holds:
PS C:\WINDOWS\system32> $test
cn={5873971D-F689-4E83-8AFA-389FDD7F34CD},cn=policies,cn=system,DC=bla,DC=local
cn={2B7F8931-038E-46BC-B1DB-FBFA86097C08},cn=policies,cn=system,DC=bla,DC=local
cn={C74CADA1-B609-44A3-8D3C-F733CF3112E2},cn=policies,cn=system,DC=bla,DC=local
so what i acually need is to past to the get-gpo command only the part inside the cn{..}
if i hardcode for example and do this:
invoke-command -session $s -scriptblock {get-gpo -guid 5873971D-F689-4E83-8AFA-389FDD7F34CD}
i get the result right.
can anyone help me achive this please?
Use the regex -replace operator to extract the GUID from the DN, then pass the value to Invoke-Command using the $using: modifier:
$GUIDs = $test -replace '^cn=(\{[0-9a-f-]+\}).*$'
Invoke-Command -Session $s { $using:GUIDs |ForEach-Object { Get-GPO -Guid $_ } }

Copy-Item for copy files from local to remove server using credentials

I am trying to copy some files and folder from my local machine to a remote server:
Copy-Item .\copy_test.txt -destination "\\serverip\c$\backups\"
but I'm getting an error:
Copy-Item : Logon failure: unknown user name or bad password.
At line:1 char:10
+ Copy-Item <<<< .\copy_test.txt -destination "\\serverip\c$\backups\" -verbose
+ CategoryInfo : NotSpecified: (:) [Copy-Item], IOException
+ FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.CopyItemCommand
I was trying using credentials but this command does not allow -Credential argument. I was searching a lot and in every example the command is pretty easy just executing the Copy-Item $source -destination $destination and I wonder why is so hard in my workstation.
Creating New PSDrive
I tried to create a New-PSDrive but it didn't work.
$creds = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username, $password
New-PSDrive -Name X -PSProvider FileSystem -Root '\\$serverip\c$' -Credential $creds -Persist
Copy-Item '.\copy_test.txt' -Destination 'X:\backups'
Remove-PSDrive -Name X
It is the error message:
PS C:\Users\Administrator\Desktop> .\copyfiles.ps1
New-PSDrive : The network path was not found
At C:\Users\Administrator\Desktop\copyfiles.ps1:11 char:1
+ New-PSDrive -Name X -PSProvider FileSystem -Root '\\$serverip\c$' -Credential $c ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (X:PSDriveInfo) [New-PSDrive], Win32Exception
+ FullyQualifiedErrorId : CouldNotMapNetworkDrive,Microsoft.PowerShell.Commands.NewPSDriveC
Copy-Item : Cannot find drive. A drive with the name 'X' does not exist.
At C:\Users\Administrator\Desktop\copyfiles.ps1:12 char:1
+ Copy-Item '.\copy_test.txt' -Destination 'X:\backups'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (X:String) [Copy-Item], DriveNotFoundException
+ FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
Remove-PSDrive : Cannot find drive. A drive with the name 'X' does not exist.
At C:\Users\Administrator\Desktop\copyfiles.ps1:13 char:1
+ Remove-PSDrive -Name X
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (X:String) [Remove-PSDrive], DriveNotFoundExcepti
+ FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.RemovePSDriveCommand
My servers
My server are windows instances in AWS. I have the right permission because I am able to run other command like Invoke-Command in order to inspect some services into the remote server.
PS> $PSVersionTable.PSVersion
Major Minor Build Revision
----- ----- ----- --------
4 0 -1 -1
If credentials are required for access to a remote share you need to map it to a (PS)drive before you can use it with other cmdlets.
$cred = Get-Credential
New-PSDrive -Name X -PSProvider FileSystem -Root "\\$serverip\c$" -Credential $cred -Persist
Copy-Item '.\copy_test.txt' -Destination 'X:\backups'
Remove-PSDrive -Name X
I found the solution. I was using PowerShell version 4.0 and then upgrade my version to 5.0
In previous version the Copy-Item doesn't allow credentials. Now is possible to copy files through the sessions between servers:
$deploy_dest = "C:\backup"
$username = "$server\Administrator"
$password = Get-Content C:\mypassword.txt | ConvertTo-SecureString -AsPlainText -Force
$creds = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
$session = New-PSSession -ComputerName $server -Credential $creds
Copy-Item -Path .\copy_test.txt -Destination -ToSession $session
Check this alternative using copy command and net use
net use \\10.164.60.77\c$\Users\ana\Desktop password /user:username
copy "C:\Users\alex\Desktop\test.txt" "\\10.164.60.77\c$\Users\ana\Desktop\test.txt"

Powershell's Invoke-Command won't take in a variable for -ComputerName parameter

I just can't seem to get this to work, and I can't figure out how to google this issue. similar script is working remotly but now i need to made it work localy. But... Please check the script...
Function Local-Install {
$ComputerName = "$env:computername"
$AppName = "Deployment"
Invoke-Command -ComputerName $ComputerName ,$AppName -ScriptBlock `
{
param ($ComputerName,$AppName)
write-host "Getting Parameters for '$AppName' on $ComputerName"}
$Application = Get-WmiObject -computername $ComputerName -Namespace "root\ccm\ClientSDK" -Class CCM_Application | where {$_.Name -like "$AppName"} | Select-Object Id, Revision, IsMachineTarget
$AppID = $Application.Id
$AppRev = $Application.Revision
$AppTarget = $Application.IsMachineTarget
([wmiclass]'ROOT\ccm\ClientSdk:CCM_Application').Install($AppID, $AppRev, $AppTarget, 0, 'Normal', $False)
}
and i get an error like this:
Invoke-Command : One or more computer names are not valid. If you are trying to pass a URI, use the -ConnectionUri parameter, or pass URI objects ins
tead of strings.
At line:5 char:1
+ Invoke-Command -ComputerName $ComputerName ,$AppName -ScriptBlock `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (System.String[]:String[]) [Invoke-Command], ArgumentException
+ FullyQualifiedErrorId : PSSessionInvalidComputerName,Microsoft.PowerShell.Commands.InvokeCommandCommand
Exception calling "Install" : ""
At line:13 char:1
+ ([wmiclass]'ROOT\ccm\ClientSdk:CCM_Application').Install($AppID, $AppRev, $AppTa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WMIMethodException
Since this is local you could just run the "env:COMPUTERNAME" call in the method. However, if you want to get this to work as is, you just need to add the -ArgumentList argument to the Invoke-Command call:
Invoke-Command -ComputerName $ComputerName, $AppName -ArgumentList $ComputerName, $AppName -ScriptBlock `

Resources