AT command using computername

Try to schedule AT across different workgroups and domains, using

AT \\servername 19:20 \\fileservername\share\aprogram.exe

And just can't get it working. AT on the same machine works fine, but as soon as \\servername is used, it fails each time. In the event log it says

"The At3.job command failed to start due to the following error:
General access denied error  " - Event ID 7901. All the boxes I'm trying are 2000 and XP.

Thanks
LVL 4
xassetsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

xassetsAuthor Commented:
By the way, I've also discovered that this also happens within the same domain/network
0
MSGeekCommented:
AT command is local only.

You could use the PSexec command with your local scheduler to accomplish thei: http://www.sysinternals.com/ntw2k/freeware/psexec.shtml
0
xassetsAuthor Commented:
psexec seems to have the same problems. These computers have full rights to each other. In the workgroup example they all have the same administrator password and can do things like access files, remote registry etc.

psexec also has the problem of transmitting administrator passwords in clear text. I'm not sure our clients would like that.

0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

MSGeekCommented:
You would need to enable the guest account on both computers and make sure the administrator accounts of all machines were named identically and had the same password.
0
nick_sCommented:
Why don't you use Windows Scheduler instead of AT?

Nick
0
xassetsAuthor Commented:
Nick - Windows Scheduler doesn't seem to allow scheduling on another machine. Do you know different ?

MSGeek - Enabling guest is not an option for our clients. The at script may be fired against hundreds or thousands of secure servers but the source computer would have administrator privelages.

Anyone got any ideas how to run an exe (which doesn't need installation) off lots of computers? The computers don't generally get rebooted, so registry-run and logon scripts is not an option. It seems that all such loopholes have been closed to stop viruses. I've tried things like createobject("wscript.shell", computername) in vbs but no luck.

Thanks


0
xassetsAuthor Commented:
Nick - Windows Scheduler doesn't seem to allow scheduling on another machine. Do you know different ?

MSGeek - Enabling guest is not an option for our clients. The at script may be fired against hundreds or thousands of secure servers but the source computer would have administrator privelages.

Anyone got any ideas how to run an exe (which doesn't need installation) off lots of computers? The computers don't generally get rebooted, so registry-run and logon scripts is not an option. It seems that all such loopholes have been closed to stop viruses. I've tried things like createobject("wscript.shell", computername) in vbs but no luck.

Thanks


0
MSGeekCommented:
Your not going to get around this issue of rights without there being a domain group you can place on the local workstations.  You know this is a rights issue, wisely you do not want to pass claer text passwords.  Unless you can outline a domain structure there is not much I can do to assist.
0
nick_sCommented:
Sorry XAssets, i guess i read through your post to quickly. You cannot schedule remote tasks with Windows Task Scheduler
0
oBdACommented:
Your problem is the UNC path that you start your program from. The at command runs in the system context which has no network privileges.
There are (at least) two ways around this (since under W2k, the task schedulers refuses to be run under a non system account [Q223170]):

* The most secure would probably be to first copy the program file to the target computers using the win scheduler with domain credentials and then start the program locally using at.exe \\servername 19:20 C:\Temp\aprogram.exe.

* The second way would be to make your share a null session share; check out http://support.microsoft.com/default.aspx?scid=KB;en-us;q124184 about your problem and how to create null session shares.
0
MSGeekCommented:
oBdA.. great advice, was wondering when you'd find this one, knew it was up your alley.  :)
0
xassetsAuthor Commented:
Thanks. Null session shares seem to require a change on every target machine - not really a good option when theres likely to be thousands of them.

Launching AT from a local server sounds like a good one, but I think the solution may be for the originating process to shell a new process under the administrator credentials. I'm not sure how to do this programmatically, will do some research today.

Another idea I had was...

1. Create an ole server in vb
2. Copy it to the hdd on each machine
3. use remote AT to register it with regsvr32
4. user a remote createobject to open it from the central server, then you have full control over the local box to run a program, shell other stuff, do scheduling, etc

will try this today.

I would also like to hear from anyone who knows how to force processes to run on another machine from a remote machine without any local configuration required.

0
xassetsAuthor Commented:
I have found a way of using WMI to create a process on another machine, which works great. However I still need a solution that will run on Win98 and NT4 computers which don't have WMI installed.

Any ideas?

0
oBdACommented:
Hi xassets,

Null session shares don't require changes on every target machine; it's the machine that hosts the share that is refusing the connection.
All you need to do is enter the name of the share on the fileserver in it's registry: Use regedt32 to go to HKLM\System\CurrentControlSet\Services\lanmanserver\parameters; edit the REG_MULTI_SZ entry and add the name of the share.
0
oBdACommented:
The last part of my last sentence would make a bit more sense if I'd mentioned the name of the REG_MULTI_SZ entry, which is, as you may have already guessed, "NullSessionShares".
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
xassetsAuthor Commented:
OK, We're going to offer NullSessionShares but need an alternative as some clients will be put off by anything that implies low security.

We really need the ability to shell a process on another box as administrator, without writing to that box's hard disk or changing the registry.
0
xassetsAuthor Commented:
Got null session shares working only after giving everyone and his dog access to the share, now I must refine permissions to find out the minimum necessary, and will post the result here and give some points out too.
0
xassetsAuthor Commented:
The minimum permissions were to add "ANONYMOUS LOGON" to the security settings for both the share and the directory that is shared.

Thanks

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.