I'm struggling to figure out what is going on, but it has a pretty widespread effect on a system I'm working with.
I have several machines running a service, but when I try to query the service (both in .net and in powershell) the service is not found. When I connect to the machine via RDP, the service shows up. I've already confirmed that I had permissions on the service, including granting explicit permissions to the service for my user using subinacl.
I do get a result back from get-service -computername $server but it doesn't list the service I'm looking for. Is there a group policy or windows configuration that I'm missing here? Why would some services show up remotely but not all of them?
Any tips/advice on what to look for would be greatly appreciated.
EDIT: Using this command:
get-Service -computername $servername | Export-Csv C:\temp\Local.csv -notypeinformation
On the machine yields the following file:
https://drive.google.com/open?id=1aXvIgWT4NU2EN4j14JlxrY-jHGp-hG2Q
Running the same command remotely against the machine yields the following file:
https://drive.google.com/open?id=16NvRgrQsSGc9CKlqmIqntLy1bkLMl5tJ
EDIT2:
Command:
Get-Service -Computername $servername -Name 'AdobeARMservice'
Running Remotely Result:
Get-Service : Cannot find any service with service name
'AdobeARMservice'. At line:1 char:1
+ Get-Service -Computername $servername -Name 'AdobeARMservice'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (AdobeARMservice:String) [Get-Service], ServiceCommandExcep
+ FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand
Running Locally Result:
Status Name DisplayName
------ ---- -----------
Running AdobeARMservice Adobe Acrobat Update Service
Edit3:
This issue can also be seen in the microsoft service list.
While locally on the machine:
While remote:
The powershell documentation for get-service says:
This cmdlet can display services only when the current user has
permission to see them. If this cmdlet does not display services, you
might not have permission to see them.
I would therefore assume that your remote user is a different user than the local user.
if you truly have access rights, you could just do this instead
invoke-command -computername $servername -scriptblock {get-service} | export-csv C:\temp\Local.csv -notypeinformation
Related
I need to execute some code on remote machine, I use powershell's Invoke-Command to do that.
Invoke-Command -ComputerName TESTPC -ScriptBlock { Get-WMIObject Win32_ComputerSystem | Select-Object -ExpandProperty name };
It works on my local but fails in TeamCity server. It says: Connecting to remote server TESTPC failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.. I tried to solve it this way https://stackoverflow.com/a/27872686/3561198 but the condition is always true and it looks like the script is run with admin rights. How to fix the issue? Otherwise suggest another way to execute some code on remote Windows machine.
Start an interactive session with the destination machine first and then use Invoke-Command to run the script block.
Enter-PSSession Server01
Invoke-Command -ComputerName Server01, Server02 -ScriptBlock { your code here }
Exit-PSSession
When I run the command dcdiag /test:RIDManager in PowerShell in my Domain Controller, I get the test as passed.
But when I run it from another server in a different domain using Remote Session in PowerShell I get the test as failed.
$testSession= New-PSSession -ComputerName <hostname> -Credential Get-Credential
Invoke-Command -Session $testSession -ScriptBlock {dcdiag /test:RIDManager}
This command gives passed when I use the hostname of the Primary Domain Controller but failed for the Secondary Domain Controller. This comes as failed only when I run the command from as Computer in another domain.
I get the below error when failed:
DsBindWithSpnEx() failed with error 5,
Access is denied..
This issue is because of the double hop problem. So if you create a remote PS Session using Creedssp then the result is as it is in the target server.
I am trying to use PowerShell to remove profiles and associated registry entries on remote computers. The account I am using has administrator permissions on the remote computers. I have no trouble pulling the SIDs of the accounts or deleting the profile. My problem comes when trying to remove the registry key for the account located at HKLM:\SOFTWARE\Microsoft\'Windows NT'\CurrentVersion\ProfileList. There is a key for every SID and I want to remove the ones that match the profiles I am deleting.
This is what I have tried so far:
Enter-PSSession $comp
Remove-Item "HKLM:\SOFTWARE\Microsoft\'Windows NT'\CurrentVersion\ProfileList\$SID"
Exit-PSSession
This got the following result:
Remove-Item : Cannot find path 'HKLM:\SOFTWARE\Microsoft\'Windows
NT'\CurrentVersion\ProfileList\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1000' because it does not exist.
If I run the same command on the local machine, the key is deleted successfully.
I also tried:
Enter-PSSession $comp
Remove-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList' -name $SID
Exit-PSSession
Which returned the following:
Remove-Itemproperty : Requested registry access is not allowed.
I have also tried using invoke-command to run the exact same command that works locally and I get the same error.
Is there something I am missing? Can any of you kind folks point out what I am doing wrong? I would really like to do this with built-in commands rather than installing a third party module if possible.
If you are looking to remove user profiles and cannot use a third party tool I would recommend using the CIM classes.
Get-CimInstance -ClassName Win32_UserProfile -Filter "SID = 'S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1000'" -ComputerName $comp | Remove-CIMInstance -WhatIf
If you do not have winrm enabled or configured you can fallback on WMI.
Get-WmiObject -Class WIN32_UserProfile -Filter "SID = 'S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1000'" -ComputerName $comp | Remove-WmiObject -WhatIf
This will get not only the registry key but also the folders associated with the profile.
My objective is to add users to a shared folder in the remote server. I know that netshare command can be used to add users to local folder.
net share PathName=D:/Projects /GRANT:XXXX,FULL
When i run the above command in the local machine, it works fine.
Since the shared folder is present in remote server, i tried wmic and the psExec options. But both did not work. Not sure what i am missing here
wmic /node:ComputerName process call create "cmd.exe net share PathName=D:/Projects /GRANT:XXXX,FULL"
and
psExec \\ComputerName cmd.exe "net share PathName=D:/Projects /GRANT:XXXX,FULL"
Assuming you're running Windows 8 (Server 2012) or newer, use the Grant-SmbShareAccess cmdlet and a remote CIM session:
$RemoteSession = New-CimSession -ComputerName RemoteComputerName
Grant-SmbShareAccess -Name ShareName -AccountName XXXX -AccessRights Full -CimSession $RemoteSession
On Windows 7, you can use Invoke-Command to run the net share command on the remote machine:
$RemoteSession = New-PSSession -ComputerName RemoteComputerName
Invoke-Command -Session $RemoteSession -ScriptBlock { net share PathName=D:/Projects /GRANT:XXXX,FULL }
I am trying to copy a folder from one remote server to another inside a PSSession, it's giving errors like access is denied. I have admin privileges to both of the servers. If I try it without PSSession it works.
In remote serverA
PS C:\Users\Automation\Documents> [System.Net.Dns]::GetHostName()
sql
PS C:\Users\Automation\Documents> Copy-Item -Path .\abc.csv -Destination "\\jump\c$"
PS C:\Users\Automation\Documents>
In remote serverB
PS C:\Users\Automation\Documents\sample\SQL Final Scripts> Copy-Item -Path ".\SQL_queries.csv" -Destination "\\sql\c$\"
PS C:\Users\Automation\Documents\sample\SQL Final Scripts> Enter-PSSession -ComputerName sql -Credential "automation#lab"
[sql]: PS C:\Users\Automation\Documents> Copy-Item -Path ".\SQL_queries.csv" -Destination "\\jump\c$\"
Copy-Item : Access to the path '\\jump\c$\' is denied.
+ CategoryInfo : PermissionDenied: (C:\Users\Automa...SQL_queries.csv:FileInfo) [Copy-Item], Unauthorized
AccessException
+ FullyQualifiedErrorId : CopyFileInfoItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.CopyItemCommand
[sql]: PS C:\Users\Automation\Documents>
You are facing the "Double Hop" problem. Run this on the SQL computer
Enable-WSManCredSSP -Role Server
and run this on Server B
Enable-WSManCred -Role Client -DelegateComputer *
then when you enter the remote session do
Enter-PSSession -ComputerName sql -Authentication Credssp -Credential (Get-Credential)
Hope this helps.
If you sneezed during reading this answer, Bless your face.
In case you would like to read more about the "Double Hop" issue, refer to this article:
Multi-Hop Support in WinRM
I believe you are facing the "double hop" problem, which is solved by using CredSSP