My objective is to add users to a shared folder in the remote server. I know that netshare command can be used to add users to local folder.
net share PathName=D:/Projects /GRANT:XXXX,FULL
When i run the above command in the local machine, it works fine.
Since the shared folder is present in remote server, i tried wmic and the psExec options. But both did not work. Not sure what i am missing here
wmic /node:ComputerName process call create "cmd.exe net share PathName=D:/Projects /GRANT:XXXX,FULL"
and
psExec \\ComputerName cmd.exe "net share PathName=D:/Projects /GRANT:XXXX,FULL"
Assuming you're running Windows 8 (Server 2012) or newer, use the Grant-SmbShareAccess cmdlet and a remote CIM session:
$RemoteSession = New-CimSession -ComputerName RemoteComputerName
Grant-SmbShareAccess -Name ShareName -AccountName XXXX -AccessRights Full -CimSession $RemoteSession
On Windows 7, you can use Invoke-Command to run the net share command on the remote machine:
$RemoteSession = New-PSSession -ComputerName RemoteComputerName
Invoke-Command -Session $RemoteSession -ScriptBlock { net share PathName=D:/Projects /GRANT:XXXX,FULL }
Related
I want to automate robocopy through Azure powershell runbook and I am taking below steps but Its failing with access denied error for Source location. Service account used to create remote connection is admin user on both servers
Create remote session on destination server (using Azure Automation account runbook which is running on Hybrid worker )
run Invoke-command for ROBOCopy to pull data from source server to destination D drive.
Below code is not doing anything but runbooks status shows as complete
$serviceAccountPassword = (Get-AzureKeyVaultSecret -VaultName 'kvname' -Name 'secname').SecretValue
$credential = New-Object System.Management.Automation.PSCredential('serviceaccountname',
$serviceAccountPassword)
$session = New-PSSession -ComputerName 'destination_server' -Credential $credential
$scriptblock = {c:\Windows\System32\robocopy.exe \\source_server\Backups\ \\destination_server\d$\data\}
invoke-command -session $session -scriptblock $scriptblock
I have also enbled-Psremoting and also added service account as admin to both servers
Edit : If I don't run as JOB I get access denied error
I need to execute some code on remote machine, I use powershell's Invoke-Command to do that.
Invoke-Command -ComputerName TESTPC -ScriptBlock { Get-WMIObject Win32_ComputerSystem | Select-Object -ExpandProperty name };
It works on my local but fails in TeamCity server. It says: Connecting to remote server TESTPC failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.. I tried to solve it this way https://stackoverflow.com/a/27872686/3561198 but the condition is always true and it looks like the script is run with admin rights. How to fix the issue? Otherwise suggest another way to execute some code on remote Windows machine.
Start an interactive session with the destination machine first and then use Invoke-Command to run the script block.
Enter-PSSession Server01
Invoke-Command -ComputerName Server01, Server02 -ScriptBlock { your code here }
Exit-PSSession
I just want to know whether there is a way to login windows server (OS Process Sampler) in the same test plan as we can do for Unix servers (SSH command).
In SSH command it is asking for username and password to login the UNIX box, but it is not there in OS Process sampler.
I just want to check logs in different Windows Server but I need to have only one .jmx file. This will be a central one and it should not be installed in any of the Windows Server where I check logs.
Thanks in advance.
Microsoft Powershell has ability of executing remote commands, you just need to enable this mode, see Enable and Use Remote Commands in Windows PowerShell for details.
Once done you should be able to execute commands on remote Windows machines like:
powershell.exe $password = ConvertTo-SecureString -String YOUR_PASSWORD -AsPlainText -Force; $credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "YOUR_USERNAME",$password; Invoke-Command -Computer REMOTE_MACHINE -cred $credentials -scriptBlock {YOUR_COMMAND}
Replace:
YOUR_USERNAME with Windows username
YOUR_PASSWORD with Windows password
REMOTE_MACHINE with hostname or IP address of the remote machine
YOUR_COMMAND with Powershell script you want to execute
More information: How to Run External Commands and Programs Locally and Remotely from JMeter
Okay, so this has been bugging me for a while and I have tried too many things now.
I'm trying to run a PowerShell script - my user account is a regular one on the domain, it is however local administrator on my computer. Therefore I've created a PowerShell script prompting me for credentials (where I type the credentials of my domain administrator account) to be used to invoke another script which needs this domain administrator elevation.
This script looks like this:
Invoke-Command -FilePath "C:\Temp\script.ps1" -ComputerName localhost -Credential Get-Credential
Here the script.ps1 is the script which needs domain administrator elevation.
Executing the shown script results in a prompt for credential and then the following error:
[localhost] Connecting to remote server localhost failed with the following error message : Access is denied.
I've tried messing around with a .bat file looking like this:
SET ThisScriptsDirectory=%~dp0
SET PowerShellScriptPath=%ThisScriptsDirectory%script.ps1 PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""%PowerShellScriptPath%""' -Verb RunAs}";
aswell, but I can't make it work - it is not elevating the script to domain administrator level.
Lastly however, I need to mention that the script I want to run with domain elevation works if I open PowerShell with the domain administrator elevation, navigates to C:\Temp\script.ps1 and executes it by .\script.ps1.
Any suggestions?
One topic that helped me (I had a similar case) was the section "HOW TO ENABLE REMOTING FOR NON-ADMINISTRATIVE USERS" in About Remote Troubleshooting. Basically, it tells you to execute a PS Command: Set-PSSessionConfiguration Microsoft.PowerShell -ShowSecurityDescriptorUI and grant execution permission to the user that you are trying to use it.
If you have local administrative rights, run powershell as administrator and run Invoke-Command without the -Credential flag.
If you're only running the script locally, you don't need Invoke-Command. You're better off just running the script and passing arguments to it.
Enable PSRemoting Service to Start Automatic
on both host and remote machines
Set-Service winrm -StartupType Automatic
Start-Service winrm
Enable PSREmoting
On both host and remote machines
EnablePSRemoting -Force
Add computers to Trusted Hosts
On Remote machine
Set-Item wsman:\localhost\Client\TrustedHosts -Value "$(hostname),*$((Get-WmiObject Win32_ComputerSystem).Domain)"
Enable Multi Hopping in Powershell Remoting
Identify which hosts to allow passing of Creds
Enable-WSManCredSSP –Role Client –DelegateComputer "$(hostname),*$((Get-WmiObject Win32_ComputerSystem).Domain)"
On the source machine.
Enable-WSManCredSSP –Role Server
You must specify Authentication and a Credential
on Host Machine
$Cred = [System.Management.Automation.PSCredential]::new("<username>",$("<Password>" | ConvertTo-SecureString -AsPlainText -Force))
invoke-command -ComputerName localhost -ScriptBlock {Write-Host $args[0]} -ArgumentList "Hello!, It Works" -Authentication Credssp -Credential $cred
REFERENCE
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_troubleshooting?view=powershell-6
Well, you are doing it wrong if I understand it correctly.
Credential you provided is used to access localhost (which you don't need BTW). Script is still executed unelevated. There are two solutions:
You need to elevate the powershell itself and execute the script.
You need to change the script so that it itself accepts Credential parameter and use it to access things. There isn't much more I can say about it until you show the script.
You can elevate shell with:
start powershell -verb Runas
The problem here is that unless you disable UAC, it will prompt you. Unfortunately there is no easy way around this that I know. One sure way is to add the script to task scheduler and set the task to run elevated, then run it and delete the task. All of this can be automated ofc. This is a consequence of unfortunate design of UAC system (sudo on Linux that serves the same purpose will cache the response for some time so that subsequent commands do not prompt). This would go something like:
schtasks /Create /TN runner ... /TR powershell -File script.ps1 /RU username /RP password /RL HIGHEST
schtasks /run runner
schtasks /delete runner
I'm new to programming and am trying to write a powershell script.
I'm in a windows domain environment with over 50 remote offices. Each office has 4 computers. One computer, "Computer A," has dropbox installed that we use for backups, and now software updates. I want to execute a script from my local machine that copies a folder (~1 GB) to the other computers in that LAN, and runs the setup.exe file in the directory to update software on these computers.
As far as I can tell in order to use the Enter-pssession cmdlet & run a copy-item and start process, I have to:
On remote machine enable winrm by: enable-psremoting -force
On remote machine enable CredSSP authentication by: enable-smancredssp -role server -force
On local machine enable CredSSP authentication by: enable-SmanCredSSP -role
client -force
From here I can enter the Power shell session and begin the copy and install. Here is the code I'm running:
#Allow my computer to send credentials to remote computers
Enable-WSManCredSSP -Role Client -DelegateComputer * -Force
$credential = Get-Credential -Credential domain\user
#Getting Content
$path = "C:\computernames.csv"
Import-Csv -path $path |
foreach-object {
$computername = $_.Name
if (Test-Connection -cn $_.Name -quiet) {
#copy the batch file that allows remote powershell access
$source = "c:\"
$destination = "\\$computername\c$\install files\remoteaccess"
robocopy $source $destination
#open file to allow remote PS access
& psexec \\$computername -a runas -u domain\user -p password -c -f -h "\\$computername\c$\install files\remoteaccess\remoteaccess.bat"
#Initiates Power Shell session with remote computer
Enter-PSSession -cn $_.Name -Credential $credential -Authentication Credssp
#begin copy
#be sure to refine destination
copy-item -path $_.Source -Destination $_.Destination -force -verbose -recurse | out-file c:\copylog.txt
#begin silent install
#code here
#stop wsmancredssp accep
disable-wsmancredssp -role server
#close pssession
exit-pssession
} else {
"$computername is not online"
}
}
Disable-wsmancredssp -role client
The computernames.csv has the headers: Name, Source, Destination with UNC directories for each LAN's computer with dropbox and where to copy the file.
The "remoteaccess.bat" file contains the following two lines of code:
powershell.exe enable-psremoting -force >>c:\remotelog.txt
powershell.exe Enable-WSManCredSSP -role Server -force >>c:\remotelog.txt
The powershell window freezes after initiating the psexec session with the remote computer and sends the first powershell command to enable remoting. No error is generated, or input requested. The output of this command is saved in the remotelog text file:
"WinRM has been updated to receive requests.
WinRM service started.
WinRM already is set up for remote management on this machine."
It appears the powershell command to enable wsmancredssp is never received. When I run the batch file on the remote computer from remote access software, both commands execute and are logged successfully. Where is my psexec command going wrong, or how can I setup these computers to allow remote sessions with a remote command without using GPO?