?
Solved

AT command using computername

Posted on 2003-03-26
18
Medium Priority
?
943 Views
Last Modified: 2010-08-05
Try to schedule AT across different workgroups and domains, using

AT \\servername 19:20 \\fileservername\share\aprogram.exe

And just can't get it working. AT on the same machine works fine, but as soon as \\servername is used, it fails each time. In the event log it says

"The At3.job command failed to start due to the following error:
General access denied error  " - Event ID 7901. All the boxes I'm trying are 2000 and XP.

Thanks
0
Comment
Question by:xassets
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
  • 3
  • +1
18 Comments
 
LVL 4

Author Comment

by:xassets
ID: 8211983
By the way, I've also discovered that this also happens within the same domain/network
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8212005
AT command is local only.

You could use the PSexec command with your local scheduler to accomplish thei: http://www.sysinternals.com/ntw2k/freeware/psexec.shtml
0
 
LVL 4

Author Comment

by:xassets
ID: 8212080
psexec seems to have the same problems. These computers have full rights to each other. In the workgroup example they all have the same administrator password and can do things like access files, remote registry etc.

psexec also has the problem of transmitting administrator passwords in clear text. I'm not sure our clients would like that.

0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 
LVL 9

Expert Comment

by:MSGeek
ID: 8212147
You would need to enable the guest account on both computers and make sure the administrator accounts of all machines were named identically and had the same password.
0
 
LVL 1

Expert Comment

by:nick_s
ID: 8212455
Why don't you use Windows Scheduler instead of AT?

Nick
0
 
LVL 4

Author Comment

by:xassets
ID: 8212991
Nick - Windows Scheduler doesn't seem to allow scheduling on another machine. Do you know different ?

MSGeek - Enabling guest is not an option for our clients. The at script may be fired against hundreds or thousands of secure servers but the source computer would have administrator privelages.

Anyone got any ideas how to run an exe (which doesn't need installation) off lots of computers? The computers don't generally get rebooted, so registry-run and logon scripts is not an option. It seems that all such loopholes have been closed to stop viruses. I've tried things like createobject("wscript.shell", computername) in vbs but no luck.

Thanks


0
 
LVL 4

Author Comment

by:xassets
ID: 8213027
Nick - Windows Scheduler doesn't seem to allow scheduling on another machine. Do you know different ?

MSGeek - Enabling guest is not an option for our clients. The at script may be fired against hundreds or thousands of secure servers but the source computer would have administrator privelages.

Anyone got any ideas how to run an exe (which doesn't need installation) off lots of computers? The computers don't generally get rebooted, so registry-run and logon scripts is not an option. It seems that all such loopholes have been closed to stop viruses. I've tried things like createobject("wscript.shell", computername) in vbs but no luck.

Thanks


0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8213116
Your not going to get around this issue of rights without there being a domain group you can place on the local workstations.  You know this is a rights issue, wisely you do not want to pass claer text passwords.  Unless you can outline a domain structure there is not much I can do to assist.
0
 
LVL 1

Expert Comment

by:nick_s
ID: 8213139
Sorry XAssets, i guess i read through your post to quickly. You cannot schedule remote tasks with Windows Task Scheduler
0
 
LVL 85

Expert Comment

by:oBdA
ID: 8213920
Your problem is the UNC path that you start your program from. The at command runs in the system context which has no network privileges.
There are (at least) two ways around this (since under W2k, the task schedulers refuses to be run under a non system account [Q223170]):

* The most secure would probably be to first copy the program file to the target computers using the win scheduler with domain credentials and then start the program locally using at.exe \\servername 19:20 C:\Temp\aprogram.exe.

* The second way would be to make your share a null session share; check out http://support.microsoft.com/default.aspx?scid=KB;en-us;q124184 about your problem and how to create null session shares.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8213972
oBdA.. great advice, was wondering when you'd find this one, knew it was up your alley.  :)
0
 
LVL 4

Author Comment

by:xassets
ID: 8216496
Thanks. Null session shares seem to require a change on every target machine - not really a good option when theres likely to be thousands of them.

Launching AT from a local server sounds like a good one, but I think the solution may be for the originating process to shell a new process under the administrator credentials. I'm not sure how to do this programmatically, will do some research today.

Another idea I had was...

1. Create an ole server in vb
2. Copy it to the hdd on each machine
3. use remote AT to register it with regsvr32
4. user a remote createobject to open it from the central server, then you have full control over the local box to run a program, shell other stuff, do scheduling, etc

will try this today.

I would also like to hear from anyone who knows how to force processes to run on another machine from a remote machine without any local configuration required.

0
 
LVL 4

Author Comment

by:xassets
ID: 8216730
I have found a way of using WMI to create a process on another machine, which works great. However I still need a solution that will run on Win98 and NT4 computers which don't have WMI installed.

Any ideas?

0
 
LVL 85

Expert Comment

by:oBdA
ID: 8217340
Hi xassets,

Null session shares don't require changes on every target machine; it's the machine that hosts the share that is refusing the connection.
All you need to do is enter the name of the share on the fileserver in it's registry: Use regedt32 to go to HKLM\System\CurrentControlSet\Services\lanmanserver\parameters; edit the REG_MULTI_SZ entry and add the name of the share.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 120 total points
ID: 8217905
The last part of my last sentence would make a bit more sense if I'd mentioned the name of the REG_MULTI_SZ entry, which is, as you may have already guessed, "NullSessionShares".
0
 
LVL 4

Author Comment

by:xassets
ID: 8219149
OK, We're going to offer NullSessionShares but need an alternative as some clients will be put off by anything that implies low security.

We really need the ability to shell a process on another box as administrator, without writing to that box's hard disk or changing the registry.
0
 
LVL 4

Author Comment

by:xassets
ID: 8223964
Got null session shares working only after giving everyone and his dog access to the share, now I must refine permissions to find out the minimum necessary, and will post the result here and give some points out too.
0
 
LVL 4

Author Comment

by:xassets
ID: 8224071
The minimum permissions were to add "ANONYMOUS LOGON" to the security settings for both the share and the directory that is shared.

Thanks

0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question