WMI - how to set the software installation process visible on a remote computer using WMI


I am trying to install a 3rd party software (primalscripttrial.exe)  on the remote computer using the local admin previledges. Here is the working code that i have written

***** the connection to WMI is working fine, so I havent mentioned the code for that, because it includes the user credentials.

     patch = "C:\primalscripttrial.exe"
strexecute = mid(patch, instrRev((patch), "\")+1)

     Set objStartup = objSWbemServices.Get("Win32_ProcessStartup")
     Set objConfig = objStartup.SpawnInstance_
     objConfig.ShowWindow = 5

     Set oprocess = objSWbemServices.Get("Win32_Process")

errReturn = oprocess.Create(Mid(share,1,1) & ":\"& strexecute ,Mid(share,1,1) & ":\"& sTempDir,objConfig,lintprocessID)

 The errReturn returns  a value = 0, so my code works fine.
But when I go and see the desktop of the remote computer, there is no visible installation window shown.But if i open up the task manager, under processes i see the primalscripttrial.exe process running with 0% memory utilization.
I really would like to see the software installation process visible on the remote computer, Does anybody know how to set it up ?

Who is Participating?
xassetsConnect With a Mentor Commented:
Couple of ideas

1. Although you had permission to create the process, the process didn't have permission to the box.
2. I would not expect the process to show because its running in its own session under the system account
3. Theres another way if the boxes are all nt, 2000, xp, 2003...below
4. If your exe was on the network you need to create a null session share and give access to ANONYMOUS_LOGON in order for the system account to have the necessary privelages

at \\computername 10:20 /interactive myprogram myargs

or logon scripts of course, errrr maybe not.

Even with the "at" command, point 2. above might still be true.

Some lateral options might be remote desktop or maybe some kind of remote control software.

There's another way to do GetObject("Win32_Process") which might just move the goalposts enough to get it working.

            Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!" & _
                    "\\" & sComputer & _

            lError = objWMIService.Create(sEXE & " " & sCommandLine, Null, Null, lProcess)

But this certainly won't be visible on the users screen.

My money would be on number 4 above!
godkedarAuthor Commented:

thanks for the quick reply.
I dont need to use ANONYMOUS_LOGON , because i am already using the logon credentials of the local administrator on the remote computer who has all the rights and previledges.

Is there any other setting that i am missing in the code ?

the process is still not visible on the remote computer.All the remote computers are on windows 2000 platform.
Is it sat there forever or does it end ? Maybe its raised a messagebox and is waiting for user input, but being in a remote session, it can't access the screen.

I'm not that familiar with using WMI to launch visible process on another box, in fact I thought it was impossible. You would need a way to somehow connect to another users session using WMI. On windows 2000 you could have many sessions (TS clients), how would it know which session to connect to ?

Hopefully another expert will come along who knows.
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

DanRollinsConnect With a Mentor Commented:
Have you seen the example here?

The CoInitializeSecurity call might be the key.  What values are you using?

Obvious diagnostic:  Try to run Notepade.EXE on the other computrer.
godkedarAuthor Commented:
i am using the VBscript to call WMI and install software on the remote computer. And I dont know how to set CoInitializeSecurity  value in VBscript for the WMI.

hmmm... I was looking at the C++ sample by habit.

My guess is it could be related to the ConnectServer and security settings.  Please show that (changing the username and password of course).

Also, trye this:

s= "winmgmts:{impersonationLevel=impersonate}!" & _
                    "\\" & sComputer & _

Set objWMIService = GetObject(s)

and eyeball the string variable s to make sure there isn't an esy-to-spot error in it.

Did you have nay success starting Notepad.Exe?

-- Dan
Hi Dan, that example seems to connect to the local machine. I changed it to a remote machine as follows
            Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!" & _
                    "\\" & sComputer & _
and when I was a domain admin it created calc.exe but it was not visible to the screen, as I said above, wmi creates its own session and I don't know any way to connect to a particular session such as the main screen or a ts client. I would be really interested in finding a way to create processes which are visible to the end user.

However, using AT, I was able to make it appear on the desktop session of the remote machine

at \\computername 07:26 /interactive notepad.exe

In this This google groups thread...

an Ms rep said, in part:
>> The remote process must be non-interactive and cannot access remote
resoyrces (like UNC paths)...

In this thd, the posters bemoan that this was a result of installing SP3


more confirmation:

My search was:

Ergo, the answer is:  It is failing because it can't be done via WMI.

-- Dan
I think it may be possible outside of / with the assistance of wmi.

Given that you can run a process on that machine, albeit invisible cos its in another session, means you have control of the machines cpu

There must be a windows api way of connecting to the existing users session from that wmi process. Otherwise how does xp remote assistance work ? Theres a "Remote Assistance Automation Framework" which would allow the development of remote desktop type apps. Maybe theres something in there which allows the launching of the process. Sadly the documentation looks a bit thin and I think the development effort may not justify the askers needs.

Just trying to find out the background..

..if the process is going to be visible to the end user, you'd really want the user to invoke it. You don't want some patch management application jump out at you when you're in the middle of banging in some accounting report in excel.

So why not just get the user to launch the process ?

Theres other solutions, you could knock up a system tray vb program which is an activex exe which can be CreateObject 'ed from the remote console. That can shell the app in the users process. You could easily deploy that through WMI as discussed by adding it to the "Run" registry key/

godkedarAuthor Commented:
Hello All,

Thanks for the information, and the confirmation that the process can not be launched as a visible one on the Remote laptop.
Just as a followup of the last comment added by xassets.

""""Theres other solutions, you could knock up a system tray vb program which is an activex exe which can be CreateObject 'ed from the remote console. That can shell the app in the users process. You could easily deploy that through WMI as discussed by adding it to the "Run" registry key/""""

How do i do this ? Do u have a snippet of code for this ?
primalscripttrial REQUIRES a graphical window (I use the licensed ver and it rocks)

You will only be able to do what you are doing if a user is logged in during the time when you run the remote install
godkedarAuthor Commented:
User is logged in ..still the same problems
Hi godkedar, I reckon you'd need a vb6 programmer, but here goes.

Create a vb project of type "Active X EXE" , lets say its called "Launcher"
Add a module and In Sub Main call the Windows API functions to make it sit in the system tray (or don't bother, just leave it as a windowless app)
Add a class called Invoke and give it a method such as RunProg, make the class publicly creatable
Program the RunProg method to take a command line argument
Public Sub Execute(sCommand as string)
    Shell sCommand
End Sub
Compile this and set it running on a test machine (which would be a client), and register it on your central machine

Write another VB program with the code

set obj=createobject("Launcher.Invoke", sComputerName)
obj.Execute "primalscriptthingy /options"

Write yet another VB program to deploy onto machines
(a) copy the exe (you could keep it on a share instead)
(b) Set a remote registry key to run your VB ActiveX EXE (the HKLM/Software/MS../W../Run)
(c) Once the machine has rebooted, your exe should be resident

Really this is all out of my head and you'll probably need to debug etc to get it working

Whats wrong with the "AT" command in my previous comment, with /interactive ? That will work I reckon and you don't get all this programming grief.

Hey before you go any further - would the remote launcher thing at sysinternals.com do the job ?

It sounds like a good alternative to WMI for launching stuff, but I've never used it and don't know if it can hook into the users session.

Kavar / Dan can you remember what its called?
KavarConnect With a Mentor Commented:
no, I don't,  but try this

'****************Begin Script***************

Dim UserName
Dim Password
Dim ServerFile
Dim WorkStationName
Dim Command
Dim ClientWindowsDir
Dim ClientScriptText
Dim ExeFile
Dim ExeSource

UserName="Your Domain\Your Username"
'i.e. "Spaceport\SpaceManSpiff"
WorkStationName="The Target Of your attack"
'i mean the machine you are remote executing on
ExeFile="The remote executable name"
'ie PrimalScriptTrial.exe
Password="Your Password"
'i.e. If you need an example of this, better not run this script

On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
Set objRegProv = GetObject("winmgmts:!\\" & WorkStationName & "\root\default:StdRegProv")
strKefPath="SOFTWARE\Microsoft\Windows NT\CurrentVersion"
objRegProv.GetStringValue HKEY_LOCAL_MACHINE,strKefPath,CStr("PathName"),ClientWindowsDir
If ClientWindowsDir="" Then
      WScript.Echo "Could not Find Client Windows Directory, Cannot Continue"
End If
'quit if a error occured
IfErrOut("Accessing Remote Registry")

'create clientSideScript
Set fso=CreateObject("Scripting.Filesystemobject")
ClientScriptText="set wsh=createObject(" & Chr(34) & "wscript.shell" & Chr(34) & ")|wsh.run " & chr(34) & "c:\" & ExeFile & chr(34)  & "|"
set RemoteScript=fso.createtextfile("\\" & WorkStationName & "\c$\runit.vbs")
RemoteScript.write Replace(ClientScriptText,"|",vbcrlf)
IfErrOut("Writing RemoteScript")

'copy any source files necessary
call fso.copyFile(ExeSource,"\\" & WorkStationName & "\c$\" & ExeFile)
IfErrOut("Copying Necessary Files")

Command=ClientWindowsDir & "\system32\cscript.exe c:\runit.vbs"
IfErrOut("Running Script Remotely")

FSO.DeleteFile("\\" & WorkStationName & "c$\" & ExeFile)
FSO.DeleteFile("\\" & WorkStationName & "c$\runit.vbs")
IfErrOut("Cleaning Up Temp Files")

Function RunScript(sServer,nCommand,nUsername,nPassword)
      On Error Resume Next
      Set Service = ConnectServer(sServer,nUsername,npassword)
      Set Proc= Service.Get("Win32_Process")
      Dim PID

Select Case result
      Case 0
            Message="Successful completion "
      Case 2
            Message="Access denied"
      Case 3
            Message="Insufficient privilege"
      Case 8
            Message="Not enough storage is available to process this command"
      Case 9
            Message="Path not found"
      Case 21
            Message="Invalid parameter"
      Case else
            Message="Unknown error"
End Select
End Function

Function ConnectServer(sServer,sUser,sPassword)
On Error Resume next
  Set objLocator = CreateObject("WbemScripting.SWbemLocator")
  'Connect to the namespace which is either local or remote
  Set objService = objLocator.ConnectServer (sServer,"root\cimv2", sUser, sPassword)
  'ObjService.Security_.impersonationlevel = 3
  Select Case Err.Number
      Case -2147024891
            WScript.Echo "Access is Denied"
            Exit Function      
      Case -2147217405
            WScript.Echo "Insufficient Privileges on " & Server
            Exit Function
      Case -2147217394
            WScript.Echo "Invalid Namespace"
            Exit function
      Case 0
            Set ConnectServer=objService
      Case Else
            WScript.Echo Err.Number & ":" & Err.Description
            wscript.echo sServer & sUser & sPassword
End Select

End Function

Function IfErrOut(WhatText)
If Err.Number Then
      WScript.echo WhatText & Vbcrlf & "Err: " & Err.Number & ":" & Err.Description
End If
End Function
'******************End Script*******************
Its called psexec, came to me as soon as I opened a beer.

The above looks good, but how will it connect to the desktop session ?
I am not sure why, but I thought I would give it a try, when I did this here (using primalscripttrial30.exe) it worked.... I guess cscript/wscript is able to grab a interactive session if one is open ... (a user still needs to be logged in)
recommendation:  A 3-way split xassets, Kavar, and DanRollins
the xassets account is no longer used.
That does not exclude xassets from getting points if he earned them :)
>>the xassets account is no longer used.

He had used it when he had made these comments here :) So he can get the points if he had answered.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.