Solved

WMI - how to set the software installation process visible on a remote computer using WMI

Posted on 2004-03-22
25
13,590 Views
Last Modified: 2009-07-29
Hi,

I am trying to install a 3rd party software (primalscripttrial.exe)  on the remote computer using the local admin previledges. Here is the working code that i have written

***** the connection to WMI is working fine, so I havent mentioned the code for that, because it includes the user credentials.

     patch = "C:\primalscripttrial.exe"
     
strexecute = mid(patch, instrRev((patch), "\")+1)
         

     Set objStartup = objSWbemServices.Get("Win32_ProcessStartup")
     Set objConfig = objStartup.SpawnInstance_
     objConfig.ShowWindow = 5


     Set oprocess = objSWbemServices.Get("Win32_Process")

errReturn = oprocess.Create(Mid(share,1,1) & ":\"& strexecute ,Mid(share,1,1) & ":\"& sTempDir,objConfig,lintprocessID)

 The errReturn returns  a value = 0, so my code works fine.
But when I go and see the desktop of the remote computer, there is no visible installation window shown.But if i open up the task manager, under processes i see the primalscripttrial.exe process running with 0% memory utilization.
I really would like to see the software installation process visible on the remote computer, Does anybody know how to set it up ?

Thanks,
kedar
0
Comment
Question by:godkedar
  • 8
  • 5
  • 4
  • +3
25 Comments
 
LVL 4

Accepted Solution

by:
xassets earned 168 total points
ID: 10652948
Couple of ideas

1. Although you had permission to create the process, the process didn't have permission to the box.
2. I would not expect the process to show because its running in its own session under the system account
3. Theres another way if the boxes are all nt, 2000, xp, 2003...below
4. If your exe was on the network you need to create a null session share and give access to ANONYMOUS_LOGON in order for the system account to have the necessary privelages


at \\computername 10:20 /interactive myprogram myargs

or logon scripts of course, errrr maybe not.

Even with the "at" command, point 2. above might still be true.

Some lateral options might be remote desktop or maybe some kind of remote control software.

There's another way to do GetObject("Win32_Process") which might just move the goalposts enough to get it working.

            Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!" & _
                    "\\" & sComputer & _
                    "\root\cimv2:Win32_Process")

            lError = objWMIService.Create(sEXE & " " & sCommandLine, Null, Null, lProcess)

But this certainly won't be visible on the users screen.

My money would be on number 4 above!
0
 

Author Comment

by:godkedar
ID: 10653102
Hi,

thanks for the quick reply.
I dont need to use ANONYMOUS_LOGON , because i am already using the logon credentials of the local administrator on the remote computer who has all the rights and previledges.

Is there any other setting that i am missing in the code ?

the process is still not visible on the remote computer.All the remote computers are on windows 2000 platform.
0
 
LVL 4

Expert Comment

by:xassets
ID: 10653186
Is it sat there forever or does it end ? Maybe its raised a messagebox and is waiting for user input, but being in a remote session, it can't access the screen.

I'm not that familiar with using WMI to launch visible process on another box, in fact I thought it was impossible. You would need a way to somehow connect to another users session using WMI. On windows 2000 you could have many sessions (TS clients), how would it know which session to connect to ?

Hopefully another expert will come along who knows.
0
 
LVL 49

Assisted Solution

by:DanRollins
DanRollins earned 166 total points
ID: 10653780
Have you seen the example here?
     http://msdn.microsoft.com/library/en-us/wmisdk/wmi/calling_a_provider_method.asp

The CoInitializeSecurity call might be the key.  What values are you using?

Obvious diagnostic:  Try to run Notepade.EXE on the other computrer.
0
 

Author Comment

by:godkedar
ID: 10654901
i am using the VBscript to call WMI and install software on the remote computer. And I dont know how to set CoInitializeSecurity  value in VBscript for the WMI.

Thanks
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 10655156
hmmm... I was looking at the C++ sample by habit.

My guess is it could be related to the ConnectServer and security settings.  Please show that (changing the username and password of course).

Also, trye this:

s= "winmgmts:{impersonationLevel=impersonate}!" & _
                    "\\" & sComputer & _
                    "\root\cimv2:Win32_Process

Set objWMIService = GetObject(s)

and eyeball the string variable s to make sure there isn't an esy-to-spot error in it.

=-=-=-=-=-=-
Did you have nay success starting Notepad.Exe?

-- Dan
0
 
LVL 4

Expert Comment

by:xassets
ID: 10655614
Hi Dan, that example seems to connect to the local machine. I changed it to a remote machine as follows
            Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!" & _
                    "\\" & sComputer & _
                    "\root\cimv2:Win32_Process")
and when I was a domain admin it created calc.exe but it was not visible to the screen, as I said above, wmi creates its own session and I don't know any way to connect to a particular session such as the main screen or a ts client. I would be really interested in finding a way to create processes which are visible to the end user.

However, using AT, I was able to make it appear on the desktop session of the remote machine

at \\computername 07:26 /interactive notepad.exe

0
 
LVL 49

Expert Comment

by:DanRollins
ID: 10655921
In this This google groups thread...
     http://groups.google.com/groups?oe=UTF-8&th=d44fcc24420cd1a2&seekm=euLaw6CmDHA.1072%40TK2MSFTNGP09.phx.gbl

an Ms rep said, in part:
>> The remote process must be non-interactive and cannot access remote
resoyrces (like UNC paths)...

In this thd, the posters bemoan that this was a result of installing SP3

    http://groups.google.com/groups?oe=UTF-8&threadm=eKmnn%23gdCHA.1652%40tkmsftngp09&rnum=7

more confirmation:
     http://groups.google.com/groups?oe=UTF-8&threadm=eXmuSvUPBHA.1600%40tkmsftngp03&rnum=11

My search was:
     http://groups.google.com/groups?q=impersonationLevel+interactive+remote

Ergo, the answer is:  It is failing because it can't be done via WMI.

-- Dan
0
 
LVL 4

Expert Comment

by:xassets
ID: 10655980
I think it may be possible outside of / with the assistance of wmi.

Given that you can run a process on that machine, albeit invisible cos its in another session, means you have control of the machines cpu

There must be a windows api way of connecting to the existing users session from that wmi process. Otherwise how does xp remote assistance work ? Theres a "Remote Assistance Automation Framework" which would allow the development of remote desktop type apps. Maybe theres something in there which allows the launching of the process. Sadly the documentation looks a bit thin and I think the development effort may not justify the askers needs.

0
 
LVL 4

Expert Comment

by:xassets
ID: 10655991
Just trying to find out the background..

..if the process is going to be visible to the end user, you'd really want the user to invoke it. You don't want some patch management application jump out at you when you're in the middle of banging in some accounting report in excel.

So why not just get the user to launch the process ?

Theres other solutions, you could knock up a system tray vb program which is an activex exe which can be CreateObject 'ed from the remote console. That can shell the app in the users process. You could easily deploy that through WMI as discussed by adding it to the "Run" registry key/

0
 

Author Comment

by:godkedar
ID: 10657983
Hello All,

Thanks for the information, and the confirmation that the process can not be launched as a visible one on the Remote laptop.
Just as a followup of the last comment added by xassets.

""""Theres other solutions, you could knock up a system tray vb program which is an activex exe which can be CreateObject 'ed from the remote console. That can shell the app in the users process. You could easily deploy that through WMI as discussed by adding it to the "Run" registry key/""""

How do i do this ? Do u have a snippet of code for this ?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 10

Expert Comment

by:Kavar
ID: 10658036
primalscripttrial REQUIRES a graphical window (I use the licensed ver and it rocks)

You will only be able to do what you are doing if a user is logged in during the time when you run the remote install
0
 

Author Comment

by:godkedar
ID: 10658062
User is logged in ..still the same problems
0
 
LVL 4

Expert Comment

by:xassets
ID: 10658153
Hi godkedar, I reckon you'd need a vb6 programmer, but here goes.

Create a vb project of type "Active X EXE" , lets say its called "Launcher"
Add a module and In Sub Main call the Windows API functions to make it sit in the system tray (or don't bother, just leave it as a windowless app)
Add a class called Invoke and give it a method such as RunProg, make the class publicly creatable
Program the RunProg method to take a command line argument
Public Sub Execute(sCommand as string)
    Shell sCommand
End Sub
Compile this and set it running on a test machine (which would be a client), and register it on your central machine

Write another VB program with the code

set obj=createobject("Launcher.Invoke", sComputerName)
obj.Execute "primalscriptthingy /options"

Write yet another VB program to deploy onto machines
(a) copy the exe (you could keep it on a share instead)
(b) Set a remote registry key to run your VB ActiveX EXE (the HKLM/Software/MS../W../Run)
(c) Once the machine has rebooted, your exe should be resident

Really this is all out of my head and you'll probably need to debug etc to get it working

Whats wrong with the "AT" command in my previous comment, with /interactive ? That will work I reckon and you don't get all this programming grief.

0
 
LVL 4

Expert Comment

by:xassets
ID: 10658227
Hey before you go any further - would the remote launcher thing at sysinternals.com do the job ?

It sounds like a good alternative to WMI for launching stuff, but I've never used it and don't know if it can hook into the users session.

Kavar / Dan can you remember what its called?
0
 
LVL 10

Assisted Solution

by:Kavar
Kavar earned 166 total points
ID: 10660208
no, I don't,  but try this

'****************Begin Script***************
CHECKSUM=123412

Dim UserName
Dim Password
Dim ServerFile
Dim WorkStationName
Dim Command
Dim ClientWindowsDir
Dim ClientScriptText
Dim ExeFile
Dim ExeSource

UserName="Your Domain\Your Username"
'i.e. "Spaceport\SpaceManSpiff"
WorkStationName="The Target Of your attack"
'i mean the machine you are remote executing on
ExeFile="The remote executable name"
'ie PrimalScriptTrial.exe
Password="Your Password"
'i.e. If you need an example of this, better not run this script

On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
Set objRegProv = GetObject("winmgmts:!\\" & WorkStationName & "\root\default:StdRegProv")
strKefPath="SOFTWARE\Microsoft\Windows NT\CurrentVersion"
objRegProv.GetStringValue HKEY_LOCAL_MACHINE,strKefPath,CStr("PathName"),ClientWindowsDir
If ClientWindowsDir="" Then
      WScript.Echo "Could not Find Client Windows Directory, Cannot Continue"
      WScript.quit
End If
'quit if a error occured
IfErrOut("Accessing Remote Registry")

'create clientSideScript
Set fso=CreateObject("Scripting.Filesystemobject")
ClientScriptText="set wsh=createObject(" & Chr(34) & "wscript.shell" & Chr(34) & ")|wsh.run " & chr(34) & "c:\" & ExeFile & chr(34)  & "|"
set RemoteScript=fso.createtextfile("\\" & WorkStationName & "\c$\runit.vbs")
RemoteScript.write Replace(ClientScriptText,"|",vbcrlf)
RemeteScript.close
IfErrOut("Writing RemoteScript")

'copy any source files necessary
call fso.copyFile(ExeSource,"\\" & WorkStationName & "\c$\" & ExeFile)
IfErrOut("Copying Necessary Files")

Command=ClientWindowsDir & "\system32\cscript.exe c:\runit.vbs"
Result=RunScript(WorkStationName,Command,UserName,Password)
IfErrOut("Running Script Remotely")

FSO.DeleteFile("\\" & WorkStationName & "c$\" & ExeFile)
FSO.DeleteFile("\\" & WorkStationName & "c$\runit.vbs")
IfErrOut("Cleaning Up Temp Files")

Function RunScript(sServer,nCommand,nUsername,nPassword)
      On Error Resume Next
      Set Service = ConnectServer(sServer,nUsername,npassword)
      Set Proc= Service.Get("Win32_Process")
      Dim PID
      result=Proc.create(nCommand,Null,Null,Pid)

Select Case result
      Case 0
            Message="Successful completion "
      Case 2
            Message="Access denied"
      Case 3
            Message="Insufficient privilege"
      Case 8
            Message="Not enough storage is available to process this command"
      Case 9
            Message="Path not found"
      Case 21
            Message="Invalid parameter"
      Case else
            Message="Unknown error"
End Select
RunScript=Message
End Function

Function ConnectServer(sServer,sUser,sPassword)
On Error Resume next
  Set objLocator = CreateObject("WbemScripting.SWbemLocator")
  'Connect to the namespace which is either local or remote
  Set objService = objLocator.ConnectServer (sServer,"root\cimv2", sUser, sPassword)
  'ObjService.Security_.impersonationlevel = 3
 
  Select Case Err.Number
      Case -2147024891
            WScript.Echo "Access is Denied"
            Err.clear
            RunScript=-2
            Exit Function      
      Case -2147217405
            WScript.Echo "Insufficient Privileges on " & Server
            Err.Clear
            RunScript=-2
            Exit Function
      Case -2147217394
            WScript.Echo "Invalid Namespace"
            Err.clear
            RunScript=-1
            Exit function
      Case 0
            Set ConnectServer=objService
      Case Else
            WScript.Echo Err.Number & ":" & Err.Description
            wscript.echo sServer & sUser & sPassword
End Select

End Function
 

Function IfErrOut(WhatText)
If Err.Number Then
      WScript.echo WhatText & Vbcrlf & "Err: " & Err.Number & ":" & Err.Description
      WScript.quit
End If
End Function
'******************End Script*******************
0
 
LVL 4

Expert Comment

by:xassets
ID: 10661248
Its called psexec, came to me as soon as I opened a beer.

The above looks good, but how will it connect to the desktop session ?
0
 
LVL 10

Expert Comment

by:Kavar
ID: 10661291
I am not sure why, but I thought I would give it a try, when I did this here (using primalscripttrial30.exe) it worked.... I guess cscript/wscript is able to grab a interactive session if one is open ... (a user still needs to be logged in)
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 10827727
recommendation:  A 3-way split xassets, Kavar, and DanRollins
0
 
LVL 8

Expert Comment

by:plq
ID: 10827794
the xassets account is no longer used.
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 10828171
That does not exclude xassets from getting points if he earned them :)
0
 
LVL 20

Expert Comment

by:Venabili
ID: 10831139
>>the xassets account is no longer used.

He had used it when he had made these comments here :) So he can get the points if he had answered.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Displaying an arrayList in a listView using the default adapter is rarely the best solution. To get full control of your display data, and to be able to refresh it after editing, requires the use of a custom adapter.
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now