Solved

psexec giving Access Is Denied error when attempting to run a command on remote system

Posted on 2011-03-05
23
4,042 Views
Last Modified: 2012-05-11
I am PsExecing to a remote computer to launch a batch file named remote_fd_info.cmd.
In that command it runs the following: fcinfo | find "PortWWN" >> test.txt file.
I'm passing the credentials I need on the remote system and therefore I shouldn't get the Access Is Denied error/Exit Error Code 255. I tried the PsExec -s -i switches but got an exit error code = 1.
Can anyone tell me what I'm missing?
Thanks Experts,
Wallace

For /f %%s In (%fcinfo_dir%\servers.txt) Do (%ps_exec% \\%%s  -u %user% -p %pswd% c:\progra~1\fcinfo\remote_fc_info.cmd)

Open in new window

0
Comment
Question by:wally_davis
  • 11
  • 8
  • 4
23 Comments
 
LVL 68

Expert Comment

by:Qlemo
ID: 35044133
Firstly, you should not use the shortened form of folders, because that might be different on different PCs. Use
   "C:\Program Folders\fcinfo\remote_fc_info.cmd"
or even better
   "^%ProgramFiles^%\fcinfo\remote_fc_info.cmd"

Your error message result from either lacking access privileges to the Program Files\fcinfo folder or the cmd file therein (unlikely), or from lacking privileges from executing one of the commands contained in your cmd file. I assume you can run the batch successful when logged in on a machine. Then you should allow for echoing in your cmd, to see where it errors out.
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35046589
If I may ask. Do you have RPC service enabled on the remote computer? This is  a requirement to run  psexec remotely.

You can check your service status by going to run and typing "services.msc" or using psService to check availability on both computers.
0
 

Author Comment

by:wally_davis
ID: 35046865
Since I have access to my current laptop and the Server I am remoting into, I'm not certain why at this point it fails. My suspicion is that somehow my DOS Script will be limited to remote execution privleges that I'm not aware of how to implement at this point.
Instead, I changed up my code to have PsExec execute this line of code:

For /f %%s In (%fcinfo_dir%\servers.txt) Do (%ps_exec% \\%%s -u %user% -p %pswd% "c:\program files\fcinfo\fcinfo.exe | find ""PortWWN"" >> c:\program files\fcinfo\test.txt")

However, I get the error "The filename, directory name, or volume label syntax is incorrect.".
I'm certain the syntax is correct but what I'm not sure of is if PsExec is possibly failing on the piping of an additional command. DOS is strange in its syntax at times and I've not found anything from Sysinternals on whether or not you could execute two commands in a remote DOS Session.
Any ideas on what the failure could be?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 400 total points
ID: 35046900
(1) You need to separate program and arguments
(2) For using pipe and redirection, you need to call cmd.exe first:

For /f %%s In (%fcinfo_dir%\servers.txt) Do %ps_exec% \\%%s -u %user% -p %pswd% cmd /c "c:\program files\fcinfo\fcinfo.exe" ^| find "PortWWN" ">>" "c:\program files\fcinfo\test.txt"
0
 

Author Comment

by:wally_davis
ID: 35046973
Hey Qlemo, I tried your syntax and it failed with the same error plus "cmd exited on SERVER with Error code 1".
I've tried so many Character escapes and sequences I don't know which direction is up or down.
I'll try some other variations. Any other suggestions?
0
 

Author Comment

by:wally_davis
ID: 35047068
Ok, I've changed my code around to call the batch file named remote_fc_info.cmd on the Server.
1. For /f %%s In (%fcinfo_dir%\servers.txt) Do (%ps_exec% \\%%s  -u %user% -p %pswd% cmd /c "%ProgramFiles%\fcinfo\remote_fc_info.cmd")

2. cd \
cd "program files\fcinfo"
:: fcinfo ^| find "PortWWN" ^>^> test.txt
fcinfo ^>^> test.txt
fcinfo (<-- by itself will output the data I need but its useless if I can't append it to a file)

It appears that the problem is appending the data to the test.txt file

I thought PsExec would impersonate and pass your credentials? Any ideas on what is preventing me from appending the data to test.txt?

0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35047099
I'm a little confused by your last post - do you show different ways you called stuff in your command file?

The working folder when executing psexec is system32, where you can't create files on Vista and W7. So if you do not provide the folder together with the text file, or change folders prior to execution, you will get an access denied error. Are you really trying to create the file on the machine you execute fcinfo on? Or do you want to have that file where you start psexec from?

In the batch file you do NOT need to escape anything. You only need if you provide the complete commandline in psexec.

Some difficulties arise with psexec and escaping, but using double quotes overcomes that, AFAIK.
Your usage of using parens around the psexec call adds another difficulty and maybe need to escape again just for that reason, because parens start a new cmd shell. You do not need those parens.

0
 

Author Comment

by:wally_davis
ID: 35048119
well, what I would really like to do is have the output from the FcInfo.exe that is executed on the remote server, sent back to a log file on my laptop where I am running the PsExec utility. But, I've changed my code I don't know how many times tryiing workaround PsExec. I should have probably just built a VBScript instead since it appears there are a lot of limitations in DOS and PsExec.

All I want to do is to get this PsExec command to work. If not, onto VBScript.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35048212
You are overcomplicating things.
(For /f %%s In (%fcinfo_dir%\servers.txt) Do %ps_exec% \\%%s  -u %user% -p %pswd% "^%ProgramFiles^%\fcinfo\fcinfo.exe") 2>nul | find "PortWWN" > test.txt

Open in new window

should do what you need. It executes fcinfo on all servers, collects the output, suppressing psexec related stuff, and processes that on your laptop.
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35048308
I just realized that the code your ate trying to execute is on the remote server and it is telling you the directory is wrong. You are trying to echo to your local drive from the remote executable. This won't work unless you have a share setup or a FTP server to the file back. You should have some kind of folder on the remote computer to store the log file and then either have psexec send a FTP -I:commands.txt(FTP commands in this file) that will upload the file to the FTP server on the local computer with psexec or just use the share address as a echo point instead of a local address(giving access denied).

Share example would look something like this  psexec -u user -p pass cmd.exe /c %ProgramFiles%\fcinfo.exe >> \\local computers ip address\c$\temp\log.txt | find "PortWWN"



Pipe from the remote endpoint to the local pc share creating your desired information.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35048328
Wrong. Redirection is executed locally, before psexec can get a grab on it, so all the share stuff said above is void. That is
(a) The way my psexec scripts work
(b) tested with the above commandline (of course using something different from fcinfo.exe).
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:wally_davis
ID: 35048412
I don't think I'm overcomplicating as much as there are limitations to what the PsExec code does or what I expected it to do.
The code doesn't run whatsoever:
(For /f %%s In (%fcinfo_dir%\servers.txt) Do %ps_exec% \\%%s  -u %user% -p %pswd% "^%ProgramFiles^%\fcinfo\fcinfo.exe") 2>nul | find "PortWWN" > test.txt

Doesn't do anything. No code runs whatsoever.
0
 

Author Comment

by:wally_davis
ID: 35048417
Sorry, my intention is not to be rude and I didn't mean to repeat my same claim twice. I meant to edit the last line.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35048431
Well, I could test anything with exception of fcinfo.exe, with success. So the issue has to be there.
Debugging is easy: remove 2>nul to display psexec messages, remove anything after 2>nul for complete output..

You are right somehow - psexec has several limits, but I don't think any of them apply here.
0
 

Author Comment

by:wally_davis
ID: 35048556
Once I gut this portion of the command out --> 2>nul ^| find "PortWWN" ^> test.txt <--, it outputs the data fine. Here is the output:
There are 4 adapters:
  abc.qwxyz-QLE2462-0: PortWWN: 21:00:00:1b:32:9e:dc:2e
  abc.qwxyz-QLE2462-1: PortWWN: 21:01:00:1b:32:be:dc:2e
  abc.qwxyz-QLE2462-2: PortWWN: 21:00:00:1b:32:9e:73:2d
  abc.qwxyz-QLE2462-3: PortWWN: 21:01:00:1b:32:be:73:2d
So, I'm not sure what to do at this point since psexec is not doing what I need. I'm pondering just kicking that to the curb and using vbscript. I'm about exhausted. I do appreciate your help Qlemo :)
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35048873
Once I gut this portion of the command out --> 2>nul ^| find "PortWWN" ^> test.txt <--,
Do you see the caret before the "greater"? That one is wrong, and not contained in my or your prior posts, so I could not yet detect that. However, FIND should generate an error:
    echo x | find "x" ^>
says "Access Denied" - because FIND tries to access a file with a special character "greater", which is not allowed.
0
 

Author Comment

by:wally_davis
ID: 35049015
Hmmm. Are there any other methods by which I could send the output data to a file either on the remot server of on my local laptop?
0
 
LVL 15

Assisted Solution

by:Russell_Venable
Russell_Venable earned 100 total points
ID: 35056143
@Qlemo, my answer was sound... It executes the command to remote computer with fcinfo he is looking for the fcinfo input not psexec.... I can do a psexec >> c:\file.txt any day. Mine was done remotely...Besides psexec runs a single instance of the command on the thread pool in the remote host using RPC Service. If you pipe on that host you won't have a timing problem or a redirection problem. I use it for remote installations it's
A pretty old trick really. It works on my end.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35056189
All methods require to get local or remote file redirection working - so no real alternatives.
VBS allows for catching output, but I don't know if you can that remote.

But what is the issue? If you correct above, it should run!
0
 

Author Comment

by:wally_davis
ID: 35058406
ok guys, you have both tremendous in helping me understand DOS Syntax and I'm almost home on this one. I ran some commands from the Server natively and this part of the command works when I use Right-Click on the DOS Cmd Shell Icon and select "Run As Admnistrator" and then type in these commands.
- cd \
- cd program files\fcinfo
- c:\program files\fcinfo\fcinfo.exe | find "PortWWN" >> "c:\program files\fcinfo\test.txt"

When I get the command setup on my side it looks like this:
For /f %%s In (%fcinfo_dir%\servers.txt) Do %ps_exec% \\%%s  -u %user% -p %pswd% cmd /c c:\progra~1\fcinfo\fcinfo.exe ^| find ""PortWWN"" ^>^> c:\progra~1\fcinfo\test.txt. BUT, I get the error "Access is denied. CMD exited on SERVER1 with error code 255".

If I removed the cmd /c option then it gives me all of the fcinfo.exe's output options and arguments and then gives me the error "c:\progra~1\fcinfo\fcinfo.exe on SERVER1 with error code 1".

So I have to believe that entire command I gave you above works with the exception that it must require the Administrator account priveleges. What I don't understand is if my account is in a Security Group that is under the Administrators group, it should work. This doesn't make sense.
I pass in my Username and password like this to the script --> Fc_Test.cmd domain/account password. So I'm not even sure why I would require the Run As. Is there a case where I would require the Run As option and do either of you know if you can syntactically pass in the Run As command with the command I have above or am I just plain, lol, screwed?
0
 

Assisted Solution

by:wally_davis
wally_davis earned 0 total points
ID: 35058576
Finally!!!! Got it figured out with your guys help and an article I just read. I read that the -s switch will cause it to run under system account which is the same as running an elevated admin prompt. That solved the problem. I removed the passing in of my credentials and used the -s switch and "Ugghh" I can finally breath a sigh of relief. Here is the final cmd:

For /f %%s In (%fcinfo_dir%\servers.txt) Do %ps_exec% \\%%s -s cmd /c c:\progra~1\fcinfo\fcinfo.exe ^| find "PortWWN" ^>^> c:\progra~1\fcinfo\test.txt
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35058753
Is your operating system windows 7 or is it a earlier edition?
0
 

Author Closing Comment

by:wally_davis
ID: 35135838
Thank you Qlemo for walking me through the process. For you're solution that I chose, for appending the data to a text file, this syntax worked --> ^>^> instead of ">>" . But maybe it depends on the platform you're running the script from so both syntaxes may work. I awarded Russel 100 points for his explanation on how the PsExec process works on the remote server.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
VALIDATING DATES One method of validating dates is to jam the date into the DATE command and see if it accepts it by examining the system's errorlevel value. A non-zero result indicates failure. A typical example might look something like the fol…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now